Solved AV removed netbt.sys due to virus... now Internet is broken

M

magnus

Posts: 26   +0
Hi

I posted this on another site a week ago, but have not received any assistance, and then I noticed that this site has seen the issue I'm having a lot and has been more helpful so I'm hoping I've finally come to the right place.

I have an XP Pro SP3 thinkpad that last week had MSE complain about a trojan found in netbt.sys that needed to be removed. I allowed it to remove it. After the reboot, my internet was no longer working. Thinkvantage's Access Connections could no longer acquire an IP address. While doing some research online, I found an XP.zip file that included a netbt registry entries file that I tried to run. I also copied over a netbt.sys from another XP Pro SP3 machine. However, still no internet.

I was able to open up the wireless Network control panel and modify the TCP/IP properties to manually assign an IP address to make the internet work, but this isn't an ideal solution, and of course I'd like to make sure there's nothing else wrong.

I have generated the logs requested and will be pasting them below. My hope is two things. 1) that the kind folks here can confirm that my computer is clean and 2) that the kind folks here can also fix my DHCP/TCP issue.

(I'll also close the thread on the other site if this one gets any noise)

Thanks!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/11/2011 1:16:53 AM
mbam-log-2011-12-11 (01-16-53).txt

Scan type: Quick scan
Objects scanned: 198900
Time elapsed: 17 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-11 03:04:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HITACHI_ rev.FC2Z
Running: umdim3u3.exe; Driver: C:\DOCUME~1\Justin\LOCALS~1\Temp\pwlyypog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA11887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA118BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)

Device \FileSystem\Fastfat \Fat 9B3BFD20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 69909 bytes
File C:\RRbackups\common\SAM 28672 bytes
File C:\RRbackups\common\secpolicy.dat 65536 bytes
File C:\RRbackups\common\settings.dat 24576 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\usersids.dat 18720 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1476223887-1840006797-2070763024-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1476223887-1840006797-2070763024-500\51fb872f-6841-4fcc-b142-32fbd6e8d2db 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1476223887-1840006797-2070763024-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1506970853-2517358612-4125041461-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1506970853-2517358612-4125041461-500\2e511fc9-2bdd-43c0-89b5-49e608c59910 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1506970853-2517358612-4125041461-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_bfcc9902-0b0d-478e-b538-18eadc4123e9 901 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_bfcc9902-0b0d-478e-b538-18eadc4123e9 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_bfcc9902-0b0d-478e-b538-18eadc4123e9 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_bfcc9902-0b0d-478e-b538-18eadc4123e9 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_bfcc9902-0b0d-478e-b538-18eadc4123e9 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_bfcc9902-0b0d-478e-b538-18eadc4123e9 56 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_bfcc9902-0b0d-478e-b538-18eadc4123e9 893 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1476223887-1840006797-2070763024-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1476223887-1840006797-2070763024-500\51fb872f-6841-4fcc-b142-32fbd6e8d2db 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1476223887-1840006797-2070763024-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1506970853-2517358612-4125041461-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1506970853-2517358612-4125041461-500\2e511fc9-2bdd-43c0-89b5-49e608c59910 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1506970853-2517358612-4125041461-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Justin 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2909370959-4291373459-806592016-1008 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2909370959-4291373459-806592016-1008\6b29ae44e85efac3c72ff4d1865d73f1_bfcc9902-0b0d-478e-b538-18eadc4123e9 53 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2909370959-4291373459-806592016-1008\83aa4cc77f591dfc2374580bbd95f6ba_bfcc9902-0b0d-478e-b538-18eadc4123e9 45 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2909370959-4291373459-806592016-1008\8f71098770f72c7a67cd8f1151619865_bfcc9902-0b0d-478e-b538-18eadc4123e9 54 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2909370959-4291373459-806592016-1008\932a2db58c237abd381d22df4c63a04a_bfcc9902-0b0d-478e-b538-18eadc4123e9 87 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2909370959-4291373459-806592016-1008\f35b96bef1df0a2ec96bc1a4549be72b_bfcc9902-0b0d-478e-b538-18eadc4123e9 47 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-1476223887-1840006797-2070763024-500 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-1476223887-1840006797-2070763024-500\51fb872f-6841-4fcc-b142-32fbd6e8d2db 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-1476223887-1840006797-2070763024-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-1506970853-2517358612-4125041461-500 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-1506970853-2517358612-4125041461-500\2e511fc9-2bdd-43c0-89b5-49e608c59910 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-1506970853-2517358612-4125041461-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\092bb204-1787-4f48-8e7f-c08d5df38720 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\140b0fb4-1c81-4e5a-8efb-24892900935d 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\3194e0e8-c281-41aa-88a7-72dcc45347cb 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\531f034e-780c-4437-a180-5697fbb18d6e 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\6cc21406-d65b-40d1-8106-bb0b3eb38ea4 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\91b37299-705a-4855-83f7-a2d58fc57bce 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\9620ab5b-4ff5-4d65-bd9d-5b4c944b45ba 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\a133bf55-b5fc-4a16-a94a-c57c5a6807f0 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\ca5da676-e931-4e7d-ad5b-181037cdd1ad 388 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\Protect\S-1-5-21-2909370959-4291373459-806592016-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Justin\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_bfcc9902-0b0d-478e-b538-18eadc4123e9 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\020bf4dd-ff6c-4298-9597-6260adeea609 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\4fca3875-abda-428a-a5c3-449f675140c3 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\fdbd7737-6c76-4338-9a26-c39b0a632edb 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
 
Continued...

