Help - Something preventing IE & Firefox to certain sites & deleted my hosts file

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kteveler

Thread Starter
Joined
Sep 24, 2008
Messages
10
hi there. i sure hope you folks can help me. it started about a month ago. it's on my work laptop computer which i bring home most nights so my college age son & high school daughter can use (because my home computer died years ago!). at any rate - i am pretty sure this is something that lept into my computer from a porn site my son refuses to admit he went to, but is in the browser history bar.

i always used Firefox/Mozilla at home because it was much faster to connect to wireless router (FIOS). Suddenly, one day i couldn't sign into hotmail from Mozilla. could still get to it from IE. Even at work when docked, still can't access from Mozilla. After a while it really started to annoy me so i downloaded and PAID FOR what i thought was a spyware removal tool (8/31st). Turns out it is a rogue - SpywareDetector. Then the real problems began. system locking up. SD not running, abending, blah blah blah. finally uninstalled it last Sunday. it automatically brought up their website with pleas for me to run pgm and send them logs. uninstalled it anyway (yeah, right). then *something* deleted my hosts file. i couldn't access my web broker at work (i am a s/w developer w/a really obscure language, but really pretty LAME on actual computers - i just want them to run.)
figured out the next day that the problem was my delete hosts file (fyi- all the "gelco" hosts entries in the HJT log ARE work related. copied a brand new hosts file down Monday.
since then i can't get to various web sites. seems like each day there is a new one. microsoft.com was the one today! it's both IE and Mozilla. sometimes i can get to a site from one but not the other, sometimes neither.
it's driving me NUTS. i know there is something out there. sometimes access just becomes intolerably slow, like today with this site. poked around this site, ran HJT, decided to register - did all this from IE. Clicked the link to register and the page never loaded, just the top part. fiinally opened Mozilla and copied the link in & it came right up. but now (as of like 15-30 mins ago), any page i go to on techguy.com in IE never loads, but i'm fine in mozilla. tomorrow it probably will give me the page not found error. :-(

downlaoded & ran Spybot S&D - found nothing. Downloaded & ran Pest patrol (what they have on work network) - found nothing. this morning manually fired up my mcafee virus scanner (i am thinking it's been hijacked in some way - it was excluding some obvious malware & i know i didn't set that) tried to run a full scan starting at 515am. came back at 830am - still running, had to go to a mtg & left at ..1010am - still running . (all that time 0 things found) came home from mtg at 4ish - my computer had rebooted. arghh. looked in the mcafee log - it's like it never even ran. no record of it. tried eventviewer - see events of it starting, see it appearing to end around 130. then errors & msgs around 4, irght before i got home. booted up - did MS error reporting thing, borught up web page about serious error by driver/something w/blue screen of death info.

that's when i said, ok. enough. and started the HJT path. i hate this tech stuff, but tell me what to do to get rid of it!! PLEASE! tia for helping me ;-)

Here's my HJT log. I sure hope you can help me.
 

