Solved Malware enables Proxy

Status
Not open for further replies.
Got a file not found pop up for csrss.exe after rebooting following the Malwarebytes scan. Posting the various logs from the 8-step thread.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5254

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

06/12/2010 6:42:16 AM
mbam-log-2010-12-06 (06-42-16).txt

Scan type: Quick scan
Objects scanned: 165330
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
c:\documents and settings\admin\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 2988 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Spyware.Passwords.XGen) -> Value: svchost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\admin\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\admin\application data\microsoft\svchost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\admin\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\admin\local settings\Temp\csrss.exe (Trojan.Agent) -> Delete on reboot.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-06 06:55:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.PS11
Running: z34qoytk.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\uwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA227ECF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA227EBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA227F160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA227F08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA227E782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA227EC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA227E6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA227E726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA227EDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA227F22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA227ED66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA227EEE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA228BBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA228B9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA228BB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A228BB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A228B9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A22875D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A2288FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A228BBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? fhdql.sys The system cannot find the file specified. !
.vmp2 C:\WINDOWS\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9A9F269D]

---- User code sections - GMER 1.0.15 ----

.text D:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat 97907D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----
 
--- Attach.txt ---

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16/09/2010 3:58:48 PM
System Uptime: 06/12/2010 6:43:59 AM (1 hours ago)

Motherboard: LENOVO | |
Processor: Intel Pentium III Xeon processor | None | 2394/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 57 GiB total, 26.551 GiB free.
D: is FIXED (NTFS) - 170 GiB total, 143.982 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {5B31D1B0-17B6-4917-A896-338F5E9BE07B}
Description: ThinkPad Docking USB Host Controller - 2939
Device ID: PCI\VEN_8086&DEV_2939&SUBSYS_20F017AA&REV_03\3&B1BFB68&0&D2
Manufacturer: Lenovo
Name: ThinkPad Docking USB Host Controller - 2939
PNP Device ID: PCI\VEN_8086&DEV_2939&SUBSYS_20F017AA&REV_03\3&B1BFB68&0&D2
Service: usbuhci

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


Access Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AT&T Service Activation
avast! Free Antivirus
BitTorrent
Client Security - Password Manager
Conexant HD Audio
Core FTP LE 2.1
Disciples III
Drag-to-Disc
EMS SQL Manager 2010 for SQL Server
eReg
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970685)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Intel® Active Management Technology
Intel® Trusted Platform Module
InterVideo Register Manager
InterVideo WinDVD
Java(TM) 6 Update 14
Junk Mail filter update
Lenovo System Interface Driver
Lenovo System Toolbox
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Choice Guard
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86)
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Web Developer 2010 Express - ENU
Mobile Broadband Connect
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
On Screen Display
Online Data Backup
Opera 10.63
Presentation Director
Productivity Center Supplement for ThinkPad
ProtectDisc Driver, Version 11
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
RICOH R5U230 Media Driver ver.2.02.02.01
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
SQL Server 2008 R2 BI Development Studio
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
SQL Server 2008 R2 Full text search
SQL Server 2008 R2 Management Studio
SQL Server 2008 R2 Reporting Services
Sql Server Customer Experience Improvement Program
System Update
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software
ThinkVantage Productivity Center
Uninstall AdeptSQL Diff
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
Verizon Wireless Mobile Broadband Self Activation
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Wakfu
Wallpapers
Web Deployment Tool
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format Runtime
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XP Themes

==== Event Viewer Messages From Past Week ========

29/11/2010 1:28:38 AM, error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
06/12/2010 6:44:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Pcmcia
06/12/2010 6:32:30 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 89593020, parameter3 89593194, parameter4 8060577e.
06/12/2010 6:14:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD ANC aswSP aswTdi Fips IBMTPCHK intelppm IPSec lenovo.smi MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6 TPHKDRV TPPWRIF TSMAPIP
06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
06/12/2010 6:14:28 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
06/12/2010 6:13:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
06/12/2010 6:13:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
06/12/2010 6:06:46 AM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:46 AM, error: Service Control Manager [7034] - The Power Manager DBC Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:46 AM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology User Notification Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:46 AM, error: Service Control Manager [7031] - The Access Connections Main Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
06/12/2010 6:06:45 AM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:45 AM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:44 AM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:44 AM, error: Service Control Manager [7034] - The ThinkPad HDD APS Logging Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The Simple TCP/IP Services service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:43 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:42 AM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology Local Management Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The World Wide Web Publishing service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The Lenovo Microphone Mute service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:41 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:41 AM, error: Service Control Manager [7031] - The IIS Admin service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program.
06/12/2010 6:06:40 AM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:40 AM, error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:40 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
06/12/2010 6:06:40 AM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/12/2010 9:42:41 PM, error: SideBySide [59] - Generate Activation Context failed for D:\Program Files\Deep Silver\Sacred 2 - Gold\system\s2gs.exe. Reference error message: The operation completed successfully. .
05/12/2010 9:23:56 PM, error: SideBySide [59] - Generate Activation Context failed for D:\Program Files\Deep Silver\Sacred 2 - Gold\system\s2render.dll. Reference error message: The operation completed successfully. .
05/12/2010 9:19:47 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
05/12/2010 9:19:47 PM, error: SideBySide [59] - Generate Activation Context failed for D:\Program Files\Deep Silver\Sacred 2 - Gold\system\sacred2.exe. Reference error message: The operation completed successfully. .
05/12/2010 9:19:47 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
05/12/2010 12:49:06 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3 00000000, parameter4 8050c653.