File C:\RRbackups\FR 0 bytes
File C:\RRbackups\FR\KernelFileDigest.dat 16631 bytes
File C:\RRbackups\FR\UF 0 bytes
File C:\RRbackups\FR\UF\boot.ini 211 bytes
File C:\RRbackups\FR\UF\documents and settings 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user 0 bytes
File C:\RRbackups\FR\UF\documents and settings\default user\ntuser.dat 1048576 bytes
File C:\RRbackups\FR\UF\NTDETECT.COM 47564 bytes
File C:\RRbackups\FR\UF\NTLDR 250048 bytes
File C:\RRbackups\FR\UF\WINDOWS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\explorer.exe 1033728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\Fonts 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mangal.ttf 143864 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\marlett.ttf 24124 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\micross.ttf 461672 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\mvboli.ttf 40500 bytes
File C:\RRbackups\FR\UF\WINDOWS\Fonts\vgaoem.fon 5168 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\advapi32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\advpack.dll 124928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\authz.dll 62464 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\autochk.exe 588800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\basesrv.dll 52736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\bootvid.dll 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\browseui.dll 1025024 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\chkdsk.exe 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cmd.exe 389120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comctl32.dll 617472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\comdlg32.dll 276992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\config 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\default 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SAM 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\SECURITY 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\software 25952256 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\system 5505024 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\config\userdiff 262144 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\crypt32.dll 599040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptdll.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cryptui.dll 512512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\cscdll.dll 101888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrsrv.dll 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\csrss.exe 6144 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\c_1252.nls 66082 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\c_936.nls 196642 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\dnsapi.dll 149504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\doskey.exe 10752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\dpcdll.dll 102912 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpi.sys 187776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\acpiec.sys 11648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\afd.sys 138496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk6.sys 37376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\amdk7.sys 37760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\arp1394.sys 60800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\asyncmac.sys 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atapi.sys 96512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmarpc.sys 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmepvc.sys 31360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmlane.sys 55808 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atmuni.sys 352256 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\audstub.sys 3072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\beep.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\bridge.sys 71552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cbidf2k.sys 13952 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdaudio.sys 18688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdfs.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cdrom.sys 62976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\classpnp.sys 49536 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cpqdap01.sys 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\crusoe.sys 36736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\disk.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\diskdump.sys 14208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmboot.sys 799744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmio.sys 153344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dmload.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxg.sys 71168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\dxgthk.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fastfat.sys 143744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fdc.sys 27392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fips.sys 44544 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\flpydisk.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fltMgr.sys 129792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fsvga.sys 12160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\fs_rec.sys 7936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ftdisk.sys 125056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidclass.sys 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\hidparse.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\http.sys 265728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\i8042prt.sys 52480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\imapi.sys 42112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\intelppm.sys 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ip6fw.sys 36608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipfltdrv.sys 32896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipinip.sys 20864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipnat.sys 152832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ipsec.sys 75264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\irenum.sys 11264 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\isapnp.sys 37248 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\kbdclass.sys 24576 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ks.sys 141056 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ksecdd.sys 92928 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mcd.sys 7680 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mf.sys 63744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\modem.sys 30080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mouclass.sys 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mountmgr.sys 42368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxdav.sys 180608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mrxsmb.sys 456320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msfs.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\msgpc.sys 35072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mssmbios.sys 15488 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mup.sys 105472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndis.sys 182656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndistapi.sys 10496 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndisuio.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndiswan.sys 91520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ndproxy.sys 40960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbios.sys 34688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\netbt.sys 162816 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nic1394.sys 61824 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nikedrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\npfs.sys 30848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ntfs.sys 574976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\null.sys 2944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkflt.sys 12416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkfwd.sys 32512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkipx.sys 88320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnknb.sys 63232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nwlnkspx.sys 55936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\oprghdlr.sys 3456 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\p3.sys 42752 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parport.sys 80128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\partmgr.sys 19712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\parvdm.sys 6784 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pci.sys 68224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciide.sys 3328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pciidex.sys 24960 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\pcmcia.sys 120192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\processr.sys 35840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ptilink.sys 17792 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasacd.sys 8832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rasl2tp.sys 51328 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspppoe.sys 41472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspptp.sys 48384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\raspti.sys 16512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rawwan.sys 34432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdbss.sys 175744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpcdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpdr.sys 196224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rdpwd.sys 139656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\redbook.sys 57600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rio8drv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\riodrv.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\RMCast.sys 203136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rndismp.sys 30592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\rootmdm.sys 5888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\scsiport.sys 96384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sdbus.sys 79232 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\cinemst2.sys 262528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\gm.dls 3440660 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\mnmdd.sys 4224 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\nmnt.sys 40320 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\psched.sys 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\secdrv.sys 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tsbvcap.sys 21376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serenum.sys 15744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serial.sys 64512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffdisk.sys 11904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sffp_sd.sys 11008 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sfloppy.sys 11392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\smclib.sys 14592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sonydcam.sys 25344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\sr.sys 73472 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\srv.sys 357888 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\stream.sys 49408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\swenum.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tape.sys 14976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip.sys 361600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tcpip6.sys 226880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdi.sys 19072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdpipe.sys 12040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tdtcp.sys 21896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\termdd.sys 40840 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tosdvd.sys 51712 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\tunmp.sys 12288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\udfs.sys 66048 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\update.sys 384768 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usb8023.sys 12800 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd.sys 25600 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbcamd2.sys 25728 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbd.sys 4736 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbehci.sys 30208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbhub.sys 59520 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbintel.sys 15872 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbport.sys 144128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbstor.sys 26368 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\usbuhci.sys 20608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vdmindvd.sys 58112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\vga.sys 20992 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\videoprt.sys 81664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\volsnap.sys 52352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wanarp.sys 34560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\wmilib.sys 4352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\drivers\ws2ifsl.sys 12032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\duser.dll 304128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\eventlog.dll 56320 bytes executable
 
Continued 2...