kteveler

Thread Starter
Joined
Sep 24, 2008
Messages
10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:38 PM, on 9/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\SYSTEM32
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\oe101C\bin\AdmSrvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\oe101C\jre\bin\java.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exe
C:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exe
C:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exe
C:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exe
C:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exe
C:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exe
C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exe
C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnserver.exe
C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnserver.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\oe101C\jre\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Cisco Systems\SSL VPN Client\GUI.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.128.4:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gelco.com;<local>
O1 - Hosts: 172.16.8.1 xedia.rva.gelco.com xedia
O1 - Hosts: 172.16.8.2 cisco-3750-pri.rva.gelco.com cisco-3750-pri
O1 - Hosts: 172.16.8.4 gelco-wap.rva.gelco.com gelco-wap
O1 - Hosts: 172.16.8.5 fibre-sw1.rva.gelco.com fibre-sw1
O1 - Hosts: 172.16.8.6 fibre-sw2.rva.gelco.com fibre-sw2
O1 - Hosts: 172.16.8.7 pix506e-inbound.rva.gelco.com pix506e-inbound
O1 - Hosts: 172.16.8.8 pix506e-outbound.rva.gelco.com pix506e-outbound
O1 - Hosts: 172.16.8.11 callpilot3-clan.rva.gelco.com callpilot3-clan
O1 - Hosts: 172.16.8.12 callpilot3-ras1.rva.gelco.com callpilot3-ras1
O1 - Hosts: 172.16.8.13 callpilot3-ras2.rva.gelco.com callpilot3-ras2
O1 - Hosts: 172.16.8.20 lj2100tn.rva.gelco.com lj2100tn
O1 - Hosts: 172.16.8.21 hp8000.rva.gelco.com hp8000
O1 - Hosts: 172.16.8.22 bigone.rva.gelco.com bigone
O1 - Hosts: 172.16.8.23 lj4dev.rva.gelco.com lj4dev
O1 - Hosts: 172.16.8.24 lj4sales.rva.gelco.com lj4sales
O1 - Hosts: 172.16.8.25 canon-ir3300.rva.gelco.com canon-ir3300
O1 - Hosts: 172.16.8.26 canon-ir3570.rva.gelco.com canon-ir3570
O1 - Hosts: 172.16.8.27 hp8150.rva.gelco.com hp8150
O1 - Hosts: 172.16.8.28 cts-wst-canon.rva.gelco.com cts-wst-canon
O1 - Hosts: 172.16.8.29 jthomasps.rva.gelco.com jthomasps
O1 - Hosts: 172.16.8.50 titan.rva.gelco.com titan
O1 - Hosts: 172.16.8.51 travel.rva.gelco.com travel
O1 - Hosts: 172.16.8.52 dtsdctom.rva.gelco.com dtsdctom
O1 - Hosts: 172.16.8.53 reston.rva.gelco.com reston
O1 - Hosts: 172.16.8.54 faxserver.rva.gelco.com faxserver
O1 - Hosts: 172.16.8.58 passpoint.rva.gelco.com passpoint
O1 - Hosts: 172.16.8.60 cts-dc-prime.rva.gelco.com cts-dc-prime
O1 - Hosts: 172.16.8.61 cts-dc-backup.rva.gelco.com cts-dc-backup
O1 - Hosts: 172.16.8.62 cts-srv-fs01.rva.gelco.com cts-srv-fs01
O1 - Hosts: 172.16.8.67 cts-srv-sc.rva.gelco.com cts-srv-sc
O1 - Hosts: 172.16.8.101 dev1.rva.gelco.com dev1
O1 - Hosts: 172.16.8.102 dev2.rva.gelco.com dev2
O1 - Hosts: 172.16.8.103 dev3.rva.gelco.com dev3
O1 - Hosts: 172.16.8.104 dev4.rva.gelco.com dev4
O1 - Hosts: 172.16.8.105 dev5.rva.gelco.com dev5 mail mailhost
O1 - Hosts: 172.16.8.106 dev6.rva.gelco.com dev6
O1 - Hosts: 172.16.8.107 dev7.rva.gelco.com dev7
O1 - Hosts: 172.16.8.122 cts-srv-dl580.rva.gelco.com cts-srv-dl580
O1 - Hosts: 172.16.8.125 dev-srv-windev1.rva.gelco.com dev-srv-windev1
O1 - Hosts: 172.16.8.130 devnt.rva.gelco.com devnt
O1 - Hosts: 172.16.8.131 tracker.rva.gelco.com tracker
O1 - Hosts: 172.16.8.140 netra.rva.gelco.com netra
O1 - Hosts: 172.16.8.151 dev151.rva.gelco.com dev151
O1 - Hosts: 172.16.8.152 gim.rva.gelco.com gim
O1 - Hosts: 172.16.8.160 hp9000.rva.gelco.com hp9000
O1 - Hosts: 172.16.8.162 dev-srv-dpw1.rva.gelco.com dev-srv-dpw1
O1 - Hosts: 172.16.8.163 dev-srv-dpw2.rva.gelco.com dev-srv-dpw2
O1 - Hosts: 172.16.8.170 gelcocdgs.rva.gelco.com gelcocdgs
O1 - Hosts: 172.16.8.171 nexsan.rva.gelco.com nexsan
O1 - Hosts: 172.16.8.204 dev4-main.rva.gelco.com dev4-main
O1 - Hosts: 172.16.8.205 dev5-main.rva.gelco.com dev5-main
O1 - Hosts: 172.16.8.206 dev6-main.rva.gelco.com dev6-main
O1 - Hosts: 172.16.8.207 dev7-main.rva.gelco.com dev7-main
O1 - Hosts: 172.16.8.220 dev7-gtm90.rva.gelco.com dev7-gtm90
O1 - Hosts: 172.16.8.221 dev7-test.rva.gelco.com dev7-test
O1 - Hosts: 172.16.8.222 dev7-vm.rva.gelco.com dev7-vm
O1 - Hosts: 172.16.8.223 dev7-oe101a.rva.gelco.com dev7-oe101a
O1 - Hosts: 172.16.8.224 dev7-teamtrack.rva.gelco.com dev7-teamtrack
O1 - Hosts: 172.16.8.225 dev7-lforsyth.rva.gelco.com dev7-lforsyth
O1 - Hosts: 172.16.8.226 dev7-www.rva.gelco.com dev7-www
O1 - Hosts: 172.16.8.223 dev7-gtm91.rva.gelco.com dev7-gtm91
O1 - Hosts: 172.16.9.1 rali.rva.gelco.com rali
O1 - Hosts: 172.16.9.2 canderson.rva.gelco.com canderson
O1 - Hosts: 172.16.9.4 abeatley.rva.gelco.com abeatley
O1 - Hosts: 172.16.9.9 canderson-w2k.rva.gelco.com canderson-w2k
O1 - Hosts: 172.16.9.10 dclark.rva.gelco.com dclark
O1 - Hosts: 172.16.9.17 njarrett.rva.gelco.com njarrett