==== End Of File ===========================

--- dds.txt ---

DDS (Ver_10-12-05.01) - NTFSx86
Run by admin at 7:01:31.12 on 06/12/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2358 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:49758
uWindows: Load=c:\docume~1\admin\locals~1\temp\csrss.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "d:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289871982729
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {8D2A77B2-899C-40C2-A2DA-6D120A92C1AE} = 169.254.11.203
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - d:\program files\coreftp\pftpns.dll
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
LSA: Notification Packages = scecli ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-19 165584]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-10-23 13480]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-19 17744]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-11-19 40384]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-11-15 10448]
R2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-9-16 53248]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-9-16 2058776]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-9-16 243856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
S3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-11-19 40384]
S3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-11-19 40384]
S3 MSSQL$SECTOR70;SQL Server (SECTOR70);d:\sector70\mssql10_50.sector70\mssql\binn\sqlservr.exe [2010-4-3 42884448]
S3 MSSQLFDLauncher$SECTOR70;SQL Full-text Filter Daemon Launcher (SECTOR70);d:\sector70\mssql10_50.sector70\mssql\binn\fdlauncher.exe [2010-4-3 28512]
S3 ReportServer$SECTOR70;SQL Server Reporting Services (SECTOR70);d:\sector70\msrs10_50.sector70\reporting services\reportserver\bin\ReportingServicesService.exe [2010-4-3 1177952]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SECTOR70;SQL Server Agent (SECTOR70);d:\sector70\mssql10_50.sector70\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]