File C:\RRbackups\FR\UF\WINDOWS\system32\faultrep.dll 80384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\feclient.dll 21504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\filemgmt.dll 337920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fldrclnr.dll 87552 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fltlib.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fmifs.dll 16384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontext.dll 382976 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fontsub.dll 81920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\framebuf.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fsusd.dll 81408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\fwcfg.dll 60416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\gdi32.dll 286720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\hal.dll 134400 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imagehlp.dll 144384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\imm32.dll 110080 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\iphlpapi.dll 94720 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kdcom.dll 7040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\kernel32.dll 989696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\licdll.dll 423936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\locale.nls 265948 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\logonui.exe 514560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsasrv.dll 730112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lsass.exe 13312 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\lz32.dll 2560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\l_intl.nls 7046 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42.dll 978944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mfc42u.dll 974848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mmc.exe 1414656 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mobsync.dll 207360 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msasn1.dll 58880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msgina.dll 997376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msimg32.dll 4608 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msprivs.dll 48128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msv1_0.dll 136192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcp60.dll 413696 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\msvcrt.dll 343040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ncobjapi.dll 36352 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\nddeapi.dll 17920 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netapi32.dll 337408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\netrap.dll 11776 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\notepad.exe 69120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdll.dll 718336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntdsapi.dll 67072 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntoskrnl.exe 2148864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ntsdexts.dll 36864 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbc32.dll 249856 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\odbcint.dll 94208 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.dat 4547 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ole32.dll 1288192 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleacc.dll 220160 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaccrc.dll 20480 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oleaut32.dll 551936 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\profmap.dll 27648 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\psapi.dll 23040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\regapi.dll 49664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcrt4.dll 590848 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rpcss.dll 401408 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rsaenh.dll 208384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\rundll32.exe 33280 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samlib.dll 64000 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\samsrv.dll 415744 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\scesrv.dll 314880 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.dat 4569 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secupd.sig 7208 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\services.exe 110592 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\setupapi.dll 985088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc.dll 5120 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sfc_os.dll 140288 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shdocvw.dll 1499136 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shell32.dll 8462336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shfolder.dll 25088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shgina.dll 68096 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shlwapi.dll 474112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\shsvcs.dll 135168 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\smss.exe 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sortkey.nls 262148 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\sorttbls.nls 23044 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe 14336 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\sxs.dll 713216 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\umpnpmgr.dll 123392 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\unicode.nls 89588 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\usbmon.dll 16896 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ctype.nls 8386 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\ftsrch.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\mpr.dll 59904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\oembios.bin 13107200 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\secur32.dll 56832 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\usbui.dll 74240 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\user32.dll 578560 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userenv.dll 727040 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe 26112 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\uxtheme.dll 218624 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\version.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.dll 9344 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\vga.drv 2176 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\watchdog.sys 17664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\win32k.sys 1858944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wininet.dll 832512 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe 507904 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winmm.dll 176128 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.drv 146432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winspool.exe 2112 bytes
File C:\RRbackups\FR\UF\WINDOWS\system32\winsrv.dll 293376 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winsta.dll 53760 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\winstrm.dll 18944 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wintrust.dll 177664 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wldap32.dll 172032 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2help.dll 19968 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\ws2_32.dll 82432 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\system32\wsock32.dll
22528 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 10512 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1883 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1187 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 10680 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 625 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 10678 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1724416 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95 0 bytes
File C:\RRbackups\FR\UF\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
File C:\RRbackups\FR\UpdatingFiles.dat 17 bytes
File C:\WINDOWS\$NtUninstallKB21583$\190471957 0 bytes
File C:\WINDOWS\$NtUninstallKB21583$\190471957\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB21583$\190471957\L 0 bytes
File C:\WINDOWS\$NtUninstallKB21583$\190471957\U 0 bytes
File C:\WINDOWS\$NtUninstallKB21583$\993288200 0 bytes

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Run by Justin at 3:04:25 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.1943 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
 
continued 3...

