Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard Drive Space Missing


  • This topic is locked This topic is locked
2 replies to this topic

#1 spacelucky48

spacelucky48

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 05 June 2008 - 03:21 PM

Hello All,

I am new here.

I just found out that my free space on the hard drive has decreaed all the way down to 5GB. I have a 80GB and the files I have account for only 30GB space.
Something must has taken up the space.

I am running on windows XP home and have symantec endpoint protection which is free from the University.

Thanks for the help,

I did the Hijackthis scan as suggested by the forum. I appreciate your effort very much!

Deckard's System Scanner v20071014.68
Run by BBF on 2008-06-05 15:30:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-06-05 20:30:34 UTC - RP658 - Deckard's System Scanner Restore Point
11: 2008-06-05 18:57:09 UTC - RP657 - System Checkpoint
10: 2008-06-04 18:53:17 UTC - RP656 - Installed Symantec Endpoint Protection.
9: 2008-06-04 18:45:52 UTC - RP655 - Removed Symantec AntiVirus
8: 2008-06-04 18:44:12 UTC - RP654 - Configured StCamSWare v0.08 Beta14


-- First Restore Point --
1: 2008-06-03 17:27:38 UTC - RP647 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 5.75 GiB (less than 15%) free.


-- HijackThis (run as BBF.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:02 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesLenovoBluetooth Softwarebinbtwdins.exe
C:Program FilesCisco SystemsVPN Clientcvpnd.exe
C:Program FilesDiskeeper CorporationDiskeeperDkService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesSoftexOmniPassOmniserv.exe
C:WINDOWSsystem32PMSveH.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32PMHandler.exe
C:Program FilesSymantecSymantec Endpoint ProtectionRtvscan.exe
C:Program FilesIBM ThinkVantageRescue and Recoveryrrservice.exe
C:Program FilesIBM ThinkVantageCommonSchedulertvtsched.exe
C:Program FilesThinkVantageSystemUpdateUCLauncherService.exe
C:Program FilesThinkPadConnectUtilitiesAcSvc.exe
C:Program FilesSoftexOmniPassOPXPApp.exe
C:Program FilesIBM ThinkVantageCommonLoggerlogmon.exe
C:WINDOWSExplorer.EXE
C:Program FilesSymantecSymantec Endpoint ProtectionSmcGui.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesLenovoHOTKEYTPHKMGR.exe
C:Program FilesLenovoHOTKEYTpWAudAp.exe
C:WINDOWSAGRSMMSG.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesSoftexOmniPassscureapp.exe
C:PROGRA~1LenovoLENOVO~2LPMGR.exe
C:Program FilesThinkPadConnectUtilitiesACTray.exe
C:Program FilesThinkPadConnectUtilitiesACWLIcon.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesLenovoBluetooth SoftwareBTTray.exe
C:Documents and SettingsBBFLocal SettingsTemporary Internet FilesContent.IE5P21KIDJUdss[1].exe
C:PROGRA~1TRENDM~1HIJACK~1BBF.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.chem.wisc.edu/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=4eJ_Z6BrkLb3hk2I0KVZnQCyRfs
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (file missing)
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:WINDOWSsystem32BhoCitUS.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [TPHOTKEY] C:Program FilesLenovoHOTKEYTPHKMGR.exe
O4 - HKLM..Run: [TPWAUDAP] C:Program FilesLenovoHOTKEYTpWAudAp.exe
O4 - HKLM..Run: [PMHandler] C:WINDOWSsystem32PMHandler.exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [ISUSPM Startup] c:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [OmniPass] C:Program FilesSoftexOmniPassscureapp.exe
O4 - HKLM..Run: [LPManager] C:PROGRA~1LenovoLENOVO~2LPMGR.exe
O4 - HKLM..Run: [ACTray] C:Program FilesThinkPadConnectUtilitiesACTray.exe
O4 - HKLM..Run: [ACWLIcon] C:Program FilesThinkPadConnectUtilitiesACWLIcon.exe
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [EPSON Stylus C86 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: ???QQ?? - C:Program FilesTencentQQAddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:Program FilesTencentQQAddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:Program FilesTencentQQAddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:Program FilesTencentQQSendMMS.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:Program FilesLenovoBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: 添加到QQ表情 - C:Program FilesTencentQQAddEmotion.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:Program FilesTencentQQAddPanel.htm
O8 - Extra context menu item: 用QQ残欧⑺透猛计 - C:Program FilesTencentQQSendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesIBMJava142jrebinNPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesIBMJava142jrebinNPJPI142.dll
O9 - Extra button: ?????? - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:Program Files浩方对战平台GameClient.exe (file missing)
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:Program FilesCiti Virtual Account NumbersCitiVAN.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:Program FilesTencentQQQQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:Program FilesTencentQQQQ.EXE (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:Program FilesThinkPadConnectUtilitiesAcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesLenovoBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:Program FilesCisco SystemsVPN Clientcvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:Program FilesDiskeeper CorporationDiskeeperDkService.exe
O23 - Service: Intel PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:Program FilesSoftexOmniPassOmniserv.exe
O23 - Service: PMSveH - Lenovo - C:WINDOWSsystem32PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:WINDOWSsystem32PsaSrv.exe (file missing)
O23 - Service: Intel PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionRtvscan.exe
O23 - Service: TVT Backup Service - Unknown owner - C:Program FilesIBM ThinkVantageRescue and Recoveryrrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:Program FilesIBM ThinkVantageCommonSchedulertvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:Program FilesThinkVantageSystemUpdateUCLauncherService.exe