=============== Created Last 30 ================

2010-12-06 11:36:32 -------- d-----w- c:\docume~1\admin\applic~1\Malwarebytes
2010-12-06 11:36:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 11:36:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-06 11:36:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 11:36:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 06:19:49 138752 ----a-w- c:\docume~1\admin\applic~1\dwm.exe
2010-12-06 01:53:29 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-06 01:53:29 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-06 01:53:29 -------- d-----w- c:\windows\Logs
2010-11-28 01:32:53 -------- d-----w- c:\documents and settings\admin\save
2010-11-27 05:47:55 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2010-11-27 05:47:40 -------- d-----w- c:\docume~1\admin\applic~1\ProtectDISC
2010-11-24 02:51:28 -------- d-----w- c:\program files\BitTorrent
2010-11-24 02:50:46 -------- d-----w- c:\docume~1\admin\applic~1\BitTorrent
2010-11-19 21:24:30 -------- d-----w- c:\windows\system32\appmgmt
2010-11-19 18:18:58 38848 ----a-w- c:\windows\avastSS.scr
2010-11-19 18:18:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-17 05:14:57 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-17 05:14:57 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-16 20:42:35 -------- d-----w- c:\docume~1\admin\applic~1\Microsoft Corporation
2010-11-16 18:12:33 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-11-16 18:12:28 -------- d-----w- c:\program files\IIS
2010-11-16 18:12:22 617152 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vwdexpress\10.0\1033\ResourceCache.dll
2010-11-16 18:08:36 226688 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vbexpress\10.0\1033\ResourceCache.dll
2010-11-16 18:06:25 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-11-16 18:06:25 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-11-16 15:10:02 57410 ----a-w- c:\windows\system32\axscphst.DLL
2010-11-16 15:10:01 528960 ----a-w- c:\windows\system32\dtspump.DLL
2010-11-16 15:10:00 1905216 ----a-w- c:\windows\system32\dtspkg.DLL
2010-11-16 15:09:59 65536 ----a-w- c:\windows\system32\custtask.RLL
2010-11-16 15:09:59 315968 ----a-w- c:\windows\system32\custtask.DLL
2010-11-16 15:09:59 29248 ----a-w- c:\windows\system32\sqlresld.DLL
2010-11-16 15:09:59 119360 ----a-w- c:\windows\system32\dtsffile.DLL
2010-11-16 15:09:59 -------- d-----w- c:\windows\system32\Resources
2010-11-16 15:01:27 47968 ----a-w- c:\windows\system32\perf-ReportServer$SECTOR70-rsctr.dll
2010-11-16 15:01:24 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.SECTOR70-sqlagtctr.dll
2010-11-16 15:01:11 73568 ----a-w- c:\windows\system32\perf-MSSQL$SECTOR70-sqlctr10.50.1600.1.dll
2010-11-16 04:45:32 -------- d-----w- c:\docume~1\admin\applic~1\Avaya
2010-11-16 03:47:24 -------- d-----w- c:\docume~1\admin\applic~1\CoreFTP
2010-11-16 03:46:19 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Microsoft_Corporation
2010-11-16 03:38:36 438496 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll
2010-11-16 03:38:30 438496 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll
2010-11-16 03:36:48 -------- d-----w- c:\windows\system32\RsFx
2010-11-16 03:33:04 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-16 03:31:31 20128 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vsa\9.0\1033\ResourceCache.dll
2010-11-16 03:31:29 139872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\visualstudio\9.0\1033\ResourceCache.dll
2010-11-16 03:29:26 -------- d-----w- c:\program files\common files\Merge Modules
2010-11-16 03:29:01 416 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\msdn\9.0\1033\ResourceCache.dll
2010-11-16 03:28:57 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Microsoft Help
2010-11-16 03:27:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-11-16 03:02:28 -------- d-----w- c:\program files\Microsoft SQL Server
2010-11-16 01:11:12 53248 ----a-r- c:\docume~1\admin\applic~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2010-11-16 01:10:57 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-16 01:10:48 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-11-16 01:10:21 -------- d-----w- c:\docume~1\admin\applic~1\Logishrd
2010-11-16 00:57:25 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Conexant
2010-11-15 22:14:57 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Opera
2010-11-15 22:10:10 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-11-15 22:10:01 -------- d-----w- c:\windows\system32\Cache
2010-11-15 21:35:28 2560 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\usmt\iconlib.dll
2010-11-15 21:23:15 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-11-15 21:23:15 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-15 21:23:13 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-11-15 21:23:13 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-15 16:08:42 -------- d-----w- c:\program files\MSXML 4.0
2010-11-14 01:35:39 -------- d-----w- c:\windows\system32\Client Security Solution
2010-11-13 17:04:01 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-13 17:04:01 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-13 17:03:35 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-13 17:03:35 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-11-13 17:03:35 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-13 17:03:05 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-13 17:01:05 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-13 17:00:48 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-13 17:00:39 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-13 17:00:26 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-13 17:00:26 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-13 17:00:24 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-13 16:59:43 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-13 16:59:43 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-13 16:59:42 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-13 16:59:42 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-13 16:59:27 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-13 16:59:24 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-13 16:58:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-13 16:55:31 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-13 16:55:31 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-13 16:55:31 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-13 16:55:31 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-13 16:55:31 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2010-11-13 16:55:31 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-13 16:55:31 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-13 16:55:31 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-13 16:55:30 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-13 16:46:55 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-13 16:43:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-13 16:43:47 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-13 16:43:46 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-13 16:43:02 -------- d-----w- c:\windows\system32\PreInstall
2010-11-12 21:01:22 -------- d-----w- c:\windows\system32\SoftwareDistribution

==================== Find3M ====================

2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-16 16:16:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-16 16:16:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec

============= FINISH: 7:02:02.76 ===============
 
Welcome to TechSpot! I am going to have you run 2 more scans. But I would appreciate it if you could describe the problem you're having a bit more clearly. I understand 'enables proxy', but how? When? Where does it take you?

There are a lot of problems with the Services. Have you been making changes there?
============================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=========================================
Download Combofix and save to your desktop from one of these locations:
Link 1
Link 2
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
======================================
Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Please disable BitTorrent and do not use it or any other file sharing program while I am helping you.

P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Bit Torrent for the following reasons:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
 
Not sure where the redirect was pointed too, the addresses never resovled, pages would mostly stay in the 'connecting to' state. Proxy was 127.0.0.1 Port 50370 and would turn itself back on every time the browser would restart. Have had my browser hang on me and XP has blue screened on me a few times since the infection. Ran TFC and combofix in safe mode because they've both blue screened on me as well. The port did change on the proxy after running malwarebytes,butit does stay unchecked now. Looks like the infection is still floating around tho, here's the 2 log's you've asked for. Thanks.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6415
# api_version=3.0.2
# EOSSerial=a6e17599ed571e4dbf4a3927c6107776
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-07 02:49:15
# local_time=2010-12-06 09:49:15 (-0500, Eastern Standard Time)
# country="Canada"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=102379
# found=1
# cleaned=0
# scan_time=1590
C:\Documents and Settings\admin\Application Data\dwm.exe a variant of Win32/Kryptik.IRC trojan (unable to clean) 00000000000000000000000000000000 I


ComboFix 10-12-06.01 - Administrator 06/12/2010 22:08:07.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2635 [GMT -5:00]
Running from: c:\documents and settings\admin\Desktop\slacker.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\admin\Application Data\dwm.exe
c:\windows\system32\Cache
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
.