============== Running Processes ===============
.
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\Explorer.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\RotateImage\RCIMGDIR.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.onlineregister.com/lenovo/?PAGE=thx&LANG=EN&CTRY=United%20States&MODL=7465CTO&PRNM=Lenovo&SRNM=R90VVA2
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\justin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [B2C_AGENT] c:\documents and settings\all users\application data\lgmobileax\b2c_client\B2CNotiAgent.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rcimgd~1.lnk - c:\program files\rotateimage\RCIMGDIR.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: mswsock.dll
Trusted Zone: mailhost
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://connect-sjc.force10networks.com/vdesk/terminal/urxvpn.cab#version=6030,2009,820,1617
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.06/uploader2.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://connect-sjc.force10networks.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,811,2213
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\justin\locals~1\temp\ixp000.tmp\InstallerControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://connect-sjc.force10networks.com/vdesk/terminal/urxshost.cab#version=6030,2009,828,1610
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://connect-sjc.force10networks.com/vdesk/terminal/urxhost.cab#version=6030,2009,828,1606
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9EE0FD78-F4A4-449A-A23D-E97FE9953C8F} : NameServer = 192.168.0.1
TCP: Interfaces\{9EE0FD78-F4A4-449A-A23D-E97FE9953C8F} : DhcpNameServer = 192.168.0.1 205.171.3.25
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\justin\application data\mozilla\firefox\profiles\hblwhacj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\justin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\justin\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-11 64512]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-10-23 13480]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
R1 MpKsl5c067aa1;MpKsl5c067aa1;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e516609-2c02-4217-a334-23436ca0a250}\MpKsl5c067aa1.sys [2011-12-10 29904]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-26 98304]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-10-26 118784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-10-9 53248]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-6-12 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-10-9 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-10-9 72192]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-10-9 482176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-10-9 243856]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2009-10-9 23080]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-8-20 33920]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-6-12 45424]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 106496]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2011-2-10 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2011-2-10 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2011-2-10 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2011-2-10 25088]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2011-2-10 25728]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-10-16 10752]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2011-12-11 07:54:14 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e516609-2c02-4217-a334-23436ca0a250}\MpKsl5c067aa1.sys
2011-12-11 07:54:00 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e516609-2c02-4217-a334-23436ca0a250}\offreg.dll
2011-12-11 07:53:54 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e516609-2c02-4217-a334-23436ca0a250}\mpengine.dll
2011-12-11 02:19:22 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-12-11 02:19:22 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-12 17:00:07 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 3:04:40.90 ===============

.
 
last continue...