--
End of file - 11864 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shellopencommand - regedit.exe "%1" %*
.scr - scrfile - shellopencommand - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANC - c:windowssystem32driversanc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:windowssystem32driversibmbldid.sys
R1 TPHKDRV - c:windowssystem32driverstphkdrv.sys <Not Verified; Lenovo Group Limited; OnScreenDisplay>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:windowssystem32driversaegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 EGATHDRV (IBM eGatherer) - c:windowssystem32egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 ibmfilter - c:windowssystem32driversibmfilter.sys <Not Verified; IBM; RRU>
R2 PMEM - c:windowssystem32driverspmemnt.sys <Not Verified; Microsoft Corporation; Microsoft Windows NT™ Operating System>
R2 s24trans (WLAN Transport) - c:windowssystem32driverss24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smi2 - c:program filessmi2smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>

S0 ANCSQ - c:windowssystem32driversancsq.sys (file missing)
S2 npkcrypt - c:program filestencentqqnpkcrypt.sys (file missing)
S3 btwmodem (Bluetooth Modem) - c:windowssystem32driversbtwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1200>
S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:windowssystem32driverspcasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 psadd (IBM PSA Access Driver) - c:windowssystem32driverspsadd.sys <Not Verified; Lenovo; SMI Driver>
S3 StUSB (StUSB NT service) - c:windowssystem32driversstusb.sys <Not Verified; Sensor Technology CO., LTD.; Sentech USB Camera>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Diskeeper - "c:program filesdiskeeper corporationdiskeeperdkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
R2 PMSveH - c:windowssystem32pmsveh.exe <Not Verified; Lenovo; PMSveH>
R2 RegSrvc (Intel PROSet/Wireless Registry Service) - c:program filesintelwirelessbinregsrvc.exe <Not Verified; Intel Corporation; Intel PROSet/Wireless Registry Service>
R2 TVT Scheduler - "c:program filesibm thinkvantagecommonschedulertvtsched.exe" <Not Verified; ; tvtsched Module>
R2 UCLauncherService (ThinkVantage System Update) - c:program filesthinkvantagesystemupdateuclauncherservice.exe

S3 PsaSrv (IBM PSA Access Driver Control) - c:windowssystem32psasrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOTNET0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOTNET0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-06-05 04:47:24 418 --ah----- C:WINDOWSTasksUser_Feed_Synchronization-{8258D697-F374-4EEA-B23F-36A354B293A5}.job