2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-06 11:36 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 11:36 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 11:26 . 2010-12-06 11:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-12-06 01:53 . 2010-12-06 01:53 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-06 01:53 . 2010-12-06 01:53 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-06 01:53 . 2010-12-06 01:53 -------- d-----w- c:\windows\Logs
2010-11-28 01:32 . 2010-11-28 01:32 -------- d-----w- c:\documents and settings\admin\save
2010-11-27 05:47 . 2010-11-27 05:47 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2010-11-27 05:47 . 2010-11-27 05:47 -------- d-----w- c:\documents and settings\admin\Application Data\ProtectDISC
2010-11-22 16:24 . 2010-11-22 16:24 -------- d-----w- c:\windows\Sun
2010-11-19 18:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-19 18:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-19 18:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-19 18:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-19 18:19 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-19 18:19 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-19 18:19 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-19 18:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-19 18:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-19 18:18 . 2010-11-19 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-17 05:14 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-16 20:42 . 2010-11-16 20:42 -------- d-----w- c:\documents and settings\admin\Application Data\Microsoft Corporation
2010-11-16 19:22 . 2010-11-16 19:22 -------- d-----w- c:\documents and settings\AL-T400S
2010-11-16 18:13 . 2010-11-26 01:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-11-16 18:12 . 2010-11-16 18:12 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-11-16 18:12 . 2010-11-16 18:12 -------- d-----w- c:\program files\IIS
2010-11-16 18:12 . 2010-11-16 18:13 617152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2010-11-16 18:08 . 2010-11-16 18:09 226688 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2010-11-16 18:06 . 2010-11-16 18:11 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-11-16 18:06 . 2010-11-16 18:06 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-11-16 15:10 . 2000-08-05 19:50 57410 ----a-w- c:\windows\system32\axscphst.DLL
2010-11-16 15:10 . 2002-12-17 11:23 528960 ----a-w- c:\windows\system32\dtspump.DLL
2010-11-16 15:10 . 2002-12-17 11:23 1905216 ----a-w- c:\windows\system32\dtspkg.DLL
2010-11-16 15:09 . 2010-11-16 15:09 -------- d-----w- c:\windows\system32\Resources
2010-11-16 15:09 . 2002-12-17 11:25 29248 ----a-w- c:\windows\system32\sqlresld.DLL
2010-11-16 15:09 . 2002-12-17 11:23 119360 ----a-w- c:\windows\system32\dtsffile.DLL
2010-11-16 15:09 . 2002-12-17 11:23 315968 ----a-w- c:\windows\system32\custtask.DLL
2010-11-16 15:09 . 2001-04-17 17:21 65536 ----a-w- c:\windows\system32\custtask.RLL
2010-11-16 15:01 . 2010-04-03 16:51 47968 ----a-w- c:\windows\system32\perf-ReportServer$SECTOR70-rsctr.dll
2010-11-16 15:01 . 2010-04-03 16:51 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.SECTOR70-sqlagtctr.dll
2010-11-16 15:01 . 2010-04-03 16:51 73568 ----a-w- c:\windows\system32\perf-MSSQL$SECTOR70-sqlctr10.50.1600.1.dll
2010-11-16 08:41 . 2010-11-16 08:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-11-16 05:40 . 2010-11-16 16:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-16 04:45 . 2010-11-16 04:45 -------- d-----w- c:\documents and settings\admin\Application Data\Avaya
2010-11-16 03:47 . 2010-12-04 20:47 -------- d-----w- c:\documents and settings\admin\Application Data\CoreFTP
2010-11-16 03:46 . 2010-11-16 03:46 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft_Corporation
2010-11-16 03:38 . 2010-11-16 03:38 438496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2010-11-16 03:38 . 2010-11-16 03:38 438496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2010-11-16 03:36 . 2010-11-16 03:36 -------- d-----w- c:\windows\system32\RsFx
2010-11-16 03:33 . 2010-11-16 03:33 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-16 03:31 . 2010-11-19 18:27 20128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-11-16 03:31 . 2010-11-19 18:27 139872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2010-11-16 03:29 . 2010-11-16 03:29 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-11-16 03:29 . 2010-11-16 03:29 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-11-16 03:28 . 2010-11-16 03:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft Help
2010-11-16 03:27 . 2010-11-19 21:24 -------- d-----w- c:\program files\Microsoft SDKs
2010-11-16 03:27 . 2010-11-16 03:29 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-11-16 03:27 . 2010-11-19 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-11-16 03:27 . 2010-11-16 03:27 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-11-16 03:27 . 2010-11-16 17:57 -------- d-----w- c:\program files\Microsoft.NET
2010-11-16 03:02 . 2010-11-16 15:21 -------- d-----w- c:\program files\Microsoft SQL Server
2010-11-16 02:50 . 2010-11-16 02:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-16 01:11 . 2010-11-16 01:11 53248 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-16 01:10 . 2010-11-16 01:10 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-16 01:10 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-11-16 01:10 . 2010-11-16 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-11-16 01:10 . 2010-11-16 02:09 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-11-16 01:10 . 2010-11-16 01:11 -------- d-----w- c:\documents and settings\admin\Application Data\Logitech
2010-11-16 01:10 . 2010-11-16 01:10 -------- d-----w- c:\documents and settings\admin\Application Data\Logishrd
2010-11-16 00:57 . 2010-11-16 00:57 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Conexant
2010-11-15 22:14 . 2010-11-15 22:14 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Opera
2010-11-15 22:10 . 2010-11-15 22:10 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-11-15 21:35 . 2008-04-14 12:00 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2010-11-15 21:23 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-11-15 21:23 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-15 21:23 . 2008-04-14 08:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-11-15 21:23 . 2008-04-14 08:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-15 16:08 . 2010-11-15 16:08 -------- d-----w- c:\program files\MSXML 4.0
2010-11-14 01:35 . 2010-11-14 01:35 -------- d-----w- c:\windows\system32\Client Security Solution
2010-11-13 17:04 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-13 17:04 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-13 17:03 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-13 17:03 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-11-13 17:03 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-13 17:03 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-13 17:01 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-13 17:00 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-13 17:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-13 17:00 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-13 17:00 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-13 17:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-13 16:59 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-13 16:59 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-13 16:59 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-13 16:59 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-13 16:59 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-13 16:59 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-13 16:58 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-13 16:55 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-13 16:55 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-13 16:55 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-13 16:55 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-13 16:55 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-13 16:55 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-13 16:55 . 2009-02-06 10:39 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2010-11-13 16:55 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-13 16:55 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-13 16:46 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-13 16:43 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-13 16:43 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-13 16:43 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 20:23 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-07-21 22:49 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-07-21 22:49 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-16 16:22 . 2010-09-16 16:22 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2010-09-16 16:22 . 2010-09-16 16:22 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2010-09-16 16:16 . 2010-09-16 16:10 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2010-09-16 16:16 . 2010-09-16 16:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-16 16:16 . 2010-09-16 16:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-09-09 13:38 . 2008-07-21 22:50 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2008-07-21 22:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2008-07-21 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2008-07-21 22:49 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2008-07-21 22:49 389120 ----a-w- c:\windows\system32\html.iec
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-16 148888]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-22 421888]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-12-04 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2009-07-29 17:35 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-04-09 03:23 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\ThinkPad\\ConnectUtilities\\Access Connections.exe"=
"d:\\Program Files\\CoreFTP\\coreftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28/01/2009 7:57 PM 20520]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/11/2010 1:19 PM 165584]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [23/10/2008 3:15 AM 13480]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24/02/2010 5:22 AM 185472]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/11/2010 1:19 PM 17744]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/11/2010 8:10 PM 10448]
R2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [05/10/2009 9:21 PM 45424]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [16/09/2010 11:19 AM 53248]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/03/2009 4:47 PM 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [05/10/2009 9:21 PM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [24/11/2008 5:34 PM 520192]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [16/09/2010 11:04 AM 2058776]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [16/09/2010 10:51 AM 243856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/02/2008 5:54 PM 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09/05/2008 7:50 PM 360448]
S3 MSSQL$SECTOR70;SQL Server (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\sqlservr.exe [03/04/2010 11:56 AM 42884448]
S3 MSSQLFDLauncher$SECTOR70;SQL Full-text Filter Daemon Launcher (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\fdlauncher.exe [03/04/2010 11:56 AM 28512]
S3 ReportServer$SECTOR70;SQL Server Reporting Services (SECTOR70);d:\sector70\MSRS10_50.SECTOR70\Reporting Services\ReportServer\bin\ReportingServicesService.exe [03/04/2010 11:56 AM 1177952]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 10:15 AM 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [03/04/2010 2:56 PM 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [03/04/2010 2:02 PM 240608]
S4 SQLAgent$SECTOR70;SQL Server Agent (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\SQLAGENT.EXE [03/04/2010 11:56 AM 367456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-10-06 21:55]