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/16/2009 10:03:32 AM
System Uptime: 12/10/2011 11:41:09 PM (4 hours ago)
.
Motherboard: LENOVO | | 7465CTO
Processor: Intel Pentium III Xeon processor | None | 1861/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 88.696 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) WiFi Link 5100 AGN
Device ID: PCI\VEN_8086&DEV_4237&SUBSYS_12118086&REV_00\4&318470AD&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) WiFi Link 5100 AGN
PNP Device ID: PCI\VEN_8086&DEV_4237&SUBSYS_12118086&REV_00\4&318470AD&0&00E1
Service: NETw5x32
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
==== System Restore Points ===================
.
RP491: 10/17/2011 5:33:59 PM - Software Distribution Service 3.0
RP492: 10/18/2011 9:57:46 PM - Software Distribution Service 3.0
RP493: 10/19/2011 11:38:25 PM - System Checkpoint
RP494: 10/20/2011 3:01:33 AM - Software Distribution Service 3.0
RP495: 10/21/2011 3:19:48 AM - System Checkpoint
RP496: 10/21/2011 9:34:32 AM - Software Distribution Service 3.0
RP497: 10/22/2011 10:08:19 AM - System Checkpoint
RP498: 10/22/2011 5:03:41 PM - Software Distribution Service 3.0
RP499: 10/23/2011 3:39:40 AM - Software Distribution Service 3.0
RP500: 10/23/2011 5:05:20 PM - Software Distribution Service 3.0
RP501: 10/24/2011 5:53:21 PM - System Checkpoint
RP502: 10/24/2011 7:29:55 PM - Software Distribution Service 3.0
RP503: 10/25/2011 7:32:26 PM - System Checkpoint
RP504: 10/25/2011 11:53:34 PM - Software Distribution Service 3.0
RP505: 10/27/2011 12:42:39 AM - System Checkpoint
RP506: 10/27/2011 2:32:04 AM - Software Distribution Service 3.0
RP507: 10/28/2011 3:10:44 AM - System Checkpoint
RP508: 10/28/2011 9:18:32 AM - Software Distribution Service 3.0
RP509: 10/29/2011 9:35:37 AM - System Checkpoint
RP510: 10/29/2011 2:41:56 PM - Software Distribution Service 3.0
RP511: 10/30/2011 3:37:43 AM - Software Distribution Service 3.0
RP512: 10/30/2011 5:05:32 PM - Software Distribution Service 3.0
RP513: 10/31/2011 6:50:02 PM - Software Distribution Service 3.0
RP514: 11/1/2011 7:13:06 PM - System Checkpoint
RP515: 11/1/2011 7:53:52 PM - Software Distribution Service 3.0
RP516: 11/2/2011 8:29:55 PM - System Checkpoint
RP517: 11/2/2011 8:38:25 PM - Software Distribution Service 3.0
RP518: 11/3/2011 9:00:53 PM - System Checkpoint
RP519: 11/4/2011 8:03:35 AM - Software Distribution Service 3.0
RP520: 11/5/2011 8:39:12 AM - System Checkpoint
RP521: 11/5/2011 9:55:38 AM - Software Distribution Service 3.0
RP522: 11/6/2011 2:34:37 AM - Software Distribution Service 3.0
RP523: 11/6/2011 3:48:16 AM - Software Distribution Service 3.0
RP524: 11/7/2011 4:06:53 AM - System Checkpoint
RP525: 11/7/2011 8:02:12 PM - Software Distribution Service 3.0
RP526: 11/8/2011 11:40:53 PM - Software Distribution Service 3.0
RP527: 11/10/2011 1:02:50 AM - System Checkpoint
RP528: 11/10/2011 1:43:02 AM - Software Distribution Service 3.0
RP529: 11/11/2011 1:51:19 AM - System Checkpoint
RP530: 11/11/2011 8:34:34 PM - Software Distribution Service 3.0
RP531: 11/12/2011 10:52:46 PM - System Checkpoint
RP532: 11/13/2011 4:03:38 AM - Software Distribution Service 3.0
RP533: 11/13/2011 7:04:16 PM - Software Distribution Service 3.0
RP534: 11/14/2011 7:09:38 PM - System Checkpoint
RP535: 11/14/2011 10:22:16 PM - Software Distribution Service 3.0
RP536: 11/15/2011 10:45:29 PM - Software Distribution Service 3.0
RP537: 11/16/2011 7:05:49 PM - Software Distribution Service 3.0
RP538: 11/17/2011 7:05:51 PM - Software Distribution Service 3.0
RP539: 11/18/2011 7:04:43 PM - Software Distribution Service 3.0
RP540: 11/19/2011 7:06:33 PM - Software Distribution Service 3.0
RP541: 11/20/2011 4:03:54 AM - Software Distribution Service 3.0
RP542: 11/20/2011 7:08:04 PM - Software Distribution Service 3.0
RP543: 11/21/2011 7:08:15 PM - Software Distribution Service 3.0
RP544: 11/22/2011 7:08:28 PM - Software Distribution Service 3.0
RP545: 11/23/2011 7:08:34 PM - Software Distribution Service 3.0
RP546: 11/24/2011 7:08:38 PM - Software Distribution Service 3.0
RP547: 11/25/2011 10:34:07 PM - Software Distribution Service 3.0
RP548: 11/26/2011 7:05:12 PM - Software Distribution Service 3.0
RP549: 11/27/2011 4:02:51 AM - Software Distribution Service 3.0
RP550: 11/27/2011 7:04:18 PM - Software Distribution Service 3.0
RP551: 11/28/2011 7:06:47 PM - Software Distribution Service 3.0
RP552: 11/28/2011 8:23:35 PM - Software Distribution Service 3.0
RP553: 11/29/2011 7:06:51 PM - Software Distribution Service 3.0
RP554: 11/30/2011 7:07:23 PM - Software Distribution Service 3.0
RP555: 12/1/2011 7:38:37 PM - System Checkpoint
RP556: 12/2/2011 10:42:55 AM - Software Distribution Service 3.0
RP557: 12/3/2011 10:41:12 AM - Software Distribution Service 3.0
RP558: 12/4/2011 4:03:16 AM - Software Distribution Service 3.0
RP559: 12/5/2011 4:44:06 AM - System Checkpoint
RP560: 12/5/2011 9:47:24 PM - Software Distribution Service 3.0
RP561: 12/6/2011 9:46:40 PM - Software Distribution Service 3.0
RP562: 12/7/2011 9:47:29 PM - Software Distribution Service 3.0
RP563: 12/8/2011 9:47:32 PM - Software Distribution Service 3.0
RP564: 12/9/2011 9:47:32 PM - Software Distribution Service 3.0
RP565: 12/10/2011 10:26:34 PM - System Checkpoint
RP566: 12/10/2011 11:53:50 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Access Help
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
AirPort
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Service Activation
Bonjour
BrettspielWelt
Business Contact Manager for Outlook 2007 SP2
Camera Center
Cisco Systems VPN Client 5.0.00.0340
Client Security - Password Manager
Conexant HD Audio
GIMP 2.6.7
Google SketchUp 8
Google Talk Plugin
Help Center
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
Integrated Camera Driver Installer Package Ver.1.25.500.0
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Intel® Active Management Technology
Intel® Trusted Platform Module
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Lenovo Fingerprint Software
Lenovo Hard Drive Quick Test
Lenovo System Interface Driver
Lenovo System Toolbox
LG United Mobile Driver
Malwarebytes' Anti-Malware version 1.51.2.1300
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobile Broadband Connect
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
OGA Notifier 2.0.0048.0
On Screen Display
OpenOffice.org 3.2
Opera 11.10
OverDrive Media Console
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
Race for the Galaxy 0.7.4
Rescue and Recovery
Samsung USB Driver (MCCI 4.34) WHQL v3.4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.0
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem Adapter
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Mobile Broadband Self Activation
VLC media player 1.0.2
VNC Free Edition 4.1.3
Wallpapers
WebFldrs XP
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Xilinx ChipScope Pro 10.1
XML Paper Specification Shared Components Pack 1.0
XP Themes
.
==== Event Viewer Messages From Past Week ========
.
12/4/2011 9:30:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NetBT
12/4/2011 9:30:39 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2011 9:30:39 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2011 4:15:22 AM, error: Service Control Manager [7023] - The Lenovo Microphone Mute service terminated with the following error: Incorrect function.
12/4/2011 4:15:22 AM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
12/4/2011 4:15:22 AM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
12/10/2011 11:33:41 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and MSE.
One of them has to go.
I suggest Lavasoft goes.

Then...

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check "Include All Files" option.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

==============================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

===========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Wow, thanks for the fast reply Broni.

Just one question...I've got the computer in manual IP address assignment mode, which is the only way I can get on the internet with this computer. Even though one of my problems is that I can't get my computer to obtain it's own IP address without my intervention, I think to be able to download and upload all the files that you request it might be more efficient for me to keep it in this manual mode. However, if you disagree and think it's better for me to change the mode back to standard automatically-obtain-ip address mode, then I can do that after I grab all the files that you requested and then I guess I will just upload by copying the files to another computer.

I have already uninstalled AdAware and will start to download all the requested programs.

Thanks!
 
