1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help - Something preventing IE & Firefox to certain sites & deleted my hosts file

Discussion in 'Virus & Other Malware Removal' started by kteveler, Sep 24, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. kteveler

    kteveler Thread Starter

    Joined:
    Sep 24, 2008
    Messages:
    10
    hi there. i sure hope you folks can help me. it started about a month ago. it's on my work laptop computer which i bring home most nights so my college age son & high school daughter can use (because my home computer died years ago!). at any rate - i am pretty sure this is something that lept into my computer from a porn site my son refuses to admit he went to, but is in the browser history bar.

    i always used Firefox/Mozilla at home because it was much faster to connect to wireless router (FIOS). Suddenly, one day i couldn't sign into hotmail from Mozilla. could still get to it from IE. Even at work when docked, still can't access from Mozilla. After a while it really started to annoy me so i downloaded and PAID FOR what i thought was a spyware removal tool (8/31st). Turns out it is a rogue - SpywareDetector. Then the real problems began. system locking up. SD not running, abending, blah blah blah. finally uninstalled it last Sunday. it automatically brought up their website with pleas for me to run pgm and send them logs. uninstalled it anyway (yeah, right). then *something* deleted my hosts file. i couldn't access my web broker at work (i am a s/w developer w/a really obscure language, but really pretty LAME on actual computers - i just want them to run.)
    figured out the next day that the problem was my delete hosts file (fyi- all the "gelco" hosts entries in the HJT log ARE work related. copied a brand new hosts file down Monday.
    since then i can't get to various web sites. seems like each day there is a new one. microsoft.com was the one today! it's both IE and Mozilla. sometimes i can get to a site from one but not the other, sometimes neither.
    it's driving me NUTS. i know there is something out there. sometimes access just becomes intolerably slow, like today with this site. poked around this site, ran HJT, decided to register - did all this from IE. Clicked the link to register and the page never loaded, just the top part. fiinally opened Mozilla and copied the link in & it came right up. but now (as of like 15-30 mins ago), any page i go to on techguy.com in IE never loads, but i'm fine in mozilla. tomorrow it probably will give me the page not found error. :-(

    downlaoded & ran Spybot S&D - found nothing. Downloaded & ran Pest patrol (what they have on work network) - found nothing. this morning manually fired up my mcafee virus scanner (i am thinking it's been hijacked in some way - it was excluding some obvious malware & i know i didn't set that) tried to run a full scan starting at 515am. came back at 830am - still running, had to go to a mtg & left at ..1010am - still running . (all that time 0 things found) came home from mtg at 4ish - my computer had rebooted. arghh. looked in the mcafee log - it's like it never even ran. no record of it. tried eventviewer - see events of it starting, see it appearing to end around 130. then errors & msgs around 4, irght before i got home. booted up - did MS error reporting thing, borught up web page about serious error by driver/something w/blue screen of death info.

    that's when i said, ok. enough. and started the HJT path. i hate this tech stuff, but tell me what to do to get rid of it!! PLEASE! tia for helping me ;-)

    Here's my HJT log. I sure hope you can help me.
     