2010-12-07 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-09-16 16:04]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:49758
TCP: {8D2A77B2-899C-40C2-A2DA-6D120A92C1AE} = 169.254.11.203
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 22:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

- - - - - - - > 'lsass.exe'(812)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll

- - - - - - - > 'explorer.exe'(4296)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
d:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
**************************************************************************
.
Completion time: 2010-12-06 22:16:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-07 03:16

Pre-Run: 31,417,401,344 bytes free
Post-Run: 28,063,219,712 bytes free

- - End Of File - - 67D32B38E4F4E16B5867A56D41C74EE9
 
Combofix removed the entry found in the Eset scan. I'm setting up script for you to run through Combofix, but need to know the following:

Did you intentionally set these ports to open:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 1 (0x1)

If you did not, I can use script to close them.

Question: Have you ever taken time to go through the processes that were preloaded by Lenova, ThinkPad, IBM to see if you're using them> IF you are not, they can be uninstalled to free up some resources.
 
I think those ports may have been opened while I was transferring files between my old and new laptop. You can go ahead and close them in the script.

Haven't really looked yet at the preinstalled lenovo services. Most of them handle installed hardware don't they? I think the fingerprint sensor is the only thing that jumps out at me as being unused.

Thanks again for the help.
 
Some hardware, more software. Look aat the Services and the Startup menu.

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code:
File::

Folder::

DDS::
uStart Page = about:blank
mDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyServer = http=127.0.0.1:49758
uWindows: Load=c:\docume~1\admin\locals~1\temp\csrss.exe
mRun: [<NO NAME>] 

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3587:TCP"=-
"3540:UDP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
2 more logs