(note, these were run with a firefox window open)

FSS:

Farbar Service Scanner
Ran by Justin (administrator) on 11-12-2011 at 18:05:43
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****


MiniToolBox by Farbar
Ran by Justin (administrator) on 11-12-2011 at 18:07:11
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 4 (Disconnected)
Intel(R) WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Intel(R) 82567LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Bluetooth LAN Access Server Driver = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=static addr=192.168.1.187 mask=255.255.255.0
set address name="Wireless Network Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Wireless Network Connection" source=static addr=192.168.0.1 register=PRIMARY
set wins name="Wireless Network Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : JD-X200S

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.actdsltmp



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection

Physical Address. . . . . . . . . : 00-1F-16-2B-D6-BD



Ethernet adapter Local Area Connection 3:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-26-5E-93-23-05



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : domain.actdsltmp

Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN

Physical Address. . . . . . . . . : 00-1E-65-DC-AA-A2

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.187

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.53.104, 74.125.53.105, 74.125.53.106, 74.125.53.147
74.125.53.99, 74.125.53.103



Pinging google.com [74.125.53.105] with 32 bytes of data:



Request timed out.

Reply from 74.125.53.105: bytes=32 time=47ms TTL=53



Ping statistics for 74.125.53.105:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 47ms, Average = 47ms

Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=87ms TTL=54

Reply from 209.191.122.70: bytes=32 time=86ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 86ms, Maximum = 87ms, Average = 86ms

Server: home.domain.actdsltmp
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 1f 16 2b d6 bd ...... Intel(R) 82567LM Gigabit Network Connection - Packet Scheduler Miniport
0x10005 ...00 26 5e 93 23 05 ...... Bluetooth LAN Access Server Driver - Packet Scheduler Miniport
0x20002 ...00 1e 65 dc aa a2 ...... Intel(R) WiFi Link 5100 AGN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.187 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.187 192.168.1.187 20
192.168.1.0 255.255.255.0 192.168.1.187 192.168.1.187 20
192.168.1.187 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.187 192.168.1.187 20
224.0.0.0 240.0.0.0 192.168.1.187 192.168.1.187 20
255.255.255.255 255.255.255.255 192.168.1.187 192.168.1.187 1
255.255.255.255 255.255.255.255 192.168.1.187 3 1
255.255.255.255 255.255.255.255 192.168.1.187 10005 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2011 03:45:39 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/10/2011 11:40:24 PM) (Source: Bonjour Service) (User: )
Description: 400: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/10/2011 11:33:42 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/10/2011 11:21:47 PM) (Source: Bonjour Service) (User: )
Description: 400: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/10/2011 06:21:51 PM) (Source: Bonjour Service) (User: )
Description: 404: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/04/2011 09:39:11 PM) (Source: Bonjour Service) (User: )
Description: 400: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/04/2011 09:29:00 PM) (Source: Bonjour Service) (User: )
Description: 396: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/04/2011 08:31:22 PM) (Source: Bonjour Service) (User: )
Description: 392: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/04/2011 04:16:35 AM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (12/04/2011 04:13:40 AM) (Source: Bonjour Service) (User: )
Description: 404: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


System errors:
=============
Error: (12/11/2011 03:45:38 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.810.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/10/2011 11:42:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Error: (12/10/2011 11:42:00 PM) (Source: Service Control Manager) (User: )
Description: The Lenovo Microphone Mute service terminated with the following error:
%%1

Error: (12/10/2011 11:42:00 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (12/10/2011 11:42:00 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (12/10/2011 11:33:41 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.117.768.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/10/2011 11:23:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Error: (12/10/2011 11:23:26 PM) (Source: Service Control Manager) (User: )
Description: The Lenovo Microphone Mute service terminated with the following error:
%%1

Error: (12/10/2011 11:23:26 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (12/10/2011 11:23:26 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 3031.95 MB
Available physical RAM: 2018.55 MB
Total Pagefile: 4917.18 MB
Available Pagefile: 3856 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.82 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:143.65 GB) (Free:88.87 GB) NTFS

========================= Users: ========================================

User accounts for \\JD-X200S

Administrator ASPNET Guest
HelpAssistant Justin SUPPORT_388945a0


**** End of log ****

aswMBR scanning as we speak.
 
Took a while to download the definitions for Avast/aswMBR.

I used the default settings when I clicked on SCAN.
Trace Disk IO Calls enabled
Quick Scan chosen.

Results:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-11 18:08:26
-----------------------------
18:08:26.062 OS Version: Windows 5.1.2600 Service Pack 3
18:08:26.062 Number of processors: 2 586 0x170A
18:08:26.062 ComputerName: JD-X200S UserName: Justin
18:08:26.765 Initialize success
18:21:39.765 AVAST engine defs: 11121102
18:24:42.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:24:42.890 Disk 0 Vendor: HITACHI_ FC2Z Size: 152627MB BusType: 3
18:24:42.984 Disk 0 MBR read successfully
18:24:42.984 Disk 0 MBR scan
18:24:43.062 Disk 0 unknown MBR code
18:24:43.078 Disk 0 scanning sectors +312578048
18:24:43.265 Disk 0 scanning C:\WINDOWS\system32\drivers
18:25:21.343 Service scanning
18:25:21.796 Service MpKsl79dcb5bb c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4D72ACD-E13B-4895-BEC8-BA7738421B81}\MpKsl79dcb5bb.sys **LOCKED** 32
18:25:22.390 Modules scanning
18:25:57.875 Disk 0 trace - called modules:
18:25:57.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
18:25:57.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac5c030]
18:25:57.906 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000008d[0x8ac7c4d8]
18:25:57.906 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8ac16028]
18:25:58.578 AVAST engine scan C:\WINDOWS
18:26:49.671 AVAST engine scan C:\WINDOWS\system32
18:32:24.796 AVAST engine scan C:\WINDOWS\system32\drivers
18:33:09.406 AVAST engine scan C:\Documents and Settings\Justin
18:58:11.031 AVAST engine scan C:\Documents and Settings\All Users
18:58:44.890 Scan finished successfully
19:02:50.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Justin\Desktop\MBR.dat"
19:02:50.062 The log file has been saved successfully to "C:\Documents and Settings\Justin\Desktop\aswMBR.txt"