O1 - Hosts: 172.16.9.11 adm-wst-ship.rva.gelco.com adm-wst-ship
O1 - Hosts: 172.16.9.18 qa-wst-jforsyth.rva.gelco.com qa-wst-jforsyth
O1 - Hosts: 172.16.9.20 keveler.rva.gelco.com keveler
O1 - Hosts: 172.16.9.33 lhedrick.rva.gelco.com lhedrick
O1 - Hosts: 172.16.9.50 jmartini.rva.gelco.com jmartini
O1 - Hosts: 172.16.9.53 kmeagher.rva.gelco.com kmeagher
O1 - Hosts: 172.16.9.61 coppy.rva.gelco.com coppy
O1 - Hosts: 172.16.9.62 foveisitork.rva.gelco.com foveisitork
O1 - Hosts: 172.16.9.65 jpodgorny.rva.gelco.com jpodgorny
O1 - Hosts: 172.16.9.76 jmeyer.rva.gelco.com jmeyer
O1 - Hosts: 172.16.9.78 njarrett-laptop.rva.gelco.com njarrett-laptop
O1 - Hosts: 172.16.9.79 jthomas.rva.gelco.com jthomas
O1 - Hosts: 172.16.9.81 dtrinh.rva.gelco.com dtrinh
O1 - Hosts: 172.l6.9.91 rrai.rva.gelco.com rrai
O1 - Hosts: 172.16.9.97 ralli.rva.gelco.com ralli
O1 - Hosts: 172.16.9.98 jmartini-w2kpro.rva.gelco.com jmartini-w2kpro
O1 - Hosts: 172.16.9.99 dstarkey.rva.gelco.com dstarkey
O1 - Hosts: 172.16.9.200 cts-srv-asp2000.rva.gelco.com cts-srv-asp2000
O1 - Hosts: 172.16.9.225 cts-wst-kenr.rva.gelco.com cts-wst-kenr
O1 - Hosts: 172.16.10.11 dnt-laptop.rva.gelco.com dnt-laptop
O1 - Hosts: 172.16.10.14 dnt-w2ksrv.rva.gelco.com dnt-w2ksrv
O1 - Hosts: 172.16.10.15 sol10x86.rva.gelco.com sol10x86
O1 - Hosts: 172.16.10.17 cts-wxp-dtrinh.rva.gelco.com cts-wxp-dtrinh
O1 - Hosts: 172.16.10.18 zone-app.rva.gelco.com zone-app
O1 - Hosts: 172.16.10.19 zone-db.rva.gelco.com zone-db
O1 - Hosts: 172.16.10.30 titan42.rva.gelco.com titan42
O1 - Hosts: 172.16.10.31 technt40.rva.gelco.com technt40
O1 - Hosts: 172.16.10.32 techw2kpro.rva.gelco.com techw2kpro
O1 - Hosts: 172.16.10.34 cts-wst-techsup.rva.gelco.com cts-wst-techsup
O1 - Hosts: 172.16.10.51 imp01.rva.gelco.com imp01
O1 - Hosts: 172.16.10.52 imp02.rva.gelco.com imp02
O1 - Hosts: 172.16.10.55 sonic100.rva.gelco.com sonic100
O1 - Hosts: 172.16.10.59 pso59.rva.gelco.com pso59
O1 - Hosts: 172.16.10.60 ghost.rva.gelco.com ghost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (filesize 1562448 bytes, MD5 32981ADE44D01EC2A9EBC2E311291707)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (filesize 110652 bytes, MD5 B1C1569AFADD6249AC12F126653D82B5)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (filesize 58688 bytes, MD5 98D6555C0C0C65DA97E8A9FB2CEFE4BB)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (filesize 147456 bytes, MD5 44BCFF08947790E74BD7CC7532D2B793)
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (filesize 719616 bytes, MD5 0FB6AA781E921EA3F77DB5EACE401DBF)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (filesize 147456 bytes, MD5 44BCFF08947790E74BD7CC7532D2B793)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe (filesize 106496 bytes, MD5 3AAA55196A23C59A3A7405BF22A8E23C)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (filesize 221184 bytes, MD5 FB9E5C251CF6C37749F296BACB34A69B)
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (filesize 81920 bytes, MD5 763DAB43BDAB27316DBF3373192823D7)
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (filesize 196696 bytes, MD5 9467CC67D11345272337CC11ADD80507)
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (filesize 136768 bytes, MD5 1B34E87D53C79B3768BED1CD627516FB)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" (filesize 49152 bytes, MD5 4FEA5B94C6A96860620A62E4A19BD07D)
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (filesize 856064 bytes, MD5 0092B8DCC745E84C880BE16ACD7B0A38)
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe (filesize 65536 bytes, MD5 38F143A10A8E723026499041501B9563)
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" (filesize 41472 bytes, MD5 0D6F864581E3F418F35CDA6A464DD796)
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (filesize 2341632 bytes, MD5 A62E4BA44E9C141BB52A5D155E8BF63B)
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXEC:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (filesize 241664 bytes, MD5 F5F1A8CDD473D55F9BF6FE23F715B0FA)
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe" (filesize 65536 bytes, MD5 48775E1A0E76A5BEBC7D64F3C57FDACD)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (filesize 111952 bytes, MD5 8CFD3D0EF41E552C17526FA0D3A9BF15)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 413696 bytes, MD5 6DF76965A0FB8237E9C3B3CAB9815EC2)
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exec:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (filesize 217193 bytes, MD5 78BFE3201ADA2FE02D1E35D2488E5F55)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (filesize 29696 bytes, MD5 DFCB9ADE94A4F8A7C42EEF41101A30AD)
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (filesize 1537064 bytes, MD5 8CE6CC6313EEE6F53B488BBC4E9764E8)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (filesize 237568 bytes, MD5 DA6B945E561B1D1DA67663BB45B4B868)
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm (filesize 1320 bytes, MD5 5D7E8FB2BA9FA192C3846A0DF1699FD1)