  2. kteveler

    kteveler Thread Starter

    Joined:
    Sep 24, 2008
    Messages:
    10
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:11:38 PM, on 9/24/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Windows folder: C:\WINDOWS
    System folder: C:\WINDOWS\SYSTEM32
    Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\oe101C\bin\AdmSrvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\oe101C\jre\bin\java.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\notes\ntmulti.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exe
    C:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exe
    C:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exe
    C:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exe
    C:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exe
    C:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\program files\timbuktu pro\tb2launch.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exe
    C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exe
    C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnserver.exe
    C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnserver.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\oe101C\jre\bin\java.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\program files\timbuktu pro\minitb2.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe
    C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\GUI.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.128.4:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gelco.com;<local>
    O1 - Hosts: 172.16.8.1 xedia.rva.gelco.com xedia
    O1 - Hosts: 172.16.8.2 cisco-3750-pri.rva.gelco.com cisco-3750-pri
    O1 - Hosts: 172.16.8.4 gelco-wap.rva.gelco.com gelco-wap
    O1 - Hosts: 172.16.8.5 fibre-sw1.rva.gelco.com fibre-sw1
    O1 - Hosts: 172.16.8.6 fibre-sw2.rva.gelco.com fibre-sw2
    O1 - Hosts: 172.16.8.7 pix506e-inbound.rva.gelco.com pix506e-inbound
    O1 - Hosts: 172.16.8.8 pix506e-outbound.rva.gelco.com pix506e-outbound
    O1 - Hosts: 172.16.8.11 callpilot3-clan.rva.gelco.com callpilot3-clan
    O1 - Hosts: 172.16.8.12 callpilot3-ras1.rva.gelco.com callpilot3-ras1
    O1 - Hosts: 172.16.8.13 callpilot3-ras2.rva.gelco.com callpilot3-ras2
    O1 - Hosts: 172.16.8.20 lj2100tn.rva.gelco.com lj2100tn
    O1 - Hosts: 172.16.8.21 hp8000.rva.gelco.com hp8000
    O1 - Hosts: 172.16.8.22 bigone.rva.gelco.com bigone
    O1 - Hosts: 172.16.8.23 lj4dev.rva.gelco.com lj4dev
    O1 - Hosts: 172.16.8.24 lj4sales.rva.gelco.com lj4sales
    O1 - Hosts: 172.16.8.25 canon-ir3300.rva.gelco.com canon-ir3300
    O1 - Hosts: 172.16.8.26 canon-ir3570.rva.gelco.com canon-ir3570
    O1 - Hosts: 172.16.8.27 hp8150.rva.gelco.com hp8150
    O1 - Hosts: 172.16.8.28 cts-wst-canon.rva.gelco.com cts-wst-canon
    O1 - Hosts: 172.16.8.29 jthomasps.rva.gelco.com jthomasps
    O1 - Hosts: 172.16.8.50 titan.rva.gelco.com titan
    O1 - Hosts: 172.16.8.51 travel.rva.gelco.com travel
    O1 - Hosts: 172.16.8.52 dtsdctom.rva.gelco.com dtsdctom
    O1 - Hosts: 172.16.8.53 reston.rva.gelco.com reston
    O1 - Hosts: 172.16.8.54 faxserver.rva.gelco.com faxserver
    O1 - Hosts: 172.16.8.58 passpoint.rva.gelco.com passpoint
    O1 - Hosts: 172.16.8.60 cts-dc-prime.rva.gelco.com cts-dc-prime
    O1 - Hosts: 172.16.8.61 cts-dc-backup.rva.gelco.com cts-dc-backup
    O1 - Hosts: 172.16.8.62 cts-srv-fs01.rva.gelco.com cts-srv-fs01
    O1 - Hosts: 172.16.8.67 cts-srv-sc.rva.gelco.com cts-srv-sc
    O1 - Hosts: 172.16.8.101 dev1.rva.gelco.com dev1
    O1 - Hosts: 172.16.8.102 dev2.rva.gelco.com dev2
    O1 - Hosts: 172.16.8.103 dev3.rva.gelco.com dev3
    O1 - Hosts: 172.16.8.104 dev4.rva.gelco.com dev4
    O1 - Hosts: 172.16.8.105 dev5.rva.gelco.com dev5 mail mailhost
    O1 - Hosts: 172.16.8.106 dev6.rva.gelco.com dev6
    O1 - Hosts: 172.16.8.107 dev7.rva.gelco.com dev7
    O1 - Hosts: 172.16.8.122 cts-srv-dl580.rva.gelco.com cts-srv-dl580
    O1 - Hosts: 172.16.8.125 dev-srv-windev1.rva.gelco.com dev-srv-windev1
    O1 - Hosts: 172.16.8.130 devnt.rva.gelco.com devnt
    O1 - Hosts: 172.16.8.131 tracker.rva.gelco.com tracker
    O1 - Hosts: 172.16.8.140 netra.rva.gelco.com netra
    O1 - Hosts: 172.16.8.151 dev151.rva.gelco.com dev151
    O1 - Hosts: 172.16.8.152 gim.rva.gelco.com gim
    O1 - Hosts: 172.16.8.160 hp9000.rva.gelco.com hp9000
    O1 - Hosts: 172.16.8.162 dev-srv-dpw1.rva.gelco.com dev-srv-dpw1
    O1 - Hosts: 172.16.8.163 dev-srv-dpw2.rva.gelco.com dev-srv-dpw2
    O1 - Hosts: 172.16.8.170 gelcocdgs.rva.gelco.com gelcocdgs
    O1 - Hosts: 172.16.8.171 nexsan.rva.gelco.com nexsan
    O1 - Hosts: 172.16.8.204 dev4-main.rva.gelco.com dev4-main
    O1 - Hosts: 172.16.8.205 dev5-main.rva.gelco.com dev5-main
    O1 - Hosts: 172.16.8.206 dev6-main.rva.gelco.com dev6-main
    O1 - Hosts: 172.16.8.207 dev7-main.rva.gelco.com dev7-main
    O1 - Hosts: 172.16.8.220 dev7-gtm90.rva.gelco.com dev7-gtm90
    O1 - Hosts: 172.16.8.221 dev7-test.rva.gelco.com dev7-test
    O1 - Hosts: 172.16.8.222 dev7-vm.rva.gelco.com dev7-vm
    O1 - Hosts: 172.16.8.223 dev7-oe101a.rva.gelco.com dev7-oe101a