Next up...ComboFix
 
Posting from a different machine...combofix just popped up with a message (which I assume will be in the log but I figure I'd put this in ahead of time)

"You are infected with Rootkit.ZeroAccess! It has inserted itself into tcp/ip stack. This is a particularly difficult infection.

If for any reason that you're unable to connect to the internet after running ComboFix, reboot once and see if that fixes it."

And then some other thing about running ComboFix again, but the window disappeared, and a new window popped up before I had a chance to click OK

"ROOTKIT" - Rootkit something or other has been detected, and I don't recall the rest of the message, but this too disappeared before i hit OK. It disappeared along with the ComboFix status window.

Replaced with:

Rootkit !!

ComboFix has detected the presence of rootkit activity and needs to reboot the machine.

I will let not touch this either and see if it will automatically continue (instead of me clicking OK).
 
Changed my mind. the last window is still open asking me to hit OK. I'll now assume it's the "prompt" that is mentioned in your opening instructions and not something malevolent.

So I'll hit ok. =)
 
While CF's Autoscan was running after reboot and probably around "Completed Stage_2", I got a windows error that said pev.3XE encountered a problem and needs to close.

I will leave it open to not upset CF's Autoscan.

(giving you a play by play in case I'm doing anything incorrectly. Apologies for the high reply count)
 
You're doing very well :)
You can OK that error message and continue with Combofix.
 
Results of Combofix:
(for full disclosure, my AC adapter was plugged in while waiting to click on that windows error message). Also, after the log appeared, I noticed that the computer still could not connect to the internet, so I tried to manually override again. No go (but that's expected because I need to reboot once before that will work). Anyway, I put it back to the automatically-obtaining an IP method and copied (via USB Flash) the log file over to my other computer.

(insert edit) forgot to ask if I need to run rkill or if I'm now just waiting for the next instructions. Thanks!

ComboFix 11-12-11.02 - Justin 12/11/2011 19:32:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2502 [GMT -8:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk
c:\windows\$NtUninstallKB21583$
c:\windows\$NtUninstallKB21583$\190471957\Desktop.ini
c:\windows\$NtUninstallKB21583$\993288200
c:\windows\CSC\d6
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 04:12 . 2011-12-12 04:12 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4D72ACD-E13B-4895-BEC8-BA7738421B81}\offreg.dll
2011-12-11 17:59 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4D72ACD-E13B-4895-BEC8-BA7738421B81}\mpengine.dll
2011-12-11 02:19 . 2011-12-11 02:18 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-12-11 02:19 . 2011-12-11 02:18 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-13 02:46 . 2011-11-13 02:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2009-11-04 21:41 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-10 14:22 . 2008-07-21 22:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-07-21 22:49 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2008-07-21 22:49 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2008-07-21 22:49 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-11-13 357400]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-15 61728]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-01-26 92960]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-03-19 461376]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2009-03-13 16384]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-02-18 389120]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-02-18 208896]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-05-15 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-10 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-10 172032]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-28 596584]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-10-9 50688]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2010-12-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-10-27 01:41 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Justin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AirPort\\APUtil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 4:57 PM 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 12:15 AM 13480]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 4:50 PM 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/26/2008 5:33 PM 1676536]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [10/26/2008 5:38 PM 98304]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/26/2008 5:41 PM 118784]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [10/9/2009 11:44 AM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [6/12/2009 1:00 AM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 2:34 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 4:50 PM 360448]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [10/9/2009 11:30 AM 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [10/9/2009 11:18 AM 72192]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [10/9/2009 11:37 AM 482176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/9/2009 11:17 AM 243856]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [10/9/2009 11:31 AM 23080]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 2:54 PM 37312]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [8/20/2009 8:19 AM 33920]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [6/12/2009 1:00 AM 45424]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [10/26/2008 5:38 PM 106496]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2/10/2011 11:18 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2/10/2011 11:18 PM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2/10/2011 11:18 PM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2/10/2011 11:18 PM 25088]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [2/10/2011 11:18 PM 25728]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [10/16/2009 12:32 PM 10752]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2909370959-4291373459-806592016-1008Core.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-20 06:52]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2909370959-4291373459-806592016-1008UA.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-20 06:52]
.
2011-12-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-12-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
2011-11-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2011-12-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-10-09 16:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.onlineregister.com/lenovo/?PAGE=thx&LANG=EN&CTRY=United%20States&MODL=7465CTO&PRNM=Lenovo&SRNM=R90VVA2
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mailhost
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\hblwhacj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 20:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1544)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
.
- - - - - - - > 'explorer.exe'(5016)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-11 20:18:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 04:18
.
Pre-Run: 95,293,952,000 bytes free
Post-Run: 98,307,399,680 bytes free
.
- - End Of File - - E807E51418E2D4CFE64A806D13658FD5

(insert edit) forgot to ask if I need to run rkill or if I'm now just waiting for the next instructions. Thanks!
 
forgot to ask if I need to run rkill
Click to expand...
No. That's only if Combofix doesn't want to run.