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (filesize 719616 bytes, MD5 0FB6AA781E921EA3F77DB5EACE401DBF)
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (filesize 719616 bytes, MD5 0FB6AA781E921EA3F77DB5EACE401DBF)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (filesize 63840 bytes, MD5 22BDC1E6E606C9BAE68141D7099309AB)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (filesize 67112 bytes, MD5 92BE69A36A9504EDBA2CAB34A32B97B3)
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (filesize 643072 bytes, MD5 E5DB936B538AF8E770C870AB41C95B1D)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 558080 bytes, MD5 AAC1D4EE39DF138C5D30AC5883E3B59F)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1695232 bytes, MD5 3E930C641079443D4DE036167A69CAA2)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O15 - Trusted Zone: http://www.tucows.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn.concur.com/CACHE/stc/2/binaries/stcweb.cab
O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://tracker/trackdoc/trkpm660ie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170941139406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170941284812
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - http://domino4/sametime/STMeetingRoomClient/STJNILoader.cab
O16 - DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} (PVCS VM I-NET Client for MSIE) - http://dev5:82/vminet_images/vmi660ie.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meetingvisuals.webex.com/client/T23LSP33EP10/webex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rva.gelco.com
O17 - HKLM\Software\..\Telephony: DomainName = rva.gelco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{09470E17-F02B-4FC0-A004-F3816DF098FF}: NameServer = 172.17.16.167,172.17.16.168
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rva.gelco.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{09470E17-F02B-4FC0-A004-F3816DF098FF}: NameServer = 172.17.16.167,172.17.16.168
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dllC:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: AdminService for OpenEdge 10.0B (AdminService10.0B) - Unknown owner - c:\oe100b\bin\AdmSrvc.exec:\oe100b\bin\AdmSrvc.exe
O23 - Service: AdminService for OpenEdge 10.1B (AdminService10.1B) - Unknown owner - C:\oe101b\bin\AdmSrvc.exeC:\oe101b\bin\AdmSrvc.exe
O23 - Service: AdminService for OpenEdge 10.1C (AdminService10.1C) - Unknown owner - C:\oe101C\bin\AdmSrvc.exeC:\oe101C\bin\AdmSrvc.exe
O23 - Service: AdminService for PROGRESS 9.1C (AdminService9.1C) - Unknown owner - c:\dlc91c\bin\AdmSrvc.exec:\dlc91c\bin\AdmSrvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exeC:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exeC:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXEC:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exeC:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exeC:\notes\ntmulti.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\oracle\ora81\BIN\ONRSD.EXEc:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exeC:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeC:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SonicCSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exeC:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exe
O23 - Service: SonicCSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exeC:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exe
O23 - Service: SonicCSvr6.1 Server - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exeC:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exe
O23 - Service: SonicOSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exeC:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exe
O23 - Service: SonicOSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exeC:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exe
O23 - Service: SonicOSvr6.1 Server - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exeC:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exe
O23 - Service: SonicXSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exeC:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exe
O23 - Service: SonicXSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exeC:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exeC:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exec:\program files\lenovo\system update\suservice.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - c:\program files\timbuktu pro\tb2launch.exec:\program files\timbuktu pro\tb2launch.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeC:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exeC:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exeC:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exeC:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 27771 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,066
Unfortunately, we don't normally work on company computers as they have IT departments to handle those situations and most don't appreciate anyone else working on them. Do you not have an IT person?
 