    O1 - Hosts: 172.16.8.224 dev7-teamtrack.rva.gelco.com dev7-teamtrack
    O1 - Hosts: 172.16.8.225 dev7-lforsyth.rva.gelco.com dev7-lforsyth
    O1 - Hosts: 172.16.8.226 dev7-www.rva.gelco.com dev7-www
    O1 - Hosts: 172.16.8.223 dev7-gtm91.rva.gelco.com dev7-gtm91
    O1 - Hosts: 172.16.9.1 rali.rva.gelco.com rali
    O1 - Hosts: 172.16.9.2 canderson.rva.gelco.com canderson
    O1 - Hosts: 172.16.9.4 abeatley.rva.gelco.com abeatley
    O1 - Hosts: 172.16.9.9 canderson-w2k.rva.gelco.com canderson-w2k
    O1 - Hosts: 172.16.9.10 dclark.rva.gelco.com dclark
    O1 - Hosts: 172.16.9.17 njarrett.rva.gelco.com njarrett
    O1 - Hosts: 172.16.9.11 adm-wst-ship.rva.gelco.com adm-wst-ship
    O1 - Hosts: 172.16.9.18 qa-wst-jforsyth.rva.gelco.com qa-wst-jforsyth
    O1 - Hosts: 172.16.9.20 keveler.rva.gelco.com keveler
    O1 - Hosts: 172.16.9.33 lhedrick.rva.gelco.com lhedrick
    O1 - Hosts: 172.16.9.50 jmartini.rva.gelco.com jmartini
    O1 - Hosts: 172.16.9.53 kmeagher.rva.gelco.com kmeagher
    O1 - Hosts: 172.16.9.61 coppy.rva.gelco.com coppy
    O1 - Hosts: 172.16.9.62 foveisitork.rva.gelco.com foveisitork
    O1 - Hosts: 172.16.9.65 jpodgorny.rva.gelco.com jpodgorny
    O1 - Hosts: 172.16.9.76 jmeyer.rva.gelco.com jmeyer
    O1 - Hosts: 172.16.9.78 njarrett-laptop.rva.gelco.com njarrett-laptop
    O1 - Hosts: 172.16.9.79 jthomas.rva.gelco.com jthomas
    O1 - Hosts: 172.16.9.81 dtrinh.rva.gelco.com dtrinh
    O1 - Hosts: 172.l6.9.91 rrai.rva.gelco.com rrai
    O1 - Hosts: 172.16.9.97 ralli.rva.gelco.com ralli
    O1 - Hosts: 172.16.9.98 jmartini-w2kpro.rva.gelco.com jmartini-w2kpro
    O1 - Hosts: 172.16.9.99 dstarkey.rva.gelco.com dstarkey
    O1 - Hosts: 172.16.9.200 cts-srv-asp2000.rva.gelco.com cts-srv-asp2000
    O1 - Hosts: 172.16.9.225 cts-wst-kenr.rva.gelco.com cts-wst-kenr
    O1 - Hosts: 172.16.10.11 dnt-laptop.rva.gelco.com dnt-laptop
    O1 - Hosts: 172.16.10.14 dnt-w2ksrv.rva.gelco.com dnt-w2ksrv
    O1 - Hosts: 172.16.10.15 sol10x86.rva.gelco.com sol10x86
    O1 - Hosts: 172.16.10.17 cts-wxp-dtrinh.rva.gelco.com cts-wxp-dtrinh
    O1 - Hosts: 172.16.10.18 zone-app.rva.gelco.com zone-app
    O1 - Hosts: 172.16.10.19 zone-db.rva.gelco.com zone-db
    O1 - Hosts: 172.16.10.30 titan42.rva.gelco.com titan42
    O1 - Hosts: 172.16.10.31 technt40.rva.gelco.com technt40
    O1 - Hosts: 172.16.10.32 techw2kpro.rva.gelco.com techw2kpro
    O1 - Hosts: 172.16.10.34 cts-wst-techsup.rva.gelco.com cts-wst-techsup
    O1 - Hosts: 172.16.10.51 imp01.rva.gelco.com imp01
    O1 - Hosts: 172.16.10.52 imp02.rva.gelco.com imp02
    O1 - Hosts: 172.16.10.55 sonic100.rva.gelco.com sonic100
    O1 - Hosts: 172.16.10.59 pso59.rva.gelco.com pso59
    O1 - Hosts: 172.16.10.60 ghost.rva.gelco.com ghost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (filesize 110652 bytes, MD5 B1C1569AFADD6249AC12F126653D82B5)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (filesize 58688 bytes, MD5 98D6555C0C0C65DA97E8A9FB2CEFE4BB)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (filesize 147456 bytes, MD5 44BCFF08947790E74BD7CC7532D2B793)
    O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (filesize 719616 bytes, MD5 0FB6AA781E921EA3F77DB5EACE401DBF)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (filesize 147456 bytes, MD5 44BCFF08947790E74BD7CC7532D2B793)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe (filesize 106496 bytes, MD5 3AAA55196A23C59A3A7405BF22A8E23C)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (filesize 221184 bytes, MD5 FB9E5C251CF6C37749F296BACB34A69B)
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (filesize 81920 bytes, MD5 763DAB43BDAB27316DBF3373192823D7)
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (filesize 196696 bytes, MD5 9467CC67D11345272337CC11ADD80507)
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (filesize 136768 bytes, MD5 1B34E87D53C79B3768BED1CD627516FB)
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" (filesize 49152 bytes, MD5 4FEA5B94C6A96860620A62E4A19BD07D)
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (filesize 856064 bytes, MD5 0092B8DCC745E84C880BE16ACD7B0A38)
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe (filesize 65536 bytes, MD5 38F143A10A8E723026499041501B9563)
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" (filesize 41472 bytes, MD5 0D6F864581E3F418F35CDA6A464DD796)
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (filesize 2341632 bytes, MD5 A62E4BA44E9C141BB52A5D155E8BF63B)
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXEC:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (filesize 241664 bytes, MD5 F5F1A8CDD473D55F9BF6FE23F715B0FA)
    O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe" (filesize 65536 bytes, MD5 48775E1A0E76A5BEBC7D64F3C57FDACD)
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (filesize 111952 bytes, MD5 8CFD3D0EF41E552C17526FA0D3A9BF15)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 413696 bytes, MD5 6DF76965A0FB8237E9C3B3CAB9815EC2)
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exec:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (filesize 217193 bytes, MD5 78BFE3201ADA2FE02D1E35D2488E5F55)