ComboFix 10-12-08.04 - admin 09/12/2010 15:36:15.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2255 [GMT -5:00]
Running from: c:\documents and settings\admin\Desktop\slacker.exe
Command switches used :: c:\documents and settings\admin\Desktop\cfscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 20:31 . 2010-12-09 20:31 -------- d-----w- C:\HijackThis
2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-06 11:36 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 11:36 . 2010-12-06 11:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 11:36 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 11:26 . 2010-12-06 11:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-12-06 01:53 . 2010-12-06 01:53 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-06 01:53 . 2010-12-06 01:53 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-06 01:53 . 2010-12-06 01:53 -------- d-----w- c:\windows\Logs
2010-11-28 01:32 . 2010-11-28 01:32 -------- d-----w- c:\documents and settings\admin\save
2010-11-27 05:47 . 2010-11-27 05:47 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2010-11-27 05:47 . 2010-11-27 05:47 -------- d-----w- c:\documents and settings\admin\Application Data\ProtectDISC
2010-11-22 16:24 . 2010-11-22 16:24 -------- d-----w- c:\windows\Sun
2010-11-19 18:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-19 18:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-19 18:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-19 18:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-19 18:19 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-19 18:19 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-19 18:19 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-19 18:18 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-19 18:18 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-19 18:18 . 2010-11-19 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-17 05:14 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-16 20:42 . 2010-11-16 20:42 -------- d-----w- c:\documents and settings\admin\Application Data\Microsoft Corporation
2010-11-16 19:22 . 2010-11-16 19:22 -------- d-----w- c:\documents and settings\AL-T400S
2010-11-16 18:13 . 2010-11-26 01:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-11-16 18:12 . 2010-11-16 18:12 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-11-16 18:12 . 2010-11-16 18:12 -------- d-----w- c:\program files\IIS
2010-11-16 18:12 . 2010-11-16 18:13 617152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2010-11-16 18:08 . 2010-11-16 18:09 226688 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2010-11-16 18:06 . 2010-11-16 18:11 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-11-16 18:06 . 2010-11-16 18:06 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-11-16 15:10 . 2000-08-05 19:50 57410 ----a-w- c:\windows\system32\axscphst.DLL
2010-11-16 15:10 . 2002-12-17 11:23 528960 ----a-w- c:\windows\system32\dtspump.DLL
2010-11-16 15:10 . 2002-12-17 11:23 1905216 ----a-w- c:\windows\system32\dtspkg.DLL
2010-11-16 15:09 . 2010-11-16 15:09 -------- d-----w- c:\windows\system32\Resources
2010-11-16 15:09 . 2002-12-17 11:25 29248 ----a-w- c:\windows\system32\sqlresld.DLL
2010-11-16 15:09 . 2002-12-17 11:23 119360 ----a-w- c:\windows\system32\dtsffile.DLL
2010-11-16 15:09 . 2002-12-17 11:23 315968 ----a-w- c:\windows\system32\custtask.DLL
2010-11-16 15:09 . 2001-04-17 17:21 65536 ----a-w- c:\windows\system32\custtask.RLL
2010-11-16 15:01 . 2010-04-03 16:51 47968 ----a-w- c:\windows\system32\perf-ReportServer$SECTOR70-rsctr.dll
2010-11-16 15:01 . 2010-04-03 16:51 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.SECTOR70-sqlagtctr.dll
2010-11-16 15:01 . 2010-04-03 16:51 73568 ----a-w- c:\windows\system32\perf-MSSQL$SECTOR70-sqlctr10.50.1600.1.dll
2010-11-16 08:41 . 2010-11-16 08:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-11-16 05:40 . 2010-11-16 16:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-16 04:45 . 2010-11-16 04:45 -------- d-----w- c:\documents and settings\admin\Application Data\Avaya
2010-11-16 03:47 . 2010-12-09 00:21 -------- d-----w- c:\documents and settings\admin\Application Data\CoreFTP
2010-11-16 03:46 . 2010-11-16 03:46 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft_Corporation
2010-11-16 03:38 . 2010-11-16 03:38 438496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2010-11-16 03:38 . 2010-11-16 03:38 438496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2010-11-16 03:36 . 2010-11-16 03:36 -------- d-----w- c:\windows\system32\RsFx
2010-11-16 03:33 . 2010-11-16 03:33 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-16 03:31 . 2010-11-19 18:27 20128 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-11-16 03:31 . 2010-11-19 18:27 139872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2010-11-16 03:29 . 2010-11-16 03:29 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-11-16 03:29 . 2010-11-16 03:29 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-11-16 03:28 . 2010-11-16 03:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft Help
2010-11-16 03:27 . 2010-11-19 21:24 -------- d-----w- c:\program files\Microsoft SDKs
2010-11-16 03:27 . 2010-11-16 03:29 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-11-16 03:27 . 2010-11-19 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-11-16 03:27 . 2010-11-16 03:27 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-11-16 03:27 . 2010-11-16 17:57 -------- d-----w- c:\program files\Microsoft.NET
2010-11-16 03:02 . 2010-11-16 15:21 -------- d-----w- c:\program files\Microsoft SQL Server
2010-11-16 02:50 . 2010-11-16 02:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-16 01:11 . 2010-11-16 01:11 53248 ----a-r- c:\documents and settings\admin\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-16 01:10 . 2010-11-16 01:10 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-16 01:10 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-11-16 01:10 . 2010-11-16 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-11-16 01:10 . 2010-11-16 02:09 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-11-16 01:10 . 2010-11-16 01:11 -------- d-----w- c:\documents and settings\admin\Application Data\Logitech
2010-11-16 01:10 . 2010-11-16 01:10 -------- d-----w- c:\documents and settings\admin\Application Data\Logishrd
2010-11-16 00:57 . 2010-11-16 00:57 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Conexant
2010-11-15 22:14 . 2010-11-15 22:14 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Opera
2010-11-15 22:10 . 2010-11-15 22:10 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-11-15 21:35 . 2008-04-14 12:00 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