-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-05 15:29:55 0 d-------- C:Program FilesTrend Micro
2008-06-05 15:14:32 0 d-------- C:Documents and SettingsBBFApplication DataJAM Software
2008-06-05 15:14:29 0 d-------- C:Program FilesJAM Software
2008-06-05 14:37:13 0 d-------- C:Documents and SettingsBBFApplication DataMalwarebytes
2008-06-05 14:37:08 0 d-------- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2008-06-05 14:37:07 0 d-------- C:Program FilesMalwarebytes' Anti-Malware
2008-06-04 23:02:15 0 d-------- C:WINDOWSBDOSCAN8
2008-06-04 13:51:23 0 d-------- C:Symantec_Endpoint_Protection11.0.1000
2008-05-20 21:07:42 0 d-------- C:Program FilesTVAnts
2008-05-14 00:25:30 0 d-------- C:Program FilesMSECache
2008-05-12 09:05:16 0 d-------- C:Documents and SettingsAll UsersApplication DataAdobe
2008-05-08 14:04:10 2199552 -----n--- C:WINDOWSsystem32PdfDll32.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS DLL for Windows>
2008-05-08 14:04:10 65536 -----n--- C:WINDOWSsystem32ltserial.dll
2008-05-08 14:04:05 135168 -----n--- C:WINDOWSsystem32LpEmf05n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS ePrint>
2008-05-08 14:02:34 0 d-------- C:Program FilesOriginLab
2008-05-08 14:01:56 0 d-------- C:Documents and SettingsBBFApplication DataInstallShield
2008-05-08 14:01:19 0 d-------- C:Program FilesOrigin 8 Setup Files


