The computer is no longer receiving these popups, although my clock is now acting a little funny (it's showing military time). Also, my ability to use my browsers has been restored. Thank you very much for your help!
Here are the logs you've requested. First, the Scan Report from Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 06, 2008 15:46:32
Records in database: 1440480
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 134099
Threat name: 5
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:48:42
File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06840000\4FBC4609.VBN Infected: Backdoor.Win32.TDSS.blh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B900000.VBN Infected: Trojan.Win32.Agent.arvz 1
C:\Documents and Settings\jaddison\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\jaddison\Desktop\SmitfraudFix(5).exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\WINDOWS\crazaa.exe Infected: not-a-virus:Porn-Tool.Win32.Porn2Peer.d 1
C:\WINDOWS\system32\mi2.exe Infected: not-a-virus:AdWare.Win32.Mostofate.j 1
The selected area was scanned.
Next, the second ComboFix log:
ComboFix 08-12-06.01 - jaddison 2008-12-06 13:34:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1350 [GMT -5:00]
Running from: c:\documents and settings\jaddison\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jaddison\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-06-21 23:38 30,280 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 79,432 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 71,240 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 140,872 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 38,472 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 46,664 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 34,376 ----a-w c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 685,640 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 30,280 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 67,752 2006-12-22 11:29:56 c:\program files\Adobe\Photoshop Elements 5.0\bak\apdproxy.exe
----a-w 925,696 2005-05-20 13:11:06 c:\program files\Analog Devices\Core\bak\smax4pnp.exe
----a-w 716,800 2005-05-06 19
12 c:\program files\Analog Devices\SoundMAX\bak\Smax4.exe
----a-w 90,112 2006-05-10 15:12:06 c:\program files\ATI Technologies\ATI.ACE\bak\CLIStart.exe
----a-w 1,197,648 2006-10-17 01:40:00 c:\program files\Canon\MyPrinter\bak\BJMyPrt.exe
----a-w 2,321,600 2007-08-05 13:21:15 c:\program files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe
----a-w 2,321,600 2007-03-01 03
56 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
----a-w 81,920 2005-02-16 20:15:20 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
----a-w 221,184 2004-07-27 20:50:42 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
----a-w 536,576 2006-12-10 23:36:32 c:\program files\Common Files\Lenovo\Scheduler\bak\scheduler_proxy.exe
----a-w 487,424 2008-03-04 15:34:20 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
----a-w 185,896 2006-09-28 17:16:20 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
----a-w 48,800 2005-12-21 16:33:28 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 48,800 2005-12-21 16:33:28 c:\program files\Common Files\Symantec Shared\ccApp.exe
----a-w 271,672 2007-07-31 22:44:42 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 289,576 2008-10-01 22:57:12 c:\program files\iTunes\iTunesHelper.exe
----a-w 36,975 2005-11-10 17:03:52 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe
----a-w 2,341,632 2006-11-09 18:15:16 c:\program files\Lenovo\Client Security Solution\bak\cssauth.exe
----a-w 94,208 2006-10-02 15:19:48 c:\program files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe
----a-r 41,472 2006-03-13 20:38:56 c:\program files\Lenovo\SafeGuard PrivateDisk\bak\pdservice.exe
----a-w 31,016 2006-10-27 04:47:42 c:\program files\Microsoft Office\Office12\bak\GrooveMonitor.exe
----a-w 33,648 2007-08-24 11:00:48 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
----a-w 286,720 2007-06-29 10:24:52 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-09-06 19:09:14 c:\program files\QuickTime\QTTask.exe
----a-w 75,304 2006-10-11 16:45:12 c:\program files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe
----a-w 1,592 2007-10-03 21:09:59 c:\program files\Steam\bak\ClientRegistry.blob
----a-w 546,136 2008-08-24 23:05:44 c:\program files\Steam\ClientRegistry.blob
----a-w 1,258,744 2007-08-05 01:20:45 c:\program files\Steam\bak\Steam.exe
----a-w 1,271,032 2008-04-06 19:53:30 c:\program files\Steam\Steam.exe
----a-w 29,826 2007-10-03 21:09:59 c:\program files\Steam\bak\Steamexe__237340__2007_10_3T21_9_59C3109.mdmp
----a-w 85,744 2006-05-27 20
20 c:\program files\Symantec AntiVirus\bak\VPTray.exe
----a-w 85,744 2006-05-27 20
20 c:\program files\Symantec AntiVirus\VPTray.exe
----a-w 512,000 2006-02-14 18:16:28 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 110,592 2006-02-14 18:17:28 c:\program files\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 243,248 2006-11-29 06:30:00 c:\program files\ThinkPad\Utilities\bak\EzEjMnAp.Exe
------w 242,976 2008-06-05 06:36:00 c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
----a-w 856,064 2006-06-03 02:00:18 c:\program files\ThinkPad\Utilities\bak\TpKmapAp.exe
----a-w 120,368 2007-02-02 07:01:00 c:\program files\ThinkVantage\PrdCtr\bak\LPMGR.exe
------w 165,208 2008-06-09 07:00:00 c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
----a-w 31,232 2006-04-25 23:03:42 c:\program files\ThinkVantage Fingerprint Software\bak\launcher.exe
----a-w 48,904 2007-08-14 19:32:42 c:\program files\ThinkVantage Fingerprint Software\launcher.exe
----a-w 1,014,272 2007-08-15 08:48:34 c:\program files\Tunebite\bak\tunebite.exe
----a-w 1,014,272 2007-08-15 08:48:34 c:\program files\Tunebite\tunebite.exe
----a-w 122,940 2006-02-02 09:20:00 c:\windows\system32\DLA\bak\DLACTRLW.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tunebite.exe"="c:\program files\Tunebite\tunebite.exe" [2007-08-15 1014272]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\jaddison\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-05 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IUWORK"="c:\iuwork\LAUNCH.LNK" [N/A]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-29 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-29 208896]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-07-05 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-07-04 143360]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\system32\TpShocks.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 c:\windows\system32\ico.exe]
c:\documents and settings\jaddison\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-08-18 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-09-08 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"AllowMultipleTSSessions"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 14:54 89600 c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 15:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\matrix@moscowmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Spadester\\spades.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Program Files\\MoRUN.net\\Sticker Lite\\sticker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:UDP"= 2967:UDP:Symantec AntiVirus Managed Client (2967:UDP)
"7001:UDP"= 7001:UDP:AFS CacheManager Callback (7001:UDP)
"2967:TCP"= 2967:TCP:Symantec AntiVirus Managed Client (2967:TCP)
"7001:TCP"= 7001:TCP:AFS CacheManager Callback (7001:TCP)
.
Contents of the 'Scheduled Tasks' folder
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-06 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\jaddison\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-05 20:52]
2008-12-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-07-29 00:43]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-06 13:40:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSuerhqfhx.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1164)
c:\windows\system32\vrlogon.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
- - - - - - - > 'lsass.exe'(1220)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\program files\Symantec AntiVirus\SavRoam.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\FSRremoS.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-12-06 13:48:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 18:48:46
ComboFix2.txt 2008-12-06 17:16:19
Pre-Run: 33,428,838,912 bytes free
Post-Run: 33,412,136,448 bytes free
233 --- E O F --- 2008-11-13 21:05:43
Sincerely,
J. Addison