Combofix log looks fine now.

Restart computer and see if you can obtain IP address automatically.
We'll try to fix your connection now.
 
Here you go.

Thanks

(edit...USB transferred and then uploaded from other computer)

Farbar Service Scanner
Ran by Justin (administrator) on 11-12-2011 at 20:55:34
Microsoft Windows XP Professional Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

**** End of log ****

MiniToolBox by Farbar
Ran by Justin (administrator) on 11-12-2011 at 20:56:24
Microsoft Windows XP Professional Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 4 (Disconnected)
Intel(R) WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Intel(R) 82567LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Bluetooth LAN Access Server Driver = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : JD-X200S

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : domain.actdsltmp

Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN

Physical Address. . . . . . . . . : 00-1E-65-DC-AA-A2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

205.171.3.25

NetBIOS over Tcpip. . . . . . . . : Disabled



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection

Physical Address. . . . . . . . . : 00-1F-16-2B-D6-BD



Ethernet adapter Local Area Connection 3:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-26-5E-93-23-05

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 65 dc aa a2 ...... Intel(R) WiFi Link 5100 AGN - Packet Scheduler Miniport
0x3 ...00 1f 16 2b d6 bd ...... Intel(R) 82567LM Gigabit Network Connection - Packet Scheduler Miniport
0x10005 ...00 26 5e 93 23 05 ...... Bluetooth LAN Access Server Driver - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
255.255.255.255 255.255.255.255 255.255.255.255 10005 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2011 08:49:21 PM) (Source: Bonjour Service) (User: )
Description: 404: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/11/2011 08:45:57 PM) (Source: Bonjour Service) (User: )
Description: 232: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/11/2011 08:08:31 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (12/11/2011 07:32:21 PM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x00081dc9.
Processing media-specific event for [pev.3xe!ws!]

Error: (12/11/2011 07:29:38 PM) (Source: Bonjour Service) (User: )
Description: 400: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/11/2011 07:14:10 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/11/2011 07:14:09 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/11/2011 07:14:09 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/11/2011 07:14:08 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/11/2011 07:14:08 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (12/11/2011 08:50:53 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Error: (12/11/2011 08:50:45 PM) (Source: Service Control Manager) (User: )
Description: The Lenovo Microphone Mute service terminated with the following error:
%%1

Error: (12/11/2011 08:50:45 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (12/11/2011 08:50:45 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (12/11/2011 08:47:29 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Error: (12/11/2011 08:47:20 PM) (Source: Service Control Manager) (User: )
Description: The Lenovo Microphone Mute service terminated with the following error:
%%1

Error: (12/11/2011 08:47:20 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (12/11/2011 08:47:20 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (12/11/2011 08:12:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
NetBT

Error: (12/11/2011 08:12:47 PM) (Source: Service Control Manager) (User: )
Description: The Lenovo Microphone Mute service terminated with the following error:
%%1


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 3031.95 MB
Available physical RAM: 2429.32 MB
Total Pagefile: 4917.23 MB
Available Pagefile: 4388.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.37 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:143.65 GB) (Free:91.58 GB) NTFS

========================= Users: ========================================

User accounts for \\JD-X200S

Administrator ASPNET Guest
HelpAssistant Justin SUPPORT_388945a0


**** End of log ****
 
These two services are not running:
NetBt Service is not running.
Dhcp Service is not running.
Possibly because of this:
NetBIOS over Tcpip. . . . . . . . : Disabled
Click to expand...

Check your settings paying special attention to "WINS" tab in step 7:

1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
p4491747.gif

Make sure "DNS" tab looks like this:
p4491748.gif

Make sure "WINS" tab looks like this:
p4491749.gif

8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.
 
Couple of notes. I was looking at my other computer...the one that is working and it does not have LMHOST enabled nor automatically detect in the LAN Settings.

That is also the way my broken computer is set. Anyway, I changed the LAN Setting to enable automatically detect, but not LMHOST and restarted.

Still "Acquiring..."

So I enabled the LMHOST and restarted again...

Still "Acquiring..."

Anyway, I was wondering if it's some registry thing. I thought I read somewhere (though the pages are long gone) that the virus I faced hit both the netbt.sys file (and maybe another file that I can't remember) as well as related registry keys. Unfortunately, I'm not very knowledgeable of the ins and outs of the registry things.

Thanks
 
If you checked all those settings let's try more...

Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.
 
Hi Broni

Before I do these steps, I should say that I've been trying to get a wireless connection going thus far through all our debugging. I haven't tried a wired connection yet...until just now. Which also was unable to acquire an IP address.

I'll go through your steps now, but just thought you'd like to know, even though I don't think it makes a difference to my current problems.

Also, the computer has no optical drive, so should I not download Dial-A-Fix?

Thanks
 
Wired didn't work.

Neither did router and modem debugs.

the CMD commands yielded the following questionable responses:

> ipconfig /registerdns
Windows IP Configuration
Registration of DNS records failed: The RPC server is unavailable.
...
> ipconfig /renew
An error occurred while renewing... (similar to above)

I am now through the reset of winsock and am restarting to see if things work. Likely not, in which case I will move on to running the programs.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back