-- Find3M Report ---------------------------------------------------------------

2008-06-04 14:00:40 0 d-------- C:Program FilesCommon FilesSymantec Shared
2008-06-04 13:56:38 0 d-------- C:Program FilesSymantec
2008-06-04 13:48:35 0 d-------- C:Program FilesVideoLAN
2008-06-04 13:44:38 0 d--h----- C:Program FilesInstallShield Installation Information
2008-06-04 13:44:24 0 d-------- C:Program FilesStCamSWare
2008-06-04 13:43:39 0 d-------- C:Program FilesCommon Files
2008-06-03 17:14:34 0 d-------- C:Program FilesInterVideo
2008-06-01 00:00:00 5427 -----n--- C:WINDOWSsystem32EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
2008-05-14 00:28:16 36736 -----n--- C:Documents and SettingsBBFApplication DataGDIPFONTCACHEV1.DAT
2008-05-12 09:03:35 0 d-------- C:Documents and SettingsBBFApplication DataAdobeUM
2008-05-08 12:24:16 0 d-------- C:Program FilesSciFinder
2008-05-04 21:18:49 0 d-------- C:Documents and SettingsBBFApplication DataskypePM
2008-04-11 18:27:22 0 d-------- C:Documents and SettingsBBFApplication DataMove Networks
2008-03-14 14:12:21 1882 -------c- C:Documents and SettingsBBFApplication Datamercuryrc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [10/28/2005 07:58 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 07:07 PM C:WINDOWSsystem32HdAShCut.exe]
"TPHOTKEY"="C:Program FilesLenovoHOTKEYTPHKMGR.exe" [12/20/2005 10:47 PM]
"TPWAUDAP"="C:Program FilesLenovoHOTKEYTpWAudAp.exe" [12/10/2005 10:29 AM]
"PMHandler"="C:WINDOWSsystem32PMHandler.exe" [01/06/2006 11:42 AM]
"AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 04:50 PM C:WINDOWSAGRSMMSG.exe]
"igfxtray"="C:WINDOWSsystem32igfxtray.exe" [11/03/2005 05:25 PM]
"igfxhkcmd"="C:WINDOWSsystem32hkcmd.exe" [11/03/2005 05:22 PM]
"igfxpers"="C:WINDOWSsystem32igfxpers.exe" [11/03/2005 05:26 PM]
"ISUSPM Startup"="c:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" [08/09/2004 08:03 AM]
"ISUSScheduler"="C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" [06/10/2005 12:44 PM]
"OmniPass"="C:Program FilesSoftexOmniPassscureapp.exe" [02/28/2006 02:20 AM]
"LPManager"="C:PROGRA~1LenovoLENOVO~2LPMGR.exe" [12/07/2005 03:00 AM]
"ACTray"="C:Program FilesThinkPadConnectUtilitiesACTray.exe" [02/01/2006 12:19 AM]
"ACWLIcon"="C:Program FilesThinkPadConnectUtilitiesACWLIcon.exe" [02/01/2006 12:12 AM]
"Windows Defender"="C:Program FilesWindows DefenderMSASCui.exe" [11/03/2006 07:20 PM]
"EPSON Stylus C86 Series"="C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I2R1.exe" [11/25/2003 04:00 AM]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [06/29/2007 06:24 AM]
"ccApp"="C:Program FilesCommon FilesSymantec SharedccApp.exe" [02/20/2008 03:12 PM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 07:00 AM]
"msnmsgr"="C:Program FilesMSN Messengermsnmsgr.exe" [01/19/2007 12:54 PM]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"DWQueuedReporting"="C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Bluetooth.lnk - C:Program FilesLenovoBluetooth SoftwareBTTray.exe [12/2/2005 4:30:42 PM]
Microsoft Office.lnk - C:Program FilesMicrosoft OfficeOffice10OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyACNotify]
ACNotify.dll 02/01/2006 12:13 AM 32768 C:Program FilesThinkPadConnectUtilitiesACNotify.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyOPXPGina]
C:Program FilesSoftexOmniPassopxpgina.dll 02/28/2006 02:21 AM 49152 C:Program FilesSoftexOmniPassOPXPGina.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytphotkey]
tphklock.dll 12/20/2005 10:46 PM 24576 C:WINDOWSsystem32tphklock.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSymantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Reader Speed Launch.lnk
backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupCisco Systems VPN Client.lnk
backup=C:WINDOWSpssCisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAMSG]
C:Program FilesThinkVantageAMSGAmsg.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCitiVAN]
C:Program FilesCiti Virtual Account NumbersCitiVAN.exe /dontopenmycards

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregcssauthe]
"C:Program FilesIBM ThinkVantageClient Security Solutioncssauthe.exe" silent

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDiskeeperSystray]
"C:Program FilesDiskeeper CorporationDiskeeperDkIcon.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoBoingo]
C:Program FilesBoingoGoBoingoGoBoingo.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
"C:Program FilesiTunesiTunesHelper.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKlipFolio]
"C:Program FilesKlipFolioKlipFolio.exe" /BOOT

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
"C:Program FilesMessengermsmsgs.exe" /background

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMsnMsgr]
"C:Program FilesMSN Messengermsnmsgr.exe" /background

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
"C:Program FilesQuickTimeqttask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregsuScheduler]
C:Program FilesThinkVantageSystemUpdateUCLauncher.exe /SCHEDULER




-- End of Deckard's System Scanner: finished at 2008-06-05 15:32:44 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2038.11 MiB / 1480.44 MiB
Pagefile Memory (total/avail): 2641.01 MiB / 2157.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.27 MiB

C: is Fixed (NTFS) - 69.38 GiB total, 5.75 GiB free.
D: is CDROM (Unformatted)