2010-11-15 21:23 . 2001-08-17 21:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-11-15 21:23 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-15 21:23 . 2008-04-14 08:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-11-15 21:23 . 2008-04-14 08:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-15 16:08 . 2010-11-15 16:08 -------- d-----w- c:\program files\MSXML 4.0
2010-11-14 01:35 . 2010-11-14 01:35 -------- d-----w- c:\windows\system32\Client Security Solution
2010-11-13 17:04 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-13 17:04 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-13 17:03 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-13 17:03 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-11-13 17:03 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-13 17:03 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2010-11-13 17:01 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-13 17:00 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-13 17:00 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-13 17:00 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-11-13 17:00 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-11-13 17:00 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-11-13 16:59 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-13 16:59 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-13 16:59 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-13 16:59 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-13 16:59 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-11-13 16:59 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-11-13 16:58 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-13 16:55 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-11-13 16:55 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-11-13 16:55 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-11-13 16:55 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-13 16:55 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-11-13 16:55 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-11-13 16:55 . 2009-02-06 10:39 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2010-11-13 16:55 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-13 16:55 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-11-13 16:46 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-11-13 16:43 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-13 16:43 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-13 16:43 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 20:23 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-07-21 22:49 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-07-21 22:49 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-07-21 22:49 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-16 16:22 . 2010-09-16 16:22 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2010-09-16 16:22 . 2010-09-16 16:22 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2010-09-16 16:16 . 2010-09-16 16:10 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2010-09-16 16:16 . 2010-09-16 16:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-16 16:16 . 2010-09-16 16:16 410984 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-12-07_03.13.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-09 00:44 . 2010-12-09 00:44 16384 c:\windows\temp\Perflib_Perfdata_5dc.dat
+ 2010-12-08 21:45 . 2010-12-08 21:45 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_zrdo1amo.dll
+ 2010-12-08 21:45 . 2010-12-08 21:45 15360 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_ygbdfocp.dll
+ 2010-12-08 21:45 . 2010-12-08 21:45 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_xvs3ql43.dll
+ 2010-12-08 21:45 . 2010-12-08 21:45 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_lpufl6cu.dll
+ 2010-12-08 21:45 . 2010-12-08 21:45 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_geumdni0.dll
+ 2010-12-08 21:45 . 2010-12-08 21:45 45056 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_cl0gz47i.dll
+ 2010-12-08 21:45 . 2010-12-08 21:45 19968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_cal6sl4y.dll
+ 2010-12-08 21:39 . 2010-12-08 21:39 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Theme_Light.gpxx3opa.dll
+ 2010-11-15 22:10 . 2010-12-09 00:45 215256 c:\windows\system32\inetsrv\MetaBase.bin
+ 2010-12-08 21:45 . 2010-12-08 21:45 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\forum\62988167\87ef7290\App_Web_vhvp2tfo.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-16 148888]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-22 421888]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-12-04 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-04-09 03:23 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\ThinkPad\\ConnectUtilities\\Access Connections.exe"=
"d:\\Program Files\\CoreFTP\\coreftp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28/01/2009 7:57 PM 20520]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/11/2010 1:19 PM 165584]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [23/10/2008 3:15 AM 13480]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24/02/2010 5:22 AM 185472]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/11/2010 1:19 PM 17744]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/11/2010 8:10 PM 10448]
R2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [05/10/2009 9:21 PM 45424]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [16/09/2010 11:19 AM 53248]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13/03/2009 4:47 PM 12560]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [05/10/2009 9:21 PM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [24/11/2008 5:34 PM 520192]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [16/09/2010 11:04 AM 2058776]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [16/09/2010 10:51 AM 243856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/02/2008 5:54 PM 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09/05/2008 7:50 PM 360448]
S3 MSSQL$SECTOR70;SQL Server (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\sqlservr.exe [03/04/2010 11:56 AM 42884448]
S3 MSSQLFDLauncher$SECTOR70;SQL Full-text Filter Daemon Launcher (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\fdlauncher.exe [03/04/2010 11:56 AM 28512]
S3 ReportServer$SECTOR70;SQL Server Reporting Services (SECTOR70);d:\sector70\MSRS10_50.SECTOR70\Reporting Services\ReportServer\bin\ReportingServicesService.exe [03/04/2010 11:56 AM 1177952]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 10:15 AM 1120752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [03/04/2010 2:56 PM 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [03/04/2010 2:02 PM 240608]
S4 SQLAgent$SECTOR70;SQL Server Agent (SECTOR70);d:\sector70\MSSQL10_50.SECTOR70\MSSQL\Binn\SQLAGENT.EXE [03/04/2010 11:56 AM 367456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-10-06 21:55]