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (filesize 29696 bytes, MD5 DFCB9ADE94A4F8A7C42EEF41101A30AD)
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (filesize 1537064 bytes, MD5 8CE6CC6313EEE6F53B488BBC4E9764E8)
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (filesize 237568 bytes, MD5 DA6B945E561B1D1DA67663BB45B4B868)
    O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm (filesize 1320 bytes, MD5 5D7E8FB2BA9FA192C3846A0DF1699FD1)
    O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (filesize 719616 bytes, MD5 0FB6AA781E921EA3F77DB5EACE401DBF)
    O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (filesize 719616 bytes, MD5 0FB6AA781E921EA3F77DB5EACE401DBF)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (filesize 63840 bytes, MD5 22BDC1E6E606C9BAE68141D7099309AB)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (filesize 67112 bytes, MD5 92BE69A36A9504EDBA2CAB34A32B97B3)
    O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (filesize 643072 bytes, MD5 E5DB936B538AF8E770C870AB41C95B1D)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
    O15 - Trusted Zone: http://www.tucows.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn.concur.com/CACHE/stc/2/binaries/stcweb.cab
    O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://tracker/trackdoc/trkpm660ie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170941139406
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170941284812
    O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - http://domino4/sametime/STMeetingRoomClient/STJNILoader.cab
    O16 - DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} (PVCS VM I-NET Client for MSIE) - http://dev5:82/vminet_images/vmi660ie.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meetingvisuals.webex.com/client/T23LSP33EP10/webex/ieatgpc.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rva.gelco.com
    O17 - HKLM\Software\..\Telephony: DomainName = rva.gelco.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{09470E17-F02B-4FC0-A004-F3816DF098FF}: NameServer = 172.17.16.167,172.17.16.168
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rva.gelco.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{09470E17-F02B-4FC0-A004-F3816DF098FF}: NameServer = 172.17.16.167,172.17.16.168
    O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dllC:\Program Files\Lenovo\AwayTask\AwayNotify.dll
    O23 - Service: AdminService for OpenEdge 10.0B (AdminService10.0B) - Unknown owner - c:\oe100b\bin\AdmSrvc.exec:\oe100b\bin\AdmSrvc.exe
    O23 - Service: AdminService for OpenEdge 10.1B (AdminService10.1B) - Unknown owner - C:\oe101b\bin\AdmSrvc.exeC:\oe101b\bin\AdmSrvc.exe
    O23 - Service: AdminService for OpenEdge 10.1C (AdminService10.1C) - Unknown owner - C:\oe101C\bin\AdmSrvc.exeC:\oe101C\bin\AdmSrvc.exe
    O23 - Service: AdminService for PROGRESS 9.1C (AdminService9.1C) - Unknown owner - c:\dlc91c\bin\AdmSrvc.exec:\dlc91c\bin\AdmSrvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exeC:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exeC:\Program Files\WS_FTP Pro\ftpsched.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXEC:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exeC:\notes\ntmulti.exe
    O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\oracle\ora81\BIN\ONRSD.EXEc:\oracle\ora81\BIN\ONRSD.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exeC:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SonicCSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exeC:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exe
    O23 - Service: SonicCSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exeC:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exe
    O23 - Service: SonicCSvr6.1 Server - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exeC:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exe
    O23 - Service: SonicOSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exeC:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exe
    O23 - Service: SonicOSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exeC:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exe
    O23 - Service: SonicOSvr6.1 Server - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exeC:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exe
    O23 - Service: SonicXSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exeC:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exe
    O23 - Service: SonicXSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exeC:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exeC:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exec:\program files\lenovo\system update\suservice.exe
    O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - c:\program files\timbuktu pro\tb2launch.exec:\program files\timbuktu pro\tb2launch.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeC:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exeC:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeC:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exeC:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