.PHYSICALDRIVE0 - TOSHIBA MK8032GSX - 74.53 GiB - 2 partitions
PARTITION0 (bootable) - Installable File System - 69.38 GiB - C:
PARTITION1 - Unknown - 5.15 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: Symantec Endpoint Protection v11.0.1000.1112 (Symantec Corporation)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesThinkVantageSystemUpdatejrebinjavaw.exe"="C:Program FilesThinkVantageSystemUpdatejrebinjavaw.exe:*:Enabled:ThinkVantage System Update"
"C:Program FilesMSN Messengermsncall.exe"="C:Program FilesMSN Messengermsncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesThinkVantageSystemUpdatejrebinjavaw.exe"="C:Program FilesThinkVantageSystemUpdatejrebinjavaw.exe:*:Enabled:ThinkVantage System Update"
"C:Program FilesInternet ExplorerIEXPLORE.EXE"="C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:Program FilesppStreamppStream.exe"="C:Program FilesPPStreamPPStream.exe:*:Enabled:PPStream"
"C:Program FilesMSN Messengermsncall.exe"="C:Program FilesMSN Messengermsncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:WINDOWSvqqsdl10.exe"="C:WINDOWSvqqsdl10.exe:*:Enabled:VqqSpeedDl User Interface"
"C:Program FilesTencentQQQQ.exe"="C:Program FilesTencentQQQQ.exe:*:Enabled:QQ"
"C:Program FilesKingsoftPowerword 2007xdict.exe"="C:Program FilesKingsoftPowerword 2007xdict.exe:*:Enabled:Kingsoft PowerWord"
"C:Program FilesKingsoftPowerword 2007update.exe"="C:Program FilesKingsoftPowerword 2007update.exe:*:Enabled:Kingsoft PowerWord Online Update"
"C:Program FilesQuickTimeQuickTimePlayer.exe"="C:Program FilesQuickTimeQuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program Files浩方对战平台GameClient.exe"="C:Program Files浩方对战平台GameClient.exe:*:Enabled:??????"
"C:BBFFunNew FolderWar3.exe"="C:BBFFunNew FolderWar3.exe:*:Enabled:War3"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:Program FilesCommon FilesSogou PXPp2psvr.exe"="C:Program FilesCommon FilesSogou PXPp2psvr.exe:*:Enabled:Sogou P4P Service"
"C:Program FilesSopCastadvSopAdver.exe"="C:Program FilesSopCastadvSopAdver.exe:*:Enabled:SopCast Adver"
"C:Program FilesSopCastSopCast.exe"="C:Program FilesSopCastSopCast.exe:*:Enabled:SopCast Main Application"
"C:Program FilesVideoLANVLCvlc.exe"="C:Program FilesVideoLANVLCvlc.exe:*:Enabled:VLC media player"
"C:Program FilesSkypePhoneSkype.exe"="C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype"
"C:Program FilesTVAntsTvants.exe"="C:Program FilesTVAntsTvants.exe:*:Enabled:TVAnts"
"C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe"="C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe:*:Enabled:SMC Service"
"C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE"="C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE:*:Enabled:SNAC Service"
"C:Program FilesCommon FilesSymantec SharedccApp.exe"="C:Program FilesCommon FilesSymantec SharedccApp.exe:*:Enabled:Symantec Email"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsBBFApplication Data
CLASSPATH=.;C:Program FilesIBMJava142jrelibextQTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=BB-FIRST-LENOVO
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsBBF
IBMSHARE=C:IBMSHARE
LOGONSERVER=BB-FIRST-LENOVO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:Program FilesInternet Explorer;;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesIntelWirelessBin;C:Program FilesSoftexOmniPass;C:Program FilesIBM ThinkVantageClient Security Solution;C:Program FilesDiskeeper CorporationDiskeeper;C:Program FilesThinkPadConnectUtilities;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesIBMJava142jrelibextQTJava.zip
RR=C:Program FilesIBM ThinkVantageRescue and Recovery
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1BBFLOCALS~1Temp
TMP=C:DOCUME~1BBFLOCALS~1Temp
TVT=C:Program FilesIBM ThinkVantage
TVTPYDIR=C:Program FilesIBM ThinkVantageCommonPython24
USERDOMAIN=BB-FIRST-LENOVO
USERNAME=BBF
USERPROFILE=C:Documents and SettingsBBF
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