2010-12-09 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-09-16 16:04]
.
.
------- Supplementary Scan -------
.
TCP: {8D2A77B2-899C-40C2-A2DA-6D120A92C1AE} = 169.254.11.203
.
- - - - ORPHANS REMOVED - - - -

Notify-ACNotify - ACNotify.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-09 15:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\igfxdev.dll
c:\program files\Lenovo\HOTKEY\notifyf2.dll

- - - - - - - > 'lsass.exe'(812)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll

- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-12-09 15:41:18
ComboFix-quarantined-files.txt 2010-12-09 20:41
ComboFix2.txt 2010-12-07 03:16

Pre-Run: 27,962,916,864 bytes free
Post-Run: 28,017,590,272 bytes free

- - End Of File - - 93D0BDAC3135FB965292F8BFDE15CAB5


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:45:02 PM, on 09/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1289871982729
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D2A77B2-899C-40C2-A2DA-6D120A92C1AE}: NameServer = 169.254.11.203
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (Lenovo.micmute) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 11432 bytes
 
These logs are clean! Has the proxy problem been resolved? I note the ports remain open, but I suspect that is through your work. If the proxy is solved and there is no new malware related problem:

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

I would still encourage you to check out the large number of ThinkPad/Lenova/ IBM processes. Additionally, you have many services running which most likely are set to Automatic Startup type.. Changing them to Manual Startup would free up those resources and allow the Service to start only when needed. 14 out of 26 Services are from the company.

Have a Happy and Peaceful Holiday!
peace_dove_bigger_normal.jpg


Let me know if you have any more questions.
 
Status
Not open for further replies.
Back