    --
    End of file - 27771 bytes
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    Unfortunately, we don't normally work on company computers as they have IT departments to handle those situations and most don't appreciate anyone else working on them. Do you not have an IT person?
     
  4. kteveler

    kteveler Thread Starter

    Joined:
    Sep 24, 2008
    Messages:
    10
    oh. my dept is in a tiny little office in Reston VA. we only have about 10 people in our office. we used to be owned by a co. that was headquartered in MN, now we're owned by a co. that is headquartered in like Seattle. our little ofc used to have our own computer guru guy that would have helped me, but even he probably would have told me to post here. he's a big one on things like this.

    the tech support people are in seattle and there is little to zero desktop support for us. the extent of their help would be download this spyware removal tool and run it. i KNOW my problem is gonna be waYYYY harder than that to fix because i've already TRIED all that.

    it is my work laptop, but i have to bring it home every night and my kids use it because i don't have a personal computer at all. so i sorta feel like.. a) they won't be able to help me and it will waste many more days trying, and b) it's my responsibility because probably one of my kids screwed it up by going to a porn site and 'catching' something.

    i have McAfee VirusScan Enterprise loaded and i've scanned twice in the last week and it finds nothing - although it has added stuff to the "Exclude" list, which i keep removing. i've tried spybot S&D - finds nothing except cookies. i've tried pest patrol - finds nothing except cookies.

    i've been reading these posts and am afraid to try any of this stuff because i don't know what i'm doing am know enough to realize i could really screw things up. i have to use this laptop for my job and it's giving me fits.

    if no one will/can really help me, i understand. or if i need to go my company tech support route FIRST, then i will. but i really think i will be back here or in the same place, at any rate.

    i guess, please let me know whether or not someone will not or will help me?
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    We can make an exception and continue on but you MUST make backups of any company work or projects, important data, pictures, etc. either to CDs or an external hard drive before proceeding. You never know how an unstable system will react when running some tools and removing the malware present and we don't want you to lose anything in the event of a total system crash.

    Once you've done that then please proceed with the following:

    Please download Malwarebytes Anti-Malware form Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply along with a new HijackThis log please.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
     
  6. kteveler

    kteveler Thread Starter

    Joined:
    Sep 24, 2008
    Messages:
    10
    ok. THANK YOU! it will take me awhile to backup stuff, etc.
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    That's fine. :)
     
  8. kteveler

    kteveler Thread Starter

    Joined:
    Sep 24, 2008
    Messages:
    10
    Hi! it took wayyyy longer to copy my files to CD that it did to run MBAM.

    At any rate, it found one thing (Trojan.Agent) and says it destroyed it. the log is below as well as a HJT log which i ran next.

    then i opened Firefox to post them and it immediately gave me this message (no dialog box questions or anything first) "Firefox is installing your updates and will start in a few minutes."

    still can't login to Hotmail from Firefox. So whatever is causing that is still a problem. i don't know if the "update" was real or this thing... :-(

    Also - the settings tab of MBAM did not have the Terminate IE during Removal checked, but all the other boxes were checked. I left it as it was, but am wondering it this was correct.
    Thanks again!!
    here are the logs:
    -------------------------------------
    Malwarebytes' Anti-Malware 1.28
    Database version: 1216
    Windows 5.1.2600 Service Pack 3