kteveler

Thread Starter
Joined
Sep 24, 2008
Messages
10
oh. my dept is in a tiny little office in Reston VA. we only have about 10 people in our office. we used to be owned by a co. that was headquartered in MN, now we're owned by a co. that is headquartered in like Seattle. our little ofc used to have our own computer guru guy that would have helped me, but even he probably would have told me to post here. he's a big one on things like this.

the tech support people are in seattle and there is little to zero desktop support for us. the extent of their help would be download this spyware removal tool and run it. i KNOW my problem is gonna be waYYYY harder than that to fix because i've already TRIED all that.

it is my work laptop, but i have to bring it home every night and my kids use it because i don't have a personal computer at all. so i sorta feel like.. a) they won't be able to help me and it will waste many more days trying, and b) it's my responsibility because probably one of my kids screwed it up by going to a porn site and 'catching' something.

i have McAfee VirusScan Enterprise loaded and i've scanned twice in the last week and it finds nothing - although it has added stuff to the "Exclude" list, which i keep removing. i've tried spybot S&D - finds nothing except cookies. i've tried pest patrol - finds nothing except cookies.

i've been reading these posts and am afraid to try any of this stuff because i don't know what i'm doing am know enough to realize i could really screw things up. i have to use this laptop for my job and it's giving me fits.

if no one will/can really help me, i understand. or if i need to go my company tech support route FIRST, then i will. but i really think i will be back here or in the same place, at any rate.

i guess, please let me know whether or not someone will not or will help me?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,066
We can make an exception and continue on but you MUST make backups of any company work or projects, important data, pictures, etc. either to CDs or an external hard drive before proceeding. You never know how an unstable system will react when running some tools and removing the malware present and we don't want you to lose anything in the event of a total system crash.

Once you've done that then please proceed with the following:

Please download Malwarebytes Anti-Malware form Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
 

kteveler

Thread Starter
Joined
Sep 24, 2008
Messages
10
Hi! it took wayyyy longer to copy my files to CD that it did to run MBAM.

At any rate, it found one thing (Trojan.Agent) and says it destroyed it. the log is below as well as a HJT log which i ran next.

then i opened Firefox to post them and it immediately gave me this message (no dialog box questions or anything first) "Firefox is installing your updates and will start in a few minutes."

still can't login to Hotmail from Firefox. So whatever is causing that is still a problem. i don't know if the "update" was real or this thing... :-(

Also - the settings tab of MBAM did not have the Terminate IE during Removal checked, but all the other boxes were checked. I left it as it was, but am wondering it this was correct.
Thanks again!!
here are the logs:
-------------------------------------
Malwarebytes' Anti-Malware 1.28
Database version: 1216
Windows 5.1.2600 Service Pack 3

9/27/2008 9:52:28 PM
mbam-log-2008-09-27 (21-52-28).txt

Scan type: Quick Scan
Objects scanned: 59728
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