BBF (admin)
BB (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}SETUP.EXE" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
??????? --> MsiExec.exe /X{42847359-0E5F-4763-9CF8-90761713B6B5}
Access Help --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C6FA39A7-26B1-480A-BC74-6D17531AC222}SETUP.EXE" -l0x9 UNINSTALL
Accord SDK 5.1 Runtime --> C:Program FilesAccelrysAccord50AccordskRTDeinstallSetup.exe
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-705000000001}
Agere Systems HDA Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
AZ Grabber v2.5 --> "C:Program FilesAZ Grabberunins000.exe"
Citi Virtual Account Numbers --> RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFCitiVAN.INF, DefaultUninstall.ntx86
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Diskeeper Lite --> MsiExec.exe /X{F6A04D96-C6D7-498C-9099-BCAD0D99778D}
EPSON Printer Software --> C:WINDOWSSystem32spoolDRIVERSW32X863EPUPDATE.EXE /R
Fingerprint Sensor Minimum Install --> MsiExec.exe /I{0763E426-FB61-4CD3-B8C7-01A0F37CAAEB}
foobar2000 --> "C:Program FilesFoobar2000uninstall.exe"
GoBoingo! --> MsiExec.exe /X{D130AA29-F814-4FD4-9BA8-244FA8B0F55E}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:program filesgooglegoogletoolbar3.dll"
Help Center --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{986F64DC-FF15-449D-998F-EE3BCEC6666A}SETUP.EXE" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111 -->
HijackThis 2.0.2 --> "C:Program FilesTrend MicroHijackThisHijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.2 --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
IDL 7.0 --> C:Program FilesInstallShield Installation Information{16578C71-CFAF-42F7-869A-DC3E48D0A7DE}setup.exe -runfromtemp -l0x0409
ImageJ 1.34s --> "C:Program FilesImageJunins000.exe"
Inst5657 --> MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
Intel Graphics Media Accelerator Driver --> RUNDLL32.EXE C:WINDOWSsystem32ialmrem.dll,UninstallW2KIGfx2ID PCIVEN_8086&DEV_27A6 PCIVEN_8086&DEV_27A2
Intel PROSet/Wireless Software --> C:WINDOWSInstalleriProInst.exe
iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
KaleidaGraph 3.5 --> C:WINDOWSunvise32.exe C:Program FilesKaleidaGraphuninstal.log
Lenovo Bluetooth with Enhanced Data Rate Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Lenovo Care --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{CF52099A-3BEA-4C41-AEA8-1E190F04D737}SETUP.EXE" -l0x9 -AddRemove
Lenovo Care Supplement --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}SETUP.EXE" -l0x9 -AddRemove
LiveUpdate 3.3 (Symantec Corporation) --> "C:Program FilesSymantecLiveUpdateLSETUP.EXE" /U
Malwarebytes' Anti-Malware --> "C:Program FilesMalwarebytes' Anti-Malwareunins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Mercury 1.4.2 --> MsiExec.exe /X{FA601500-3ABB-4164-8322-DEB3E22A998A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Move Networks Media Player for Internet Explorer --> C:Documents and SettingsBBFApplication DataMove Networksie_binUninst.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
OmniPass --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}SETUP.EXE" -l0x9
On Screen Display --> RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:Program FilesLenovoHOTKEYtphkinst.inf
OriginPro 8 --> C:Program FilesInstallShield Installation Information{A912021A-FEDD-4DA3-8DB4-245EBDA84778}setup.exe -runfromtemp -l0x0009 -removeonly
PC-Doctor 5 for Windows --> C:Program FilesPCDR5uninst.exe
PDFgetX2 --> "C:WINDOWSlsb_un20.exe" /C=UC /N=PDFgetX2
PM Driver --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{C11DFB24-1018-4722-917C-5288E18A46CF}
Powerword 2007 --> "C:Program FilesKingsoftPowerword 2007unins000.exe"
PPStream --> "C:Program FilesPPStreamunins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{94FB906A-CF42-4128-A509-D353026A607E}SETUP.EXE" -l0x9 REMOVE
Rescue and Recovery --> MsiExec.exe /I{1A07F627-0F8F-43EE-B667-38908DF85911}
SciFinder Scholar 2006 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesSciFinderUninstallSETUP.EXE" -l0x9
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Step By Step Interactive Training (KB923723) --> "C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe"
SopCast 2.0.4 --> C:Program FilesSopCastuninst.exe
SoundMAX --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1000Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}SETUP.exe" -l0x9 -removeonly
Symantec Endpoint Protection --> MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
Synaptics Pointing Device Driver --> rundll32.exe "C:Program FilesSynapticsSynTPSynISDLL.dll",standAloneUninstall
TA Advantage (Thermal / Rheology) --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FE592376-1A25-11D5-860E-00105A073CBE}setup.exe" -l0x9 -L0x9
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:IBMTOOLSOSFIXESPCMCIAPWpcmciapw.inf
ThinkVantage Access Connections --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{7EB114D8-207F-45AE-BABD-1669715F2630}SETUP.EXE" -l0x9 anything
ThinkVantage System Update --> MsiExec.exe /X{2A43FF29-0D97-4445-B82D-9324F176AED5}
ThinkVantage Technologies Welcome Message --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{1007F41F-7D69-468E-8017-3849A5A973C2}SETUP.EXE" -l0x9 anything
TreeSize Professional 5.1.1 --> "C:Program FilesJAM SoftwareTreeSize Professionalunins000.exe"
TVAnts 1.0 --> C:PROGRA~1TVAntsUNWISE.EXE C:PROGRA~1TVAntsINSTALL.LOG
VanDyke Software SecureCRT 5.2 --> C:PROGRA~1SECURE~1UNINSTAL.EXE C:PROGRA~1SECURE~1INSTALL.LOG
VPN Client --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5624C000-B109-11D4-9DB4-00E0290FCAC5}Setup.exe" -l0x9 VpnUninstall
Wallpapers --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}SETUP.EXE" -l0x9 UNINSTALL
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
WinRAR archiver --> C:Program FilesWinRARuninstall.exe
XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type12051 / Warning
Event Submitted/Written: 06/05/2008 02:55:01 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type12040 / Warning
Event Submitted/Written: 06/04/2008 10:08:32 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMade method on subscription {CD1DCBD6-A14D-4823-A0D2-8473AFDE360F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type12039 / Warning
Event Submitted/Written: 06/04/2008 10:08:32 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type12038 / Error
Event Submitted/Written: 06/04/2008 08:10:05 PM
Event ID/Source: 13 / SescLU
Event Description:
LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Event Record #/Type12036 / Warning
Event Submitted/Written: 06/04/2008 05:17:37 PM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside c:VALUEADD3RDPARTYMGMTCITRIXICA32.EXE due to extraction errors encountered by the Decomposer Engines.Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/servlet/P...ld=symantec_ent



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25159 / Error
Event Submitted/Written: 06/05/2008 02:53:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type25152 / Error
Event Submitted/Written: 06/05/2008 02:08:21 PM
Event ID/Source: 31008 / ipnathlp
Event Description:
The DNS proxy agent was unable to read the local list of name-resolution
servers from the registry.
The data is the error code.

Event Record #/Type25148 / Warning
Event Submitted/Written: 06/05/2008 11:47:36 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type25047 / Error
Event Submitted/Written: 06/04/2008 02:53:44 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type24989 / Error
Event Submitted/Written: 06/04/2008 02:03:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Symantec Eraser Control driver service failed to start due to the following error:
%%317



-- End of Deckard's System Scanner: finished at 2008-06-05 15:32:44 ------------

Merged posts. ~ OB

Edited by Orange Blossom, 05 June 2008 - 04:28 PM.


BC AdBot (Login to Remove)

 


m

#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:10 AM

Posted 01 July 2008 - 06:48 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:10 AM

Posted 08 July 2008 - 10:17 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users