    9/27/2008 9:52:28 PM
    mbam-log-2008-09-27 (21-52-28).txt

    Scan type: Quick Scan
    Objects scanned: 59728
    Time elapsed: 6 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    --------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:54:52 PM, on 9/27/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\oe101C\bin\AdmSrvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\notes\ntmulti.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exe
    C:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exe
    C:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exe
    C:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exe
    C:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exe
    C:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\oe101C\jre\bin\java.exe
    c:\program files\timbuktu pro\tb2launch.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exe
    C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exe
    C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnserver.exe
    C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnserver.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\oe101C\jre\bin\java.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\program files\timbuktu pro\minitb2.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.128.4:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gelco.com;<local>
    O1 - Hosts: 172.16.8.1 xedia.rva.gelco.com xedia
    O1 - Hosts: 172.16.8.2 cisco-3750-pri.rva.gelco.com cisco-3750-pri
    O1 - Hosts: 172.16.8.4 gelco-wap.rva.gelco.com gelco-wap
    O1 - Hosts: 172.16.8.5 fibre-sw1.rva.gelco.com fibre-sw1
    O1 - Hosts: 172.16.8.6 fibre-sw2.rva.gelco.com fibre-sw2
    O1 - Hosts: 172.16.8.7 pix506e-inbound.rva.gelco.com pix506e-inbound
    O1 - Hosts: 172.16.8.8 pix506e-outbound.rva.gelco.com pix506e-outbound
    O1 - Hosts: 172.16.8.11 callpilot3-clan.rva.gelco.com callpilot3-clan
    O1 - Hosts: 172.16.8.12 callpilot3-ras1.rva.gelco.com callpilot3-ras1
    O1 - Hosts: 172.16.8.13 callpilot3-ras2.rva.gelco.com callpilot3-ras2
    O1 - Hosts: 172.16.8.20 lj2100tn.rva.gelco.com lj2100tn
    O1 - Hosts: 172.16.8.21 hp8000.rva.gelco.com hp8000
    O1 - Hosts: 172.16.8.22 bigone.rva.gelco.com bigone
    O1 - Hosts: 172.16.8.23 lj4dev.rva.gelco.com lj4dev
    O1 - Hosts: 172.16.8.24 lj4sales.rva.gelco.com lj4sales
    O1 - Hosts: 172.16.8.25 canon-ir3300.rva.gelco.com canon-ir3300
    O1 - Hosts: 172.16.8.26 canon-ir3570.rva.gelco.com canon-ir3570
    O1 - Hosts: 172.16.8.27 hp8150.rva.gelco.com hp8150
    O1 - Hosts: 172.16.8.28 cts-wst-canon.rva.gelco.com cts-wst-canon
    O1 - Hosts: 172.16.8.29 jthomasps.rva.gelco.com jthomasps
    O1 - Hosts: 172.16.8.50 titan.rva.gelco.com titan
    O1 - Hosts: 172.16.8.51 travel.rva.gelco.com travel
    O1 - Hosts: 172.16.8.52 dtsdctom.rva.gelco.com dtsdctom
    O1 - Hosts: 172.16.8.53 reston.rva.gelco.com reston
    O1 - Hosts: 172.16.8.54 faxserver.rva.gelco.com faxserver
    O1 - Hosts: 172.16.8.58 passpoint.rva.gelco.com passpoint
    O1 - Hosts: 172.16.8.60 cts-dc-prime.rva.gelco.com cts-dc-prime
    O1 - Hosts: 172.16.8.61 cts-dc-backup.rva.gelco.com cts-dc-backup
    O1 - Hosts: 172.16.8.62 cts-srv-fs01.rva.gelco.com cts-srv-fs01
    O1 - Hosts: 172.16.8.67 cts-srv-sc.rva.gelco.com cts-srv-sc
    O1 - Hosts: 172.16.8.101 dev1.rva.gelco.com dev1
    O1 - Hosts: 172.16.8.102 dev2.rva.gelco.com dev2
    O1 - Hosts: 172.16.8.103 dev3.rva.gelco.com dev3
    O1 - Hosts: 172.16.8.104 dev4.rva.gelco.com dev4
    O1 - Hosts: 172.16.8.105 dev5.rva.gelco.com dev5 mail mailhost
    O1 - Hosts: 172.16.8.106 dev6.rva.gelco.com dev6
    O1 - Hosts: 172.16.8.107 dev7.rva.gelco.com dev7
    O1 - Hosts: 172.16.8.122 cts-srv-dl580.rva.gelco.com cts-srv-dl580
    O1 - Hosts: 172.16.8.125 dev-srv-windev1.rva.gelco.com dev-srv-windev1
    O1 - Hosts: 172.16.8.130 devnt.rva.gelco.com devnt
    O1 - Hosts: 172.16.8.131 tracker.rva.gelco.com tracker
    O1 - Hosts: 172.16.8.140 netra.rva.gelco.com netra
    O1 - Hosts: 172.16.8.151 dev151.rva.gelco.com dev151
    O1 - Hosts: 172.16.8.152 gim.rva.gelco.com gim
    O1 - Hosts: 172.16.8.160 hp9000.rva.gelco.com hp9000
    O1 - Hosts: 172.16.8.162 dev-srv-dpw1.rva.gelco.com dev-srv-dpw1
    O1 - Hosts: 172.16.8.163 dev-srv-dpw2.rva.gelco.com dev-srv-dpw2
    O1 - Hosts: 172.16.8.170 gelcocdgs.rva.gelco.com gelcocdgs
    O1 - Hosts: 172.16.8.171 nexsan.rva.gelco.com nexsan
    O1 - Hosts: 172.16.8.204 dev4-main.rva.gelco.com dev4-main
    O1 - Hosts: 172.16.8.205 dev5-main.rva.gelco.com dev5-main
    O1 - Hosts: 172.16.8.206 dev6-main.rva.gelco.com dev6-main
    O1 - Hosts: 172.16.8.207 dev7-main.rva.gelco.com dev7-main
    O1 - Hosts: 172.16.8.220 dev7-gtm90.rva.gelco.com dev7-gtm90
    O1 - Hosts: 172.16.8.221 dev7-test.rva.gelco.com dev7-test
    O1 - Hosts: 172.16.8.222 dev7-vm.rva.gelco.com dev7-vm
    O1 - Hosts: 172.16.8.223 dev7-oe101a.rva.gelco.com dev7-oe101a
    O1 - Hosts: 172.16.8.224 dev7-teamtrack.rva.gelco.com dev7-teamtrack
    O1 - Hosts: 172.16.8.225 dev7-lforsyth.rva.gelco.com dev7-lforsyth
    O1 - Hosts: 172.16.8.226 dev7-www.rva.gelco.com dev7-www