--------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:52 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\oe101C\bin\AdmSrvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exe
C:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exe
C:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exe
C:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exe
C:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exe
C:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\oe101C\jre\bin\java.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exe
C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exe
C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnserver.exe
C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnserver.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\oe101C\jre\bin\java.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.128.4:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.gelco.com;<local>
O1 - Hosts: 172.16.8.1 xedia.rva.gelco.com xedia
O1 - Hosts: 172.16.8.2 cisco-3750-pri.rva.gelco.com cisco-3750-pri
O1 - Hosts: 172.16.8.4 gelco-wap.rva.gelco.com gelco-wap
O1 - Hosts: 172.16.8.5 fibre-sw1.rva.gelco.com fibre-sw1
O1 - Hosts: 172.16.8.6 fibre-sw2.rva.gelco.com fibre-sw2
O1 - Hosts: 172.16.8.7 pix506e-inbound.rva.gelco.com pix506e-inbound
O1 - Hosts: 172.16.8.8 pix506e-outbound.rva.gelco.com pix506e-outbound
O1 - Hosts: 172.16.8.11 callpilot3-clan.rva.gelco.com callpilot3-clan
O1 - Hosts: 172.16.8.12 callpilot3-ras1.rva.gelco.com callpilot3-ras1
O1 - Hosts: 172.16.8.13 callpilot3-ras2.rva.gelco.com callpilot3-ras2
O1 - Hosts: 172.16.8.20 lj2100tn.rva.gelco.com lj2100tn
O1 - Hosts: 172.16.8.21 hp8000.rva.gelco.com hp8000
O1 - Hosts: 172.16.8.22 bigone.rva.gelco.com bigone
O1 - Hosts: 172.16.8.23 lj4dev.rva.gelco.com lj4dev
O1 - Hosts: 172.16.8.24 lj4sales.rva.gelco.com lj4sales
O1 - Hosts: 172.16.8.25 canon-ir3300.rva.gelco.com canon-ir3300
O1 - Hosts: 172.16.8.26 canon-ir3570.rva.gelco.com canon-ir3570
O1 - Hosts: 172.16.8.27 hp8150.rva.gelco.com hp8150
O1 - Hosts: 172.16.8.28 cts-wst-canon.rva.gelco.com cts-wst-canon
O1 - Hosts: 172.16.8.29 jthomasps.rva.gelco.com jthomasps
O1 - Hosts: 172.16.8.50 titan.rva.gelco.com titan
O1 - Hosts: 172.16.8.51 travel.rva.gelco.com travel
O1 - Hosts: 172.16.8.52 dtsdctom.rva.gelco.com dtsdctom
O1 - Hosts: 172.16.8.53 reston.rva.gelco.com reston
O1 - Hosts: 172.16.8.54 faxserver.rva.gelco.com faxserver
O1 - Hosts: 172.16.8.58 passpoint.rva.gelco.com passpoint
O1 - Hosts: 172.16.8.60 cts-dc-prime.rva.gelco.com cts-dc-prime
O1 - Hosts: 172.16.8.61 cts-dc-backup.rva.gelco.com cts-dc-backup
O1 - Hosts: 172.16.8.62 cts-srv-fs01.rva.gelco.com cts-srv-fs01
O1 - Hosts: 172.16.8.67 cts-srv-sc.rva.gelco.com cts-srv-sc
O1 - Hosts: 172.16.8.101 dev1.rva.gelco.com dev1
O1 - Hosts: 172.16.8.102 dev2.rva.gelco.com dev2
O1 - Hosts: 172.16.8.103 dev3.rva.gelco.com dev3
O1 - Hosts: 172.16.8.104 dev4.rva.gelco.com dev4
O1 - Hosts: 172.16.8.105 dev5.rva.gelco.com dev5 mail mailhost
O1 - Hosts: 172.16.8.106 dev6.rva.gelco.com dev6
O1 - Hosts: 172.16.8.107 dev7.rva.gelco.com dev7
O1 - Hosts: 172.16.8.122 cts-srv-dl580.rva.gelco.com cts-srv-dl580
O1 - Hosts: 172.16.8.125 dev-srv-windev1.rva.gelco.com dev-srv-windev1
O1 - Hosts: 172.16.8.130 devnt.rva.gelco.com devnt
O1 - Hosts: 172.16.8.131 tracker.rva.gelco.com tracker
O1 - Hosts: 172.16.8.140 netra.rva.gelco.com netra
O1 - Hosts: 172.16.8.151 dev151.rva.gelco.com dev151
O1 - Hosts: 172.16.8.152 gim.rva.gelco.com gim
O1 - Hosts: 172.16.8.160 hp9000.rva.gelco.com hp9000
O1 - Hosts: 172.16.8.162 dev-srv-dpw1.rva.gelco.com dev-srv-dpw1
O1 - Hosts: 172.16.8.163 dev-srv-dpw2.rva.gelco.com dev-srv-dpw2
O1 - Hosts: 172.16.8.170 gelcocdgs.rva.gelco.com gelcocdgs
O1 - Hosts: 172.16.8.171 nexsan.rva.gelco.com nexsan
O1 - Hosts: 172.16.8.204 dev4-main.rva.gelco.com dev4-main
O1 - Hosts: 172.16.8.205 dev5-main.rva.gelco.com dev5-main
O1 - Hosts: 172.16.8.206 dev6-main.rva.gelco.com dev6-main
O1 - Hosts: 172.16.8.207 dev7-main.rva.gelco.com dev7-main
O1 - Hosts: 172.16.8.220 dev7-gtm90.rva.gelco.com dev7-gtm90
O1 - Hosts: 172.16.8.221 dev7-test.rva.gelco.com dev7-test
O1 - Hosts: 172.16.8.222 dev7-vm.rva.gelco.com dev7-vm
O1 - Hosts: 172.16.8.223 dev7-oe101a.rva.gelco.com dev7-oe101a
O1 - Hosts: 172.16.8.224 dev7-teamtrack.rva.gelco.com dev7-teamtrack
O1 - Hosts: 172.16.8.225 dev7-lforsyth.rva.gelco.com dev7-lforsyth
O1 - Hosts: 172.16.8.226 dev7-www.rva.gelco.com dev7-www
O1 - Hosts: 172.16.8.223 dev7-gtm91.rva.gelco.com dev7-gtm91
O1 - Hosts: 172.16.9.1 rali.rva.gelco.com rali
O1 - Hosts: 172.16.9.2 canderson.rva.gelco.com canderson
O1 - Hosts: 172.16.9.4 abeatley.rva.gelco.com abeatley
O1 - Hosts: 172.16.9.9 canderson-w2k.rva.gelco.com canderson-w2k
O1 - Hosts: 172.16.9.10 dclark.rva.gelco.com dclark
O1 - Hosts: 172.16.9.17 njarrett.rva.gelco.com njarrett
O1 - Hosts: 172.16.9.11 adm-wst-ship.rva.gelco.com adm-wst-ship
O1 - Hosts: 172.16.9.18 qa-wst-jforsyth.rva.gelco.com qa-wst-jforsyth
O1 - Hosts: 172.16.9.20 keveler.rva.gelco.com keveler
O1 - Hosts: 172.16.9.33 lhedrick.rva.gelco.com lhedrick
O1 - Hosts: 172.16.9.50 jmartini.rva.gelco.com jmartini
O1 - Hosts: 172.16.9.53 kmeagher.rva.gelco.com kmeagher
O1 - Hosts: 172.16.9.61 coppy.rva.gelco.com coppy
O1 - Hosts: 172.16.9.62 foveisitork.rva.gelco.com foveisitork
O1 - Hosts: 172.16.9.65 jpodgorny.rva.gelco.com jpodgorny
O1 - Hosts: 172.16.9.76 jmeyer.rva.gelco.com jmeyer
O1 - Hosts: 172.16.9.78 njarrett-laptop.rva.gelco.com njarrett-laptop
O1 - Hosts: 172.16.9.79 jthomas.rva.gelco.com jthomas
O1 - Hosts: 172.16.9.81 dtrinh.rva.gelco.com dtrinh
O1 - Hosts: 172.l6.9.91 rrai.rva.gelco.com rrai
O1 - Hosts: 172.16.9.97 ralli.rva.gelco.com ralli
O1 - Hosts: 172.16.9.98 jmartini-w2kpro.rva.gelco.com jmartini-w2kpro
O1 - Hosts: 172.16.9.99 dstarkey.rva.gelco.com dstarkey
O1 - Hosts: 172.16.9.200 cts-srv-asp2000.rva.gelco.com cts-srv-asp2000
O1 - Hosts: 172.16.9.225 cts-wst-kenr.rva.gelco.com cts-wst-kenr
O1 - Hosts: 172.16.10.11 dnt-laptop.rva.gelco.com dnt-laptop
O1 - Hosts: 172.16.10.14 dnt-w2ksrv.rva.gelco.com dnt-w2ksrv
O1 - Hosts: 172.16.10.15 sol10x86.rva.gelco.com sol10x86
O1 - Hosts: 172.16.10.17 cts-wxp-dtrinh.rva.gelco.com cts-wxp-dtrinh
O1 - Hosts: 172.16.10.18 zone-app.rva.gelco.com zone-app
O1 - Hosts: 172.16.10.19 zone-db.rva.gelco.com zone-db
O1 - Hosts: 172.16.10.30 titan42.rva.gelco.com titan42
O1 - Hosts: 172.16.10.31 technt40.rva.gelco.com technt40
O1 - Hosts: 172.16.10.32 techw2kpro.rva.gelco.com techw2kpro
O1 - Hosts: 172.16.10.34 cts-wst-techsup.rva.gelco.com cts-wst-techsup
O1 - Hosts: 172.16.10.51 imp01.rva.gelco.com imp01
O1 - Hosts: 172.16.10.52 imp02.rva.gelco.com imp02
O1 - Hosts: 172.16.10.55 sonic100.rva.gelco.com sonic100
O1 - Hosts: 172.16.10.59 pso59.rva.gelco.com pso59
O1 - Hosts: 172.16.10.60 ghost.rva.gelco.com ghost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O15 - Trusted Zone: http://www.tucows.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn.concur.com/CACHE/stc/2/binaries/stcweb.cab
O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://tracker/trackdoc/trkpm660ie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170941139406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170941284812
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - http://domino4/sametime/STMeetingRoomClient/STJNILoader.cab
O16 - DPF: {CCF028C4-4631-11D3-90BD-00A0C9B727E1} (PVCS VM I-NET Client for MSIE) - http://dev5:82/vminet_images/vmi660ie.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meetingvisuals.webex.com/client/T23LSP33EP10/webex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rva.gelco.com
O17 - HKLM\Software\..\Telephony: DomainName = rva.gelco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rva.gelco.com
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: AdminService for OpenEdge 10.0B (AdminService10.0B) - Unknown owner - c:\oe100b\bin\AdmSrvc.exe
O23 - Service: AdminService for OpenEdge 10.1B (AdminService10.1B) - Unknown owner - C:\oe101b\bin\AdmSrvc.exe
O23 - Service: AdminService for OpenEdge 10.1C (AdminService10.1C) - Unknown owner - C:\oe101C\bin\AdmSrvc.exe
O23 - Service: AdminService for PROGRESS 9.1C (AdminService9.1C) - Unknown owner - c:\dlc91c\bin\AdmSrvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - c:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicCSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\bin\osserver.exe
O23 - Service: SonicCSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\bin\oscmgr6.exe
O23 - Service: SonicCSvr6.1 Server - eXcelon Corp. - C:\Sonic61\CServer6.1\XMLDatabase\BIN\xlnadmin.exe
O23 - Service: SonicOSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\bin\osserver.exe
O23 - Service: SonicOSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\bin\oscmgr6.exe
O23 - Service: SonicOSvr6.1 Server - eXcelon Corp. - C:\Sonic61\OServer6.1\XMLDatabase\BIN\xlnadmin.exe
O23 - Service: SonicXSvr6.1 DB Server - eXcelon Corp. - C:\Sonic61\XServer6.1\XMLDatabase\bin\osserver.exe
O23 - Service: SonicXSvr6.1 Lock Manager - eXcelon Corp. - C:\Sonic61\XServer6.1\XMLDatabase\bin\oscmgr6.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - c:\program files\timbuktu pro\tb2launch.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 21996 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,066
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version (it's the fifith one down the list :

Java Runtime Environment (JRE) 6 Update 7


Instructions for Kaspersky scan:

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
 

kteveler

Thread Starter
Joined
Sep 24, 2008
Messages
10
hi cookiegal. thanks for checking back!
i am currently running the kapersky scan. it's been running....2 hrs 22 mins. it's at 93,000+ files. i think there are about 280,000+, give or take a few k, based on some other scan i've run in the last week, so it will be a lonngggg time i'm guessin'. i will post the log when it's done.
kt
 

kteveler

Thread Starter
Joined
Sep 24, 2008
Messages
10
ok! it finished. it was only 184,000+ files. It found absolutely nothing. here's the report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 28, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 28, 2008 18:19:24
Records in database: 1268426
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
T:\
U:\

Scan statistics:
Files scanned: 184047
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:15:38

No malware has been detected. The scan area is clean.

The selected area was scanned.
-------------------------------

after the first thing i ran (MBAM) that you told me to, i tried to login to hotmail from firefox and couldn't, after entering the userid/passwd, i got the same... error, i think page not found or something. and then after i posted my logs i tried again and couldn't even get to www.hotmail.com page! same error there. before i could get to the hotmail.com main sign in page, enter my stuff, and only then get the error. now i couldn't even get to the first page.

BUT... *here* is the wierd thing. i just tried it again. and i can login FINE. even though (as far as i know) nothing changed. I can also get to microsoft.com from I.E., which i couldn't before either. Does this mean i'm ok?
kt
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,066
So all of the problems are fixed now?
 

kteveler

Thread Starter
Joined
Sep 24, 2008
Messages
10
i think so. i've gone to all my regular web sites and any that i remember were suddenly not available (that i can remember). everything seems to be working fine.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,066
Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.

In the System Restore wizard, select Create a restore point and click the Next button.

Type a name for your new restore point then click on Create.


I also recommend downloading SPYWAREBLASTER for added protection.

Read here for info on how to tighten your security.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top