Jump to content

Remove HelpAssistant


JKW

Recommended Posts

I have a Lenovo N200 0769AUU laptop with Windows XP Professional. Recently, it has been very sluggish and often will stall. I then have to perform a cold boot in order for it to even run, and then it will only run for a while. I've noticed that there is a HelpAssitant user and a user folder as well. I have disabled this user, but the moment I log out and log back in, the HelpAssistant user is available again. Also, I have been trying to load AVG 9.0 on this computer, but I keep receiving an error message. I think this is all connected to the same issue. Any and all help would be appreciated. Thank you!

Link to post
Share on other sites

Here is my HiJackThis logfile.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:33:10 PM, on 3/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lenovo\PM Driver\PMSveH.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\rpcnet.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\lenovo\system update\suservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\gbrewer.PALCO\Desktop\tools.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.usd269.k12.ks.us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Palco.local

O17 - HKLM\Software\..\Telephony: DomainName = Palco.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Palco.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Palco.local

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Palco.local

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)

O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Fingerprint Server (FingerprintServer) - Unknown owner - C:\WINDOWS\system32\FpLogonServ.exe (file missing)

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (file missing)

O23 - Service: Pure Networks Network Magic Service (nmservice) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (file missing)

O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 9471 bytes

Link to post
Share on other sites

Hi JKW,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Link to post
Share on other sites

I don't know if this will help, but I'm posting the DDS.txt file and Attach.txt files.

DDS (Ver_09-12-01.01) - NTFSx86

Run by gbrewer at 14:35:04.95 on Wed 03/10/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.544 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Lenovo\PM Driver\PMSveH.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\rpcnet.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\lenovo\system update\suservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\gbrewer.PALCO\Local Settings\Temporary Internet Files\Content.IE5\7WKHPK7V\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = www.usd269.k12.ks.us

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [PMHandler] c:\progra~1\lenovo\pmdriv~1\PMHandler.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} -

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-5-24 10240]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

R2 FNF5SVC;Fn+F5 Service;c:\program files\lenovo\hotkey\FnF5svc.exe [2007-5-10 54832]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\fplogonserv.exe --> c:\windows\system32\FpLogonServ.exe [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-03-10 20:09:27 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure

2010-03-10 19:20:20 0 d-sh--w- c:\documents and settings\gbrewer.palco\IECompatCache

2010-03-10 19:20:08 0 d-sh--w- c:\documents and settings\gbrewer.palco\PrivacIE

2010-03-10 19:20:05 0 d-sh--w- c:\documents and settings\gbrewer.palco\IETldCache

2010-03-10 16:52:03 0 d-----w- c:\docume~1\gbrewe~1.pal\applic~1\SUPERAntiSpyware.com

2010-03-10 16:32:53 0 d-----w- c:\docume~1\gbrewe~1.pal\applic~1\Lenovo

2010-03-10 16:16:19 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-03-10 16:16:13 0 d-----w- c:\program files\SUPERAntiSpyware

2010-03-10 16:15:52 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-03-10 15:23:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-10 15:23:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 15:23:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-10 15:23:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-10 15:01:26 0 d-----w- C:\logs

2010-03-10 15:00:56 0 d-----w- c:\program files\Lenovo Hard Drive Quick Test

2010-03-10 14:47:35 21376 ----a-w- c:\windows\system32\drivers\psadd.sys

2010-03-10 14:42:29 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-03-09 21:02:12 0 d-----w- c:\windows\system32\wbem\Repository

2010-03-09 21:01:26 0 d-----w- c:\program files\Picasa2

2010-03-09 21:00:36 0 d-----w- c:\program files\MSXML 4.0

2010-03-09 21:00:35 0 d-----w- c:\program files\MSXML 6.0

2010-03-09 19:58:56 0 d-----w- c:\windows\WLTB Custom Button Feeds

2010-03-05 20:40:07 0 d-----w- C:\$AVG

2010-03-05 20:39:57 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll

2010-03-05 20:39:40 0 d-----w- c:\windows\system32\drivers\Avg(2)

2010-03-05 20:39:26 0 d-----w- c:\program files\AVG

2010-03-05 20:39:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

==================== Find3M ====================

2010-03-10 19:17:07 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2010-03-10 19:17:05 56680 ----a-w- c:\windows\system32\rpcnet.dll

2010-02-21 21:06:44 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-02-07 02:23:32 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2010-02-04 19:25:16 56680 ----a-w- c:\windows\system32\rpcnet.exe

2010-02-02 21:23:18 44544 ----a-w- c:\windows\system32\agremove.exe

2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys

2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe

2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll

2008-08-13 04:49:16 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2008-11-25 19:30:09 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112520081126\index.dat

============= FINISH: 14:35:27.96 ===============

Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/26/2008 1:28:26 AM

System Uptime: 3/10/2010 1:16:26 PM (1 hours ago)

Motherboard: LENOVO | | IEL10

Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz | U2E1 | 1862/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 127.725 GiB free.

D: is FIXED (FAT32) - 6 GiB total, 2.548 GiB free.

E: is CDROM ()

M: is NetworkDisk (NTFS) - 145 GiB total, 96.241 GiB free.

S: is NetworkDisk (NTFS) - 145 GiB total, 96.241 GiB free.

U: is NetworkDisk (NTFS) - 1 GiB total, 11.426 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP46: 12/10/2009 6:42:40 PM - Software Distribution Service 3.0

RP47: 12/11/2009 7:04:18 PM - System Checkpoint

RP48: 12/12/2009 9:10:14 AM - Avg8 Update

RP49: 12/12/2009 9:11:00 AM - Avg8 Update

RP50: 12/13/2009 10:04:18 AM - System Checkpoint

RP51: 12/14/2009 11:04:18 AM - System Checkpoint

RP52: 12/16/2009 2:15:39 PM - System Checkpoint

RP53: 12/17/2009 3:36:50 PM - Installed Windows Media Player 10

RP54: 12/17/2009 3:41:00 PM - Software Distribution Service 3.0

RP55: 1/4/2010 12:10:08 PM - Software Distribution Service 3.0

RP56: 1/4/2010 12:11:05 PM - Avg8 Update

RP57: 1/5/2010 11:46:51 AM - Software Distribution Service 3.0

RP58: 1/7/2010 12:05:56 PM - System Checkpoint

RP59: 1/8/2010 1:54:53 PM - System Checkpoint

RP60: 1/11/2010 12:52:22 PM - System Checkpoint

RP61: 1/12/2010 1:52:48 PM - System Checkpoint

RP62: 1/13/2010 3:00:15 AM - Software Distribution Service 3.0

RP63: 1/14/2010 3:32:21 AM - System Checkpoint

RP64: 1/15/2010 12:50:18 PM - System Checkpoint

RP65: 1/17/2010 11:43:31 AM - System Checkpoint

RP66: 1/18/2010 1:04:19 PM - System Checkpoint

RP67: 1/19/2010 1:29:28 PM - System Checkpoint

RP68: 1/20/2010 2:19:00 PM - System Checkpoint

RP69: 1/25/2010 11:42:38 AM - Software Distribution Service 3.0

RP70: 1/26/2010 2:22:18 PM - System Checkpoint

RP71: 1/29/2010 10:51:54 PM - System Checkpoint

RP72: 2/2/2010 12:05:35 PM - Avg8 Update

RP73: 2/3/2010 2:22:57 PM - System Checkpoint

RP74: 2/4/2010 2:55:15 PM - System Checkpoint

RP75: 2/5/2010 2:57:52 PM - System Checkpoint

RP76: 2/9/2010 2:23:07 PM - System Checkpoint

RP77: 2/10/2010 1:53:10 PM - Software Distribution Service 3.0

RP78: 2/15/2010 8:16:35 AM - System Checkpoint

RP79: 2/18/2010 12:37:16 PM - System Checkpoint

RP80: 2/21/2010 5:40:59 PM - System Checkpoint

RP81: 2/22/2010 6:09:06 PM - System Checkpoint

RP82: 2/24/2010 12:47:12 PM - System Checkpoint

RP83: 2/25/2010 5:59:39 AM - Software Distribution Service 3.0

RP84: 2/28/2010 2:18:28 PM - System Checkpoint

RP85: 3/2/2010 12:29:04 PM - System Checkpoint

RP86: 3/4/2010 2:21:58 PM - System Checkpoint

RP87: 3/5/2010 2:04:06 PM - Removed AVG Free 8.5

RP88: 3/5/2010 2:06:37 PM - Installed AVG Free 8.5

RP89: 3/5/2010 2:07:15 PM - Removed J2SE Runtime Environment 5.0 Update 6

RP90: 3/5/2010 2:08:27 PM - Removed Network Magic

RP91: 3/5/2010 2:39:25 PM - Installed AVG Free 9.0

RP92: 3/9/2010 9:34:43 AM - System Checkpoint

RP93: 3/9/2010 10:04:17 AM - Configured AVG Free 9.0

RP94: 3/9/2010 11:02:50 AM - Avg8 Update

RP95: 3/9/2010 2:04:09 PM - march 9

RP96: 3/9/2010 2:06:13 PM - Removed Corel Snapfire Plus

RP97: 3/9/2010 2:07:29 PM - Removed Corel Business Center

RP98: 3/9/2010 2:09:22 PM - Removed Windows Live Toolbar

RP99: 3/9/2010 2:16:31 PM - Removed Microsoft Office 2003 Web Components

RP100: 3/9/2010 2:19:00 PM - Removed Microsoft SQL Server Native Client

RP101: 3/9/2010 2:19:24 PM - Removed Microsoft SQL Server Setup Support Files (English)

RP102: 3/9/2010 2:19:53 PM - Removed Microsoft SQL Server VSS Writer

RP103: 3/9/2010 2:20:25 PM - Removed Microsoft Visual C++ 2005 Redistributable

RP104: 3/9/2010 2:21:05 PM - Removed MSXML 4.0 SP2 (KB927978)

RP105: 3/9/2010 2:21:37 PM - Removed MSXML 4.0 SP2 (KB954430)

RP106: 3/9/2010 2:21:48 PM - Removed MSXML 4.0 SP2 (KB973688)

RP107: 3/9/2010 2:21:58 PM - Removed MSXML 6.0 Parser

RP108: 3/9/2010 2:52:55 PM - Configured AVG Free 9.0

RP109: 3/9/2010 2:59:05 PM - Restore Operation

RP110: 3/10/2010 8:43:09 AM - Software Distribution Service 3.0

RP111: 3/10/2010 10:16:13 AM - Installed SUPERAntiSpyware Free Edition

RP112: 3/10/2010 11:45:30 AM - Removed Corel Snapfire Plus

RP113: 3/10/2010 11:46:01 AM - Removed Corel Business Center

RP114: 3/10/2010 11:46:47 AM - Removed Windows Live Toolbar

==== Installed Programs ======================

Access Help

Adobe Flash Player 10 ActiveX

Adobe Reader 8

Agere Systems HDA Modem

Amazon MP3 Downloader 1.0.9

Broadcom 802.11 Network Adapter

Broadcom Gigabit Integrated Controller

Business Contact Manager for Outlook 2007 SP1

Coupon Printer for Windows

Diskeeper Lite

Help Center

High Definition Audio Driver Package - KB888111

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Integrated Camera

Intel® Graphics Media Accelerator Driver

InterVideo Register Manager

InterVideo WinDVD

InterVideo WinDVD Creator 3

J2SE Runtime Environment 5.0 Update 6

Java 6 Update 17

Lenovo Care

Lenovo Care Supplement

Lenovo Hard Drive Quick Test

Lenovo PM Driver

Lenovo Registration

Maintenance Manager

Malwarebytes' Anti-Malware

Message Center

Message Center Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Professional

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Small Business Connectivity Components

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

Network Magic

On Screen Display

PC-Doctor 5 for Windows

Picasa 2

PM Driver

Presentation Director

Realtek High Definition Audio Driver

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32

Roxio Digital Media LE

Roxio Express Labeler

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB978262)

Sonic Icons for Lenovo

Sonic Update Manager

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

System Update

ThinkPad Hotkey Features Setup

ThinkPad PC Card Power Policy

ThinkVantage Technologies Welcome Message

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Wallpapers

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office X3

XP Themes

==== Event Viewer Messages From Past Week ========

3/9/2010 3:05:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 AvgTdiX

3/9/2010 3:05:10 PM, error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The system cannot find the path specified.

3/9/2010 3:05:10 PM, error: Service Control Manager [7000] - The rpcnetp service failed to start due to the following error: %1 is not a valid Win32 application.

3/9/2010 3:05:10 PM, error: Service Control Manager [7000] - The Pure Networks Network Magic Service service failed to start due to the following error: The system cannot find the path specified.

3/9/2010 3:05:10 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The system cannot find the path specified.

3/9/2010 2:53:30 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG9\avgfrw.exe. Reference error message: The operation completed successfully. .

3/9/2010 2:41:21 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG9\avgui.exe. Reference error message: The operation completed successfully. .

3/9/2010 2:40:24 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVG\AVG9\avgtray.exe. Reference error message: The operation completed successfully. .

3/9/2010 2:38:35 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .

3/9/2010 2:38:35 PM, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\AVG\AVG9\avgtray.exe. Reference error message: The operation completed successfully. .

3/9/2010 2:38:35 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.

3/8/2010 1:00:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TSMAPIP

3/8/2010 1:00:15 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2010 1:00:15 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2010 1:00:15 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2010 1:00:15 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

3/6/2010 10:38:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/6/2010 10:35:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm TSMAPIP

3/5/2010 3:25:15 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001FE1C76071. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

3/10/2010 2:12:18 PM, error: Service Control Manager [7000] - The F-Secure BlackLight Engine Driver service failed to start due to the following error: A device attached to the system is not functioning.

==== End Of File ===========================

Link to post
Share on other sites

Hi JKW,

Check MBR

  • Download the file MBR.exe and save it to the desktop
  • Open Notepad.
  • Copy/paste the following text into the empty Notepad window.
    @echo off
    "%userprofile%\desktop\mbr.exe"
    start notepad mbr.log


  • Save the file as mbrfix.bat on your desktop. Save it with the file type... all types *.*.
  • Double click the file mbrfix.bat to execute.
  • Post the contents of mbr.log in your next reply

HAMeb_check

Download and run HAMeb_check.exe

Post the contents of the resulting log and the results from mbr.log in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.