Here is the attach.txt. The S.dirmngr in dds.txt looks strange, I don't recall installing anything or creating that... GMER will be in my next post as I'm shutting down Firefox...
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-03-23 6:02:59 PM
System Uptime: 2009-12-16 9:51:20 AM (1 hours ago)
Motherboard: LENOVO | | 224235U
Processor: Intel Pentium III Xeon processor | None | 2260/266mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 4.345 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
==== System Restore Points ===================
RP235: 2009-11-21 10:58:28 PM - System Checkpoint
RP236: 2009-11-23 3:55:03 AM - System Checkpoint
RP237: 2009-11-23 1:41:39 PM - Installed Compatibility Pack for the 2007 Office system
RP238: 2009-11-24 1:51:21 PM - System Checkpoint
RP239: 2009-11-25 2:14:43 PM - System Checkpoint
RP240: 2009-11-26 4:02:55 PM - System Checkpoint
RP241: 2009-11-27 5:16:47 PM - System Checkpoint
RP242: 2009-11-28 6:04:47 PM - System Checkpoint
RP243: 2009-11-29 7:05:51 PM - System Checkpoint
RP244: 2009-11-30 8:04:45 PM - System Checkpoint
RP245: 2009-12-02 2:43:26 AM - System Checkpoint
RP246: 2009-12-03 3:39:15 AM - System Checkpoint
RP247: 2009-12-03 3:00:00 PM - Software Distribution Service 3.0
RP248: 2009-12-04 10:10:15 PM - System Checkpoint
RP249: 2009-12-05 11:29:55 PM - System Checkpoint
RP250: 2009-12-06 11:58:20 PM - System Checkpoint
RP251: 2009-12-08 12:13:04 AM - System Checkpoint
RP252: 2009-12-09 1:17:37 AM - Software Distribution Service 3.0
RP253: 2009-12-10 2:15:06 AM - System Checkpoint
RP254: 2009-12-10 8:40:16 AM - Software Distribution Service 3.0
RP255: 2009-12-11 7:58:13 PM - System Checkpoint
RP256: 2009-12-12 8:47:20 PM - System Checkpoint
RP257: 2009-12-13 8:49:34 PM - System Checkpoint
RP258: 2009-12-14 8:59:40 PM - System Checkpoint
RP259: 2009-12-15 9:19:20 PM - System Checkpoint
==== Installed Programs ======================
ACDSee Classic
Adobe Flash Player 10 Plugin
ALLDATA Repair
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Extreme
Audacity 1.2.6
AviSynth 2.5
CDisplay 1.8
Cisco Systems VPN Client 4.8.00.0440
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CutePDF Writer 2.6
dBpoweramp DirectShow Decoder
dBpoweramp DSP Effects
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
Foxit Reader
Gpg4win (2.0.1)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ImgBurn
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD
iPhone Configuration Utility
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 13
K-Lite Codec Pack 4.7.0 (Full)
LiveUpdate 3.0 (Symantec Corporation)
MediaInfo 0.7.12
MeGUI modern media encoder (remove only)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
QuickPar 0.9
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Symantec AntiVirus
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Access Connections
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VideoLAN VLC media player 0.8.6e
ViewMail
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
WinRAR archiver
XviD4PSP 5.0
==== Event Viewer Messages From Past Week ========
2009-12-14 7:42:57 PM, error: Dhcp [1002] - The IP address lease 10.0.65.111 for the Network Card with network address 0016EABACE5A has been denied by the DHCP server 172.16.0.1 (The DHCP Server sent a DHCPNACK message).
2009-12-14 11:40:16 AM, error: Dhcp [1002] - The IP address lease 172.16.0.16 for the Network Card with network address 0016EABACE5A has been denied by the DHCP server 10.0.70.10 (The DHCP Server sent a DHCPNACK message).
2009-12-10 8:11:27 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
2009-12-09 11:09:16 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
2009-12-09 1:07:35 PM, error: Service Control Manager [7000] - The SOFTLOK service failed to start due to the following error: The system cannot find the file specified.
==== End Of File ===========================
Here is the dds.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by glau at 10:43:53.52 on 2009-12-16
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.993 [GMT -5:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\GNU\GnuPG\kleopatra.exe
C:\Program Files\GNU\GnuPG\bin\dbus-daemon.exe
C:\Program Files\GNU\GnuPG\bin\kleopatra.exe
C:\Program Files\GNU\GnuPG\gpg-agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\glau.TUCOWSAD\Desktop\dds.scr
============== Pseudo HJT Report ===============
uWindow Title = Microsoft Internet Explorer
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-system: MaxGPOScriptWait = 1000 (0x3e8)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
hxxp://pcpitstop.com/pcpitstop/PCPitStop.CABDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
hxxp://office.microsoft.com/officeupdat ... /opuc4.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabNotify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
LSA: Notification Packages = scecli ACGina
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\glau~1.tuc\applic~1\mozilla\firefox\profiles\kuuoejwe.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.formula1.com/FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-4-6 96384]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2009-9-28 242176]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2009-5-25 14416]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-3-31 66816]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-10-20 243856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-31 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091213.008\naveng.sys [2009-12-15 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091213.008\navex15.sys [2009-12-15 1323568]
S2 SOFTLOK;SOFTLOK; [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\atswpwdf.sys --> c:\windows\system32\drivers\ATSwpWDF.sys [?]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2009-5-25 44344]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-9-1 17408]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
=============== Created Last 30 ================
2009-12-16 14:51:57 21 ----a-w- c:\windows\S.dirmngr
2009-12-14 22:16:35 0 d-----w- c:\docume~1\glau\applic~1\Foxit Software
2009-11-23 18:41:30 0 d-----w- c:\program files\MSECache
2009-11-19 15:52:06 0 d-----w- c:\docume~1\glau\applic~1\dBpoweramp
2009-11-19 15:52:05 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.bmp
2009-11-19 15:52:05 2738 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
2009-11-19 15:45:25 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
2009-11-19 15:45:25 3065 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2009-11-19 15:44:21 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
2009-11-19 15:44:21 3107 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2009-11-19 15:44:00 3625 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2009-11-19 15:44:00 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2009-11-19 15:40:02 0 d-----w- c:\docume~1\glau\applic~1\AccurateRip
2009-11-19 15:40:01 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2009-11-19 15:40:01 11024 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2009-11-19 15:39:55 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-11-19 15:39:55 15607 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-11-19 15:39:54 229752 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-11-19 15:39:51 0 d-----w- c:\program files\Illustrate
2009-11-16 17:13:38 0 d-----w- c:\program files\CDisplay
==================== Find3M ====================
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-21 18:57:51 61224 ----a-w- c:\documents and settings\glau\GoToAssistDownloadHelper.exe
2009-09-20 20:43:38 81736 ----a-w- c:\windows\system32\lmdimon8.dll
============= FINISH: 10:44:14.38 ===============