    O1 - Hosts: 172.16.8.223 dev7-gtm91.rva.gelco.com dev7-gtm91
    O1 - Hosts: 172.16.9.1 rali.rva.gelco.com rali
    O1 - Hosts: 172.16.9.2 canderson.rva.gelco.com canderson
    O1 - Hosts: 172.16.9.4 abeatley.rva.gelco.com abeatley
    O1 - Hosts: 172.16.9.9 canderson-w2k.rva.gelco.com canderson-w2k
    O1 - Hosts: 172.16.9.10 dclark.rva.gelco.com dclark
    O1 - Hosts: 172.16.9.17 njarrett.rva.gelco.com njarrett
    O1 - Hosts: 172.16.9.11 adm-wst-ship.rva.gelco.com adm-wst-ship
    O1 - Hosts: 172.16.9.18 qa-wst-jforsyth.rva.gelco.com qa-wst-jforsyth
    O1 - Hosts: 172.16.9.20 keveler.rva.gelco.com keveler
    O1 - Hosts: 172.16.9.33 lhedrick.rva.gelco.com lhedrick
    O1 - Hosts: 172.16.9.50 jmartini.rva.gelco.com jmartini
    O1 - Hosts: 172.16.9.53 kmeagher.rva.gelco.com kmeagher
    O1 - Hosts: 172.16.9.61 coppy.rva.gelco.com coppy
    O1 - Hosts: 172.16.9.62 foveisitork.rva.gelco.com foveisitork
    O1 - Hosts: 172.16.9.65 jpodgorny.rva.gelco.com jpodgorny
    O1 - Hosts: 172.16.9.76 jmeyer.rva.gelco.com jmeyer
    O1 - Hosts: 172.16.9.78 njarrett-laptop.rva.gelco.com njarrett-laptop
    O1 - Hosts: 172.16.9.79 jthomas.rva.gelco.com jthomas
    O1 - Hosts: 172.16.9.81 dtrinh.rva.gelco.com dtrinh
    O1 - Hosts: 172.l6.9.91 rrai.rva.gelco.com rrai
    O1 - Hosts: 172.16.9.97 ralli.rva.gelco.com ralli
    O1 - Hosts: 172.16.9.98 jmartini-w2kpro.rva.gelco.com jmartini-w2kpro
    O1 - Hosts: 172.16.9.99 dstarkey.rva.gelco.com dstarkey
    O1 - Hosts: 172.16.9.200 cts-srv-asp2000.rva.gelco.com cts-srv-asp2000
    O1 - Hosts: 172.16.9.225 cts-wst-kenr.rva.gelco.com cts-wst-kenr
    O1 - Hosts: 172.16.10.11 dnt-laptop.rva.gelco.com dnt-laptop
    O1 - Hosts: 172.16.10.14 dnt-w2ksrv.rva.gelco.com dnt-w2ksrv
    O1 - Hosts: 172.16.10.15 sol10x86.rva.gelco.com sol10x86
    O1 - Hosts: 172.16.10.17 cts-wxp-dtrinh.rva.gelco.com cts-wxp-dtrinh
    O1 - Hosts: 172.16.10.18 zone-app.rva.gelco.com zone-app
    O1 - Hosts: 172.16.10.19 zone-db.rva.gelco.com zone-db
    O1 - Hosts: 172.16.10.30 titan42.rva.gelco.com titan42
    O1 - Hosts: 172.16.10.31 technt40.rva.gelco.com technt40
    O1 - Hosts: 172.16.10.32 techw2kpro.rva.gelco.com techw2kpro
    O1 - Hosts: 172.16.10.34 cts-wst-techsup.rva.gelco.com cts-wst-techsup
    O1 - Hosts: 172.16.10.51 imp01.rva.gelco.com imp01
    O1 - Hosts: 172.16.10.52 imp02.rva.gelco.com imp02
    O1 - Hosts: 172.16.10.55 sonic100.rva.gelco.com sonic100
    O1 - Hosts: 172.16.10.59 pso59.rva.gelco.com pso59
    O1 - Hosts: 172.16.10.60 ghost.rva.gelco.com ghost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
    O15 - Trusted Zone: http://www.tucows.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn.concur.com/CACHE/stc/2/binaries/stcweb.cab
    O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://tracker/trackdoc/trkpm660ie.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170941139406
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170941284812
    O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - http://domino4/sametime/STMeetingRoomClient/STJNILoader.cab
    O16 - DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} (PVCS VM I-NET Client for MSIE) - http://dev5:82/vminet_images/vmi660ie.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meetingvisuals.webex.com/client/T23LSP33EP10/webex/ieatgpc.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rva.gelco.com
    O17 - HKLM\Software\..\Telephony: DomainName = rva.gelco.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rva.gelco.com
    O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
    O23 - Service: AdminService for OpenEdge 10.0B (AdminService10.0B) - Unknown owner - c:\oe100b\bin\AdmSrvc.exe
    O23 - Service: AdminService for OpenEdge 10.1B (AdminService10.1B) - Unknown owner - C:\oe101b\bin\AdmSrvc.exe
    O23 - Service: AdminService for OpenEdge 10.1C (AdminService10.1C) - Unknown owner - C:\oe101C\bin\AdmSrvc.exe
    O23 - Service: AdminService for PROGRESS 9.1C (AdminService9.1C) - Unknown owner - c:\dlc91c\bin\AdmSrvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
    O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\oracle\ora81\BIN\ONRSD.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SonicCSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exe
    O23 - Service: SonicCSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exe
    O23 - Service: SonicCSvr6.1 Server - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exe
    O23 - Service: SonicOSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exe
    O23 - Service: SonicOSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exe
    O23 - Service: SonicOSvr6.1 Server - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exe
    O23 - Service: SonicXSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exe
    O23 - Service: SonicXSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - c:\program files\timbuktu pro\tb2launch.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    --
    End of file - 21996 bytes
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    Please do an online scan with Kaspersky WebScanner

    Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version (it's the fifith one down the list :

    Java Runtime Environment (JRE) 6 Update 7


    Instructions for Kaspersky scan:

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure the following is checked.
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.
     
  10. kteveler

    kteveler Thread Starter

    Joined:
    Sep 24, 2008
    Messages:
    10
    hi cookiegal. thanks for checking back!
    i am currently running the kapersky scan. it's been running....2 hrs 22 mins. it's at 93,000+ files. i think there are about 280,000+, give or take a few k, based on some other scan i've run in the last week, so it will be a lonngggg time i'm guessin'. i will post the log when it's done.
    kt
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    OK, thanks for the update. (y)
     
  12. kteveler

    kteveler Thread Starter

    Joined:
    Sep 24, 2008
    Messages:
    10
    ok! it finished. it was only 184,000+ files. It found absolutely nothing. here's the report:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Sunday, September 28, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Sunday, September 28, 2008 18:19:24
    Records in database: 1268426
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    F:\
    T:\
    U:\

    Scan statistics:
    Files scanned: 184047
    Threat name: 0
    Infected objects: 0
    Suspicious objects: 0
    Duration of the scan: 04:15:38

    No malware has been detected. The scan area is clean.

    The selected area was scanned.
    -------------------------------

    after the first thing i ran (MBAM) that you told me to, i tried to login to hotmail from firefox and couldn't, after entering the userid/passwd, i got the same... error, i think page not found or something. and then after i posted my logs i tried again and couldn't even get to www.hotmail.com page! same error there. before i could get to the hotmail.com main sign in page, enter my stuff, and only then get the error. now i couldn't even get to the first page.

    BUT... *here* is the wierd thing. i just tried it again. and i can login FINE. even though (as far as i know) nothing changed. I can also get to microsoft.com from I.E., which i couldn't before either. Does this mean i'm ok?
    kt
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    So all of the problems are fixed now?
     
  14. kteveler

    kteveler Thread Starter

    Joined:
    Sep 24, 2008
    Messages:
    10
    i think so. i've gone to all my regular web sites and any that i remember were suddenly not available (that i can remember). everything seems to be working fine.
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,928
    Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

    To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply and then click OK.

    Restart your computer, turn System Restore back on and create a restore point.

    To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.

    In the System Restore wizard, select Create a restore point and click the Next button.

    Type a name for your new restore point then click on Create.


    I also recommend downloading SPYWAREBLASTER for added protection.

    Read here for info on how to tighten your security.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/753054

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice