Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Purity Scan And Possibly Others(virtuamonde?)


  • Please log in to reply
8 replies to this topic

#1 xDiablox

xDiablox

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 11 June 2008 - 10:09 PM

I ran Symantec and Spy Sweeper and they cleaned up a lot. However, my computer still has a few kinks I cant seem to fix. parts of my desktop settings are hijacked. when I had file-sharing software on the computer it was trying to to share all my files so I removed the software. my computer has recently had problems booting up. Spy Sweeper and Symantec keep finding purity scan though lately not all the time. when they do find it the rmains of the virus they cant touch it for some reason. i have been working on it for weeks and im at my wits end. my computer is still useable except for these little quirks. anything you can tell me to help would be greatly appreciated.

Deckard's System Scanner v20071014.68
Run by Robin Brown on 2008-06-11 19:11:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-12 02:11:56 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-06-08 21:04:50 UTC - RP4 - System Checkpoint
3: 2008-05-26 15:59:50 UTC - RP3 - System Checkpoint
2: 2008-05-25 15:02:10 UTC - RP2 - System Checkpoint
1: 2008-05-24 14:31:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 19:13:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Documents and Settings\Robin Brown\Local Settings\Temporary Internet Files\Content.IE5\PMAWX8WL\dss[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7F6F0017-B05A-4D9D-B2A6-A2F239730CB0} - C:\WINDOWS\system32\ssQigDwV.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPFNF7] "C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [TPHOTKEY] "C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ACTray] "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
O4 - HKLM\..\Run: [ACWLIcon] "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [AwaySch] "C:\Program Files\Lenovo\AwayTask\AwaySch.EXE"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [BM3f4bd784] Rundll32.exe "C:\WINDOWS\system32\sqjcpvvp.dll",s
O4 - HKLM\..\Run: [3c78e418] rundll32.exe "C:\WINDOWS\system32\qawcavws.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ACNotify - C:\WINDOWS\system32\ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\Installshield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 15073 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 dump_wmimmc - c:\nexon\maplestory\gameguard\dump_wmimmc.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module>
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 19:05:00 266 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-11 18:55:55 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-05-26 10:24:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 19:05:02 95232 --a------ C:\WINDOWS\system32\qawcavws.dll
2008-06-11 19:02:02 111616 --a------ C:\WINDOWS\system32\uoxtwjyk.dll
2008-06-11 18:59:01 106496 --a------ C:\WINDOWS\system32\sqjcpvvp.dll
2008-06-11 18:57:06 106496 --a------ C:\WINDOWS\system32\xkabhnee.dll
2008-06-08 13:51:09 101376 -----n--- C:\WINDOWS\system32\cwrlugjm.dll
2008-06-08 13:45:09 113664 --a------ C:\WINDOWS\system32\nbepnxeo.dll
2008-05-25 07:15:41 117760 --a------ C:\WINDOWS\system32\nyvegmwy.dll
2008-05-25 07:13:31 109056 --a------ C:\WINDOWS\system32\arfojgwp.dll
2008-05-23 17:22:02 118272 --a------ C:\WINDOWS\system32\twadipia.dll
2008-05-23 17:14:01 110080 --a------ C:\WINDOWS\system32\shimmbfd.dll
2008-05-19 16:27:24 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Uniblue
2008-05-19 16:27:10 0 d-------- C:\Program Files\Uniblue
2008-05-18 21:24:40 109568 --a------ C:\WINDOWS\system32\mxlfyteo.dll
2008-05-18 07:33:32 73489638 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-05-18 05:58:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-18 05:55:11 0 d-------- C:\WINDOWS\pss
2008-05-17 15:58:48 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-05-17 15:58:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-05-17 15:47:16 118784 --a------ C:\WINDOWS\system32\wwgjdolo.dll
2008-05-17 15:41:16 109568 --a------ C:\WINDOWS\system32\nugekbei.dll
2008-05-17 08:51:35 0 d-------- C:\WINDOWS\??crosoft.NET
2008-05-16 22:17:31 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-05-16 21:00:44 118784 --a------ C:\WINDOWS\system32\unqiotpg.dll
2008-05-16 20:58:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-16 20:58:10 0 d-------- C:\Program Files\Webroot
2008-05-16 20:58:10 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Webroot
2008-05-16 20:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 20:57:44 108544 --a------ C:\WINDOWS\system32\djpgabrh.dll
2008-05-16 17:27:44 118784 --a------ C:\WINDOWS\system32\qxajyyam.dll
2008-05-16 17:05:55 108544 --a------ C:\WINDOWS\system32\qhseramp.dll
2008-05-16 16:03:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-16 15:53:35 118784 --a------ C:\WINDOWS\system32\owwikfer.dll
2008-05-16 15:53:20 0 d-------- C:\Program Files\Symantec
2008-05-16 15:53:07 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-16 15:45:44 28672 --a------ C:\WINDOWS\system32\byXpMgff.dll
2008-05-16 15:45:17 108544 --a------ C:\WINDOWS\system32\mddposwy.dll
2008-05-15 15:11:48 0 d-------- C:\Program Files\Incomplete
2008-05-15 15:10:57 727907 --ahs---- C:\WINDOWS\system32\VwDgiQss.ini2
2008-05-15 15:10:49 373248 --a------ C:\WINDOWS\system32\ssQigDwV.dll
2008-05-15 15:05:52 0 d-------- C:\WINDOWS\system32\dFrnx18
2008-05-15 15:04:49 0 d-------- C:\WINDOWS\kzow
2008-05-15 15:04:49 0 d-------- C:\Program Files\Common Files\kzow
2008-05-11 13:55:13 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\??curity
2008-05-11 13:45:04 0 d-------- C:\Program Files\JavaCore
2008-05-11 13:40:00 0 d-------- C:\Program Files\Spcron
2008-05-11 13:34:53 0 d-------- C:\Program Files\Temporary
2008-05-11 13:34:53 0 d-------- C:\Program Files\Svconr
2008-05-11 13:29:44 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Deskbar_{1F1A4524-F788-482b-8D5C-13E72A3FBA46}


-- Find3M Report ---------------------------------------------------------------

2008-05-25 07:20:17 0 d-------- C:\Program Files\Avant Browser
2008-05-17 09:23:13 0 d-------- C:\Program Files\Common Files
2008-05-17 07:50:22 0 d-------- C:\Program Files\PCDR5
2008-05-16 22:33:02 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\??curity
2008-05-16 15:56:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-16 15:49:36 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\LimeWire
2008-05-15 15:26:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 15:26:53 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Adobe
2008-05-15 15:22:51 0 d-------- C:\Program Files\LimeWire
2008-05-05 20:52:36 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F6F0017-B05A-4D9D-B2A6-A2F239730CB0}]
05/15/2008 03:10 PM 373248 --a------ C:\WINDOWS\system32\ssQigDwV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [12/06/2007 09:22 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/05/2007 03:07 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/05/2007 03:07 AM]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [11/29/2007 11:04 AM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [03/08/2007 10:49 PM]
"@"="" []
"TpShocks"="TpShocks.exe" [11/22/2007 03:09 PM C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [03/28/2007 10:32 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/09/2007 12:23 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/03/2007 07:55 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/06/2007 06:27 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/06/2007 06:27 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [09/06/2007 06:27 PM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [02/08/2007 01:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 05:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [04/26/2007 10:10 AM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 04:24 PM]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [08/03/2007 04:35 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/29/2008 01:00 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/03/2008 07:51 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [07/05/2007 02:58 PM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [07/05/2007 02:51 PM]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [02/01/2007 11:00 AM]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [11/07/2006 03:51 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [12/06/2007 09:22 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]
"BM3f4bd784"="C:\WINDOWS\system32\sqjcpvvp.dll" [06/11/2008 06:59 PM]
"3c78e418"="C:\WINDOWS\system32\qawcavws.dll" [06/11/2008 07:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2/27/2007 5:43:30 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/24/2008 1:00:07 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 07/05/2007 02:52 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 12:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/13/2006 07:06 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssQigDwV
"Notification Packages"= scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-11 19:14:04 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III Xeon processor
CPU 1: Intel Pentium III Xeon processor
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 2022.22 MiB / 962 MiB
Pagefile Memory (total/avail): 3914.14 MiB / 2896.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.94 MiB

C: is Fixed (NTFS) - 226.18 GiB total, 210.31 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI HTS542525K9SA00 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 226.18 GiB - C:
\PARTITION1 - Unknown - 6.71 GiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robin Brown\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DIABLO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robin Brown
LOGONSERVER=\\DIABLO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp
TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=DIABLO
USERNAME=Robin Brown
USERPROFILE=C:\Documents and Settings\Robin Brown
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robin Brown (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites --> "C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Business Contact Manager for Outlook 2007 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Client Security Solution --> MsiExec.exe /I{F055E1B2-8A05-4D87-8039-1BE979BA4193}
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Spcron\"" /f
Diskeeper Lite --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111 -->
Integrated Camera --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 3 --> "C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lenovo Registration --> C:\Program Files\Lenovo Registration\uninstall.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
MapleStory --> MsiExec.exe /I{9B40FEE5-85E8-4851-89AD-66E2A1B4DC04}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center --> C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery --> MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Step By Step Interactive Training (KB898458) -->
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo --> MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x9 anything
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update for Office 2007 (KB934528) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3082 / Error
Event Submitted/Written: 06/11/2008 07:03:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avant.exe, version 11.6.0.13, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000118d0.
Processing media-specific event for [avant.exe!ws!]

Event Record #/Type2983 / Error
Event Submitted/Written: 06/08/2008 01:41:13 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\documents and settings\robin brown\application data\??curity\taskmgr.exe by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Event Record #/Type2982 / Error
Event Submitted/Written: 06/08/2008 01:41:10 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\documents and settings\robin brown\application data\??curity\taskmgr.exe by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.

Event Record #/Type2838 / Error
Event Submitted/Written: 05/25/2008 09:45:30 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application VPC32.exe, version 10.1.6.6000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2837 / Error
Event Submitted/Written: 05/25/2008 09:36:36 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: C:\WINDOWS\CROSOF~1.NET\explorer.exe by: Manual scan. Action: Delete was partially successful.. Action Description: Delete was partially successful.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2681 / Error
Event Submitted/Written: 06/11/2008 07:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2630 / Error
Event Submitted/Written: 06/08/2008 11:00:25 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Event Record #/Type2629 / Error
Event Submitted/Written: 06/08/2008 10:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2628 / Error
Event Submitted/Written: 06/08/2008 09:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2627 / Error
Event Submitted/Written: 06/08/2008 08:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-06-11 19:14:04 ------------

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 June 2008 - 06:12 AM

Hi and Welcome to the forums.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 xDiablox

xDiablox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 21 June 2008 - 03:16 PM

sorry about the delay, hard to get on my computer lately. anyways, heres that report.

Deckard's System Scanner v20071014.68
Run by Robin Brown on 2008-06-11 19:11:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-12 02:11:56 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-06-08 21:04:50 UTC - RP4 - System Checkpoint
3: 2008-05-26 15:59:50 UTC - RP3 - System Checkpoint
2: 2008-05-25 15:02:10 UTC - RP2 - System Checkpoint
1: 2008-05-24 14:31:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 19:13:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Documents and Settings\Robin Brown\Local Settings\Temporary Internet Files\Content.IE5\PMAWX8WL\dss[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7F6F0017-B05A-4D9D-B2A6-A2F239730CB0} - C:\WINDOWS\system32\ssQigDwV.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPFNF7] "C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [TPHOTKEY] "C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ACTray] "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
O4 - HKLM\..\Run: [ACWLIcon] "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [AwaySch] "C:\Program Files\Lenovo\AwayTask\AwaySch.EXE"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [BM3f4bd784] Rundll32.exe "C:\WINDOWS\system32\sqjcpvvp.dll",s
O4 - HKLM\..\Run: [3c78e418] rundll32.exe "C:\WINDOWS\system32\qawcavws.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ACNotify - C:\WINDOWS\system32\ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\Installshield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 15073 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 dump_wmimmc - c:\nexon\maplestory\gameguard\dump_wmimmc.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module>
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 19:05:00 266 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-11 18:55:55 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-05-26 10:24:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 19:05:02 95232 --a------ C:\WINDOWS\system32\qawcavws.dll
2008-06-11 19:02:02 111616 --a------ C:\WINDOWS\system32\uoxtwjyk.dll
2008-06-11 18:59:01 106496 --a------ C:\WINDOWS\system32\sqjcpvvp.dll
2008-06-11 18:57:06 106496 --a------ C:\WINDOWS\system32\xkabhnee.dll
2008-06-08 13:51:09 101376 -----n--- C:\WINDOWS\system32\cwrlugjm.dll
2008-06-08 13:45:09 113664 --a------ C:\WINDOWS\system32\nbepnxeo.dll
2008-05-25 07:15:41 117760 --a------ C:\WINDOWS\system32\nyvegmwy.dll
2008-05-25 07:13:31 109056 --a------ C:\WINDOWS\system32\arfojgwp.dll
2008-05-23 17:22:02 118272 --a------ C:\WINDOWS\system32\twadipia.dll
2008-05-23 17:14:01 110080 --a------ C:\WINDOWS\system32\shimmbfd.dll
2008-05-19 16:27:24 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Uniblue
2008-05-19 16:27:10 0 d-------- C:\Program Files\Uniblue
2008-05-18 21:24:40 109568 --a------ C:\WINDOWS\system32\mxlfyteo.dll
2008-05-18 07:33:32 73489638 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-05-18 05:58:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-18 05:55:11 0 d-------- C:\WINDOWS\pss
2008-05-17 15:58:48 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-05-17 15:58:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-05-17 15:47:16 118784 --a------ C:\WINDOWS\system32\wwgjdolo.dll
2008-05-17 15:41:16 109568 --a------ C:\WINDOWS\system32\nugekbei.dll
2008-05-17 08:51:35 0 d-------- C:\WINDOWS\??crosoft.NET
2008-05-16 22:17:31 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-05-16 21:00:44 118784 --a------ C:\WINDOWS\system32\unqiotpg.dll
2008-05-16 20:58:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-16 20:58:10 0 d-------- C:\Program Files\Webroot
2008-05-16 20:58:10 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Webroot
2008-05-16 20:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 20:57:44 108544 --a------ C:\WINDOWS\system32\djpgabrh.dll
2008-05-16 17:27:44 118784 --a------ C:\WINDOWS\system32\qxajyyam.dll
2008-05-16 17:05:55 108544 --a------ C:\WINDOWS\system32\qhseramp.dll
2008-05-16 16:03:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-16 15:53:35 118784 --a------ C:\WINDOWS\system32\owwikfer.dll
2008-05-16 15:53:20 0 d-------- C:\Program Files\Symantec
2008-05-16 15:53:07 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-16 15:45:44 28672 --a------ C:\WINDOWS\system32\byXpMgff.dll
2008-05-16 15:45:17 108544 --a------ C:\WINDOWS\system32\mddposwy.dll
2008-05-15 15:11:48 0 d-------- C:\Program Files\Incomplete
2008-05-15 15:10:57 727907 --ahs---- C:\WINDOWS\system32\VwDgiQss.ini2
2008-05-15 15:10:49 373248 --a------ C:\WINDOWS\system32\ssQigDwV.dll
2008-05-15 15:05:52 0 d-------- C:\WINDOWS\system32\dFrnx18
2008-05-15 15:04:49 0 d-------- C:\WINDOWS\kzow
2008-05-15 15:04:49 0 d-------- C:\Program Files\Common Files\kzow
2008-05-11 13:55:13 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\??curity
2008-05-11 13:45:04 0 d-------- C:\Program Files\JavaCore
2008-05-11 13:40:00 0 d-------- C:\Program Files\Spcron
2008-05-11 13:34:53 0 d-------- C:\Program Files\Temporary
2008-05-11 13:34:53 0 d-------- C:\Program Files\Svconr
2008-05-11 13:29:44 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Deskbar_{1F1A4524-F788-482b-8D5C-13E72A3FBA46}


-- Find3M Report ---------------------------------------------------------------

2008-05-25 07:20:17 0 d-------- C:\Program Files\Avant Browser
2008-05-17 09:23:13 0 d-------- C:\Program Files\Common Files
2008-05-17 07:50:22 0 d-------- C:\Program Files\PCDR5
2008-05-16 22:33:02 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\??curity
2008-05-16 15:56:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-16 15:49:36 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\LimeWire
2008-05-15 15:26:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 15:26:53 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Adobe
2008-05-15 15:22:51 0 d-------- C:\Program Files\LimeWire
2008-05-05 20:52:36 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F6F0017-B05A-4D9D-B2A6-A2F239730CB0}]
05/15/2008 03:10 PM 373248 --a------ C:\WINDOWS\system32\ssQigDwV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [12/06/2007 09:22 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/05/2007 03:07 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/05/2007 03:07 AM]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [11/29/2007 11:04 AM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [03/08/2007 10:49 PM]
"@"="" []
"TpShocks"="TpShocks.exe" [11/22/2007 03:09 PM C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [03/28/2007 10:32 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/09/2007 12:23 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/03/2007 07:55 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/06/2007 06:27 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/06/2007 06:27 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [09/06/2007 06:27 PM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [02/08/2007 01:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 05:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [04/26/2007 10:10 AM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 04:24 PM]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [08/03/2007 04:35 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/29/2008 01:00 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/03/2008 07:51 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [07/05/2007 02:58 PM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [07/05/2007 02:51 PM]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [02/01/2007 11:00 AM]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [11/07/2006 03:51 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [12/06/2007 09:22 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]
"BM3f4bd784"="C:\WINDOWS\system32\sqjcpvvp.dll" [06/11/2008 06:59 PM]
"3c78e418"="C:\WINDOWS\system32\qawcavws.dll" [06/11/2008 07:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2/27/2007 5:43:30 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/24/2008 1:00:07 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 07/05/2007 02:52 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 12:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/13/2006 07:06 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssQigDwV
"Notification Packages"= scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-11 19:14:04 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III Xeon processor
CPU 1: Intel Pentium III Xeon processor
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 2022.22 MiB / 962 MiB
Pagefile Memory (total/avail): 3914.14 MiB / 2896.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.94 MiB

C: is Fixed (NTFS) - 226.18 GiB total, 210.31 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI HTS542525K9SA00 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 226.18 GiB - C:
\PARTITION1 - Unknown - 6.71 GiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robin Brown\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DIABLO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robin Brown
LOGONSERVER=\\DIABLO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp
TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=DIABLO
USERNAME=Robin Brown
USERPROFILE=C:\Documents and Settings\Robin Brown
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robin Brown (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites --> "C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Business Contact Manager for Outlook 2007 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Client Security Solution --> MsiExec.exe /I{F055E1B2-8A05-4D87-8039-1BE979BA4193}
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Spcron\"" /f
Diskeeper Lite --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111 -->
Integrated Camera --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 3 --> "C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lenovo Registration --> C:\Program Files\Lenovo Registration\uninstall.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
MapleStory --> MsiExec.exe /I{9B40FEE5-85E8-4851-89AD-66E2A1B4DC04}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center --> C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery --> MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Step By Step Interactive Training (KB898458) -->
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo --> MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x9 anything
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update for Office 2007 (KB934528) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3082 / Error
Event Submitted/Written: 06/11/2008 07:03:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avant.exe, version 11.6.0.13, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000118d0.
Processing media-specific event for [avant.exe!ws!]

Event Record #/Type2983 / Error
Event Submitted/Written: 06/08/2008 01:41:13 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\documents and settings\robin brown\application data\??curity\taskmgr.exe by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Event Record #/Type2982 / Error
Event Submitted/Written: 06/08/2008 01:41:10 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\documents and settings\robin brown\application data\??curity\taskmgr.exe by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.

Event Record #/Type2838 / Error
Event Submitted/Written: 05/25/2008 09:45:30 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application VPC32.exe, version 10.1.6.6000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2837 / Error
Event Submitted/Written: 05/25/2008 09:36:36 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: C:\WINDOWS\CROSOF~1.NET\explorer.exe by: Manual scan. Action: Delete was partially successful.. Action Description: Delete was partially successful.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2681 / Error
Event Submitted/Written: 06/11/2008 07:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2630 / Error
Event Submitted/Written: 06/08/2008 11:00:25 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Event Record #/Type2629 / Error
Event Submitted/Written: 06/08/2008 10:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2628 / Error
Event Submitted/Written: 06/08/2008 09:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2627 / Error
Event Submitted/Written: 06/08/2008 08:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-06-11 19:14:04 ------------

-COMBOFIX REPORT-

ComboFix 08-06-20.1 - Robin Brown 2008-06-20 18:14:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1334 [GMT -7:00]
Running from: C:\Documents and Settings\Robin Brown\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Robin Brown\Application Data\CURITY~1
C:\Documents and Settings\Robin Brown\Application Data\CURITY~1\taskmgr.exe
C:\Program Files\JavaCore
C:\Program Files\Spcron
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Program Files\Temporary\inPV.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\tmpvc14
C:\Temp\tmpvc14\dllvc.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\arfojgwp.dll
C:\WINDOWS\system32\djpgabrh.dll
C:\WINDOWS\system32\ffugsqjl.ini
C:\WINDOWS\system32\gvnbmkxv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mddposwy.dll
C:\WINDOWS\system32\mjgulrwc.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mxlfyteo.dll
C:\WINDOWS\system32\nugekbei.dll
C:\WINDOWS\system32\nyvegmwy.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pwmhslrv.ini
C:\WINDOWS\system32\qhseramp.dll
C:\WINDOWS\system32\qiylsyku.ini
C:\WINDOWS\system32\shimmbfd.dll
C:\WINDOWS\system32\sqjcpvvp.dll
C:\WINDOWS\system32\swvacwaq.ini
C:\WINDOWS\system32\tacsixyd.ini
C:\WINDOWS\system32\twadipia.dll
C:\WINDOWS\system32\uoxtwjyk.dll
C:\WINDOWS\system32\vstrqxvp.ini
C:\WINDOWS\system32\VwDgiQss.ini
C:\WINDOWS\system32\VwDgiQss.ini2
C:\WINDOWS\system32\xkabhnee.dll
C:\WINDOWS\system32\xpclnnob.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.

2008-06-11 19:16 . 2008-06-18 23:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-11 19:16 . 2008-06-18 23:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-11 19:15 . 2008-06-11 19:15 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 16:10 417,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 19:15 . 2008-06-20 18:15 62,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-11 19:15 . 2008-06-20 16:10 6,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-11 19:15 . 2008-06-20 16:10 5,852 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-11 19:11 . 2008-06-11 19:11 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 23:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\wwgjdolo.dll
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\unqiotpg.dll
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\qxajyyam.dll
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\owwikfer.dll
2008-06-19 06:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-25 14:20 --------- d-----w C:\Program Files\Avant Browser
2008-05-19 23:27 --------- d-----w C:\Program Files\Uniblue
2008-05-19 23:27 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Uniblue
2008-05-18 14:37 73,489,638 ----a-w C:\SYM_REGISTRY_BACKUP.reg
2008-05-18 12:58 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-17 14:50 --------- d-----w C:\Program Files\PCDR5
2008-05-17 03:58 --------- d-----w C:\Program Files\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 22:59 --------- d-----w C:\Program Files\Common Files\kzow
2008-05-16 22:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-16 22:55 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-16 22:55 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-16 22:55 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-16 22:55 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-16 22:55 --------- d-----w C:\Program Files\Symantec
2008-05-16 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-16 22:49 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\LimeWire
2008-05-16 22:45 28,672 ----a-w C:\WINDOWS\system32\byXpMgff.dll
2008-05-15 22:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 22:23 --------- d-----w C:\Program Files\Incomplete
2008-05-15 22:22 --------- d-----w C:\Program Files\LimeWire
2008-05-11 20:29 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Deskbar_{1F1A4524-F788-482b-8D5C-13E72A3FBA46}
2008-05-06 03:52 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-05-06 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-06 03:48 167,545 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-05-06 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-04 02:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-24 08:15 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-03-24 08:15 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-03-24 08:15 115,960 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-24 07:57 21,393 ----a-w C:\WINDOWS\AegisP.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b2a3c13-392a-41ac-9abe-87d1bb6cc915}]
C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp\slcdeyys.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8CEB9F1-147A-48F8-A14B-1ABCEB821E89}]
C:\WINDOWS\system32\ssQigDwV.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 09:22 200704]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 03:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 03:07 512000]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 11:04 59168]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-08 22:49 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 10:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 00:23 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-06 18:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-06 18:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-06 18:27 137752]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 10:10 120368]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 16:35 2630968]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 13:00 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 19:51 185896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 11:00 419376]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 03:51 91688]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 09:22 208896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 18:23 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-24 01:00:07 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 00:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 19:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Robin Brown\\Desktop\\setup.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-12-06 09:22]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]
S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8fffc7e-3d8f-11dd-8b54-001f3b27bde1}]
\Shell\AutoRun\command - E:\PortableVault.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 17:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-21 01:15:55 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-21 00:17:32 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 18:16:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2008-06-20 18:17:01
ComboFix-quarantined-files.txt 2008-06-21 01:16:57

Pre-Run: 225,466,712,064 bytes free
Post-Run: 225,454,575,616 bytes free

218

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 June 2008 - 10:17 AM

Please make sure Limewire is uninstalled and then delete these 3 folders.

C:\Program Files\Incomplete
C:\Program Files\LimeWire
C:\Documents and Settings\Robin Brown\Application Data\Deskbar_{1F1A4524-F788-482b-8D5C-13E72A3FBA46}

Copy the text below to notepad and save it to the desktop with the name CFScript

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\wwgjdolo.dll
C:\WINDOWS\system32\unqiotpg.dll
C:\WINDOWS\system32\qxajyyam.dll
C:\WINDOWS\system32\owwikfer.dll
C:\WINDOWS\system32\byXpMgff.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b2a3c13-392a-41ac-9abe-87d1bb6cc915}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8CEB9F1-147A-48F8-A14B-1ABCEB821E89}]

Once saved,drag CFScript.txt on top of ComboFix.exe and this will launch the tool and begin the script.


Once completed,post the new CombFix log and a fresh HijackThis log

#5 xDiablox

xDiablox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 22 June 2008 - 06:41 PM

Deckard's System Scanner v20071014.68
Run by Robin Brown on 2008-06-11 19:11:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-12 02:11:56 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-06-08 21:04:50 UTC - RP4 - System Checkpoint
3: 2008-05-26 15:59:50 UTC - RP3 - System Checkpoint
2: 2008-05-25 15:02:10 UTC - RP2 - System Checkpoint
1: 2008-05-24 14:31:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 19:13:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Documents and Settings\Robin Brown\Local Settings\Temporary Internet Files\Content.IE5\PMAWX8WL\dss[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7F6F0017-B05A-4D9D-B2A6-A2F239730CB0} - C:\WINDOWS\system32\ssQigDwV.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPFNF7] "C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [TPHOTKEY] "C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ACTray] "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
O4 - HKLM\..\Run: [ACWLIcon] "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [AwaySch] "C:\Program Files\Lenovo\AwayTask\AwaySch.EXE"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [BM3f4bd784] Rundll32.exe "C:\WINDOWS\system32\sqjcpvvp.dll",s
O4 - HKLM\..\Run: [3c78e418] rundll32.exe "C:\WINDOWS\system32\qawcavws.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ACNotify - C:\WINDOWS\system32\ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\Installshield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 15073 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 dump_wmimmc - c:\nexon\maplestory\gameguard\dump_wmimmc.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module>
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 19:05:00 266 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-11 18:55:55 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-05-26 10:24:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 19:05:02 95232 --a------ C:\WINDOWS\system32\qawcavws.dll
2008-06-11 19:02:02 111616 --a------ C:\WINDOWS\system32\uoxtwjyk.dll
2008-06-11 18:59:01 106496 --a------ C:\WINDOWS\system32\sqjcpvvp.dll
2008-06-11 18:57:06 106496 --a------ C:\WINDOWS\system32\xkabhnee.dll
2008-06-08 13:51:09 101376 -----n--- C:\WINDOWS\system32\cwrlugjm.dll
2008-06-08 13:45:09 113664 --a------ C:\WINDOWS\system32\nbepnxeo.dll
2008-05-25 07:15:41 117760 --a------ C:\WINDOWS\system32\nyvegmwy.dll
2008-05-25 07:13:31 109056 --a------ C:\WINDOWS\system32\arfojgwp.dll
2008-05-23 17:22:02 118272 --a------ C:\WINDOWS\system32\twadipia.dll
2008-05-23 17:14:01 110080 --a------ C:\WINDOWS\system32\shimmbfd.dll
2008-05-19 16:27:24 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Uniblue
2008-05-19 16:27:10 0 d-------- C:\Program Files\Uniblue
2008-05-18 21:24:40 109568 --a------ C:\WINDOWS\system32\mxlfyteo.dll
2008-05-18 07:33:32 73489638 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-05-18 05:58:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-18 05:55:11 0 d-------- C:\WINDOWS\pss
2008-05-17 15:58:48 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-05-17 15:58:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-05-17 15:47:16 118784 --a------ C:\WINDOWS\system32\wwgjdolo.dll
2008-05-17 15:41:16 109568 --a------ C:\WINDOWS\system32\nugekbei.dll
2008-05-17 08:51:35 0 d-------- C:\WINDOWS\??crosoft.NET
2008-05-16 22:17:31 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-05-16 21:00:44 118784 --a------ C:\WINDOWS\system32\unqiotpg.dll
2008-05-16 20:58:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-16 20:58:10 0 d-------- C:\Program Files\Webroot
2008-05-16 20:58:10 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Webroot
2008-05-16 20:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 20:57:44 108544 --a------ C:\WINDOWS\system32\djpgabrh.dll
2008-05-16 17:27:44 118784 --a------ C:\WINDOWS\system32\qxajyyam.dll
2008-05-16 17:05:55 108544 --a------ C:\WINDOWS\system32\qhseramp.dll
2008-05-16 16:03:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-16 15:53:35 118784 --a------ C:\WINDOWS\system32\owwikfer.dll
2008-05-16 15:53:20 0 d-------- C:\Program Files\Symantec
2008-05-16 15:53:07 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-16 15:45:44 28672 --a------ C:\WINDOWS\system32\byXpMgff.dll
2008-05-16 15:45:17 108544 --a------ C:\WINDOWS\system32\mddposwy.dll
2008-05-15 15:11:48 0 d-------- C:\Program Files\Incomplete
2008-05-15 15:10:57 727907 --ahs---- C:\WINDOWS\system32\VwDgiQss.ini2
2008-05-15 15:10:49 373248 --a------ C:\WINDOWS\system32\ssQigDwV.dll
2008-05-15 15:05:52 0 d-------- C:\WINDOWS\system32\dFrnx18
2008-05-15 15:04:49 0 d-------- C:\WINDOWS\kzow
2008-05-15 15:04:49 0 d-------- C:\Program Files\Common Files\kzow
2008-05-11 13:55:13 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\??curity
2008-05-11 13:45:04 0 d-------- C:\Program Files\JavaCore
2008-05-11 13:40:00 0 d-------- C:\Program Files\Spcron
2008-05-11 13:34:53 0 d-------- C:\Program Files\Temporary
2008-05-11 13:34:53 0 d-------- C:\Program Files\Svconr
2008-05-11 13:29:44 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Deskbar_{1F1A4524-F788-482b-8D5C-13E72A3FBA46}


-- Find3M Report ---------------------------------------------------------------

2008-05-25 07:20:17 0 d-------- C:\Program Files\Avant Browser
2008-05-17 09:23:13 0 d-------- C:\Program Files\Common Files
2008-05-17 07:50:22 0 d-------- C:\Program Files\PCDR5
2008-05-16 22:33:02 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\??curity
2008-05-16 15:56:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-16 15:49:36 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\LimeWire
2008-05-15 15:26:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 15:26:53 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Adobe
2008-05-15 15:22:51 0 d-------- C:\Program Files\LimeWire
2008-05-05 20:52:36 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F6F0017-B05A-4D9D-B2A6-A2F239730CB0}]
05/15/2008 03:10 PM 373248 --a------ C:\WINDOWS\system32\ssQigDwV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [12/06/2007 09:22 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/05/2007 03:07 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/05/2007 03:07 AM]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [11/29/2007 11:04 AM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [03/08/2007 10:49 PM]
"@"="" []
"TpShocks"="TpShocks.exe" [11/22/2007 03:09 PM C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [03/28/2007 10:32 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/09/2007 12:23 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/03/2007 07:55 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/06/2007 06:27 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/06/2007 06:27 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [09/06/2007 06:27 PM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [02/08/2007 01:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 05:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [04/26/2007 10:10 AM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 04:24 PM]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [08/03/2007 04:35 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/29/2008 01:00 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/03/2008 07:51 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [07/05/2007 02:58 PM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [07/05/2007 02:51 PM]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [02/01/2007 11:00 AM]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [11/07/2006 03:51 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [12/06/2007 09:22 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]
"BM3f4bd784"="C:\WINDOWS\system32\sqjcpvvp.dll" [06/11/2008 06:59 PM]
"3c78e418"="C:\WINDOWS\system32\qawcavws.dll" [06/11/2008 07:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2/27/2007 5:43:30 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/24/2008 1:00:07 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 07/05/2007 02:52 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 12:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/13/2006 07:06 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssQigDwV
"Notification Packages"= scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-11 19:14:04 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III Xeon processor
CPU 1: Intel Pentium III Xeon processor
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 2022.22 MiB / 962 MiB
Pagefile Memory (total/avail): 3914.14 MiB / 2896.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.94 MiB

C: is Fixed (NTFS) - 226.18 GiB total, 210.31 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI HTS542525K9SA00 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 226.18 GiB - C:
\PARTITION1 - Unknown - 6.71 GiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robin Brown\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DIABLO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robin Brown
LOGONSERVER=\\DIABLO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp
TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=DIABLO
USERNAME=Robin Brown
USERPROFILE=C:\Documents and Settings\Robin Brown
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robin Brown (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites --> "C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Business Contact Manager for Outlook 2007 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Client Security Solution --> MsiExec.exe /I{F055E1B2-8A05-4D87-8039-1BE979BA4193}
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Spcron\"" /f
Diskeeper Lite --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111 -->
Integrated Camera --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 3 --> "C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lenovo Registration --> C:\Program Files\Lenovo Registration\uninstall.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
MapleStory --> MsiExec.exe /I{9B40FEE5-85E8-4851-89AD-66E2A1B4DC04}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center --> C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery --> MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Step By Step Interactive Training (KB898458) -->
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo --> MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x9 anything
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update for Office 2007 (KB934528) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3082 / Error
Event Submitted/Written: 06/11/2008 07:03:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avant.exe, version 11.6.0.13, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000118d0.
Processing media-specific event for [avant.exe!ws!]

Event Record #/Type2983 / Error
Event Submitted/Written: 06/08/2008 01:41:13 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\documents and settings\robin brown\application data\??curity\taskmgr.exe by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Event Record #/Type2982 / Error
Event Submitted/Written: 06/08/2008 01:41:10 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\documents and settings\robin brown\application data\??curity\taskmgr.exe by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.

Event Record #/Type2838 / Error
Event Submitted/Written: 05/25/2008 09:45:30 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application VPC32.exe, version 10.1.6.6000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2837 / Error
Event Submitted/Written: 05/25/2008 09:36:36 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: C:\WINDOWS\CROSOF~1.NET\explorer.exe by: Manual scan. Action: Delete was partially successful.. Action Description: Delete was partially successful.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2681 / Error
Event Submitted/Written: 06/11/2008 07:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2630 / Error
Event Submitted/Written: 06/08/2008 11:00:25 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Event Record #/Type2629 / Error
Event Submitted/Written: 06/08/2008 10:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2628 / Error
Event Submitted/Written: 06/08/2008 09:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2627 / Error
Event Submitted/Written: 06/08/2008 08:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-06-11 19:14:04 ------------

-COMBOFIX REPORT-

ComboFix 08-06-20.1 - Robin Brown 2008-06-20 18:14:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1334 [GMT -7:00]
Running from: C:\Documents and Settings\Robin Brown\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Robin Brown\Application Data\CURITY~1
C:\Documents and Settings\Robin Brown\Application Data\CURITY~1\taskmgr.exe
C:\Program Files\JavaCore
C:\Program Files\Spcron
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Program Files\Temporary\inPV.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\tmpvc14
C:\Temp\tmpvc14\dllvc.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\arfojgwp.dll
C:\WINDOWS\system32\djpgabrh.dll
C:\WINDOWS\system32\ffugsqjl.ini
C:\WINDOWS\system32\gvnbmkxv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mddposwy.dll
C:\WINDOWS\system32\mjgulrwc.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mxlfyteo.dll
C:\WINDOWS\system32\nugekbei.dll
C:\WINDOWS\system32\nyvegmwy.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pwmhslrv.ini
C:\WINDOWS\system32\qhseramp.dll
C:\WINDOWS\system32\qiylsyku.ini
C:\WINDOWS\system32\shimmbfd.dll
C:\WINDOWS\system32\sqjcpvvp.dll
C:\WINDOWS\system32\swvacwaq.ini
C:\WINDOWS\system32\tacsixyd.ini
C:\WINDOWS\system32\twadipia.dll
C:\WINDOWS\system32\uoxtwjyk.dll
C:\WINDOWS\system32\vstrqxvp.ini
C:\WINDOWS\system32\VwDgiQss.ini
C:\WINDOWS\system32\VwDgiQss.ini2
C:\WINDOWS\system32\xkabhnee.dll
C:\WINDOWS\system32\xpclnnob.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.

2008-06-11 19:16 . 2008-06-18 23:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-11 19:16 . 2008-06-18 23:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-11 19:15 . 2008-06-11 19:15 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 16:10 417,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 19:15 . 2008-06-20 18:15 62,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-11 19:15 . 2008-06-20 16:10 6,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-11 19:15 . 2008-06-20 16:10 5,852 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-11 19:11 . 2008-06-11 19:11 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 23:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\wwgjdolo.dll
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\unqiotpg.dll
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\qxajyyam.dll
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\owwikfer.dll
2008-06-19 06:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-25 14:20 --------- d-----w C:\Program Files\Avant Browser
2008-05-19 23:27 --------- d-----w C:\Program Files\Uniblue
2008-05-19 23:27 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Uniblue
2008-05-18 14:37 73,489,638 ----a-w C:\SYM_REGISTRY_BACKUP.reg
2008-05-18 12:58 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-17 14:50 --------- d-----w C:\Program Files\PCDR5
2008-05-17 03:58 --------- d-----w C:\Program Files\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 22:59 --------- d-----w C:\Program Files\Common Files\kzow
2008-05-16 22:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-16 22:55 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-16 22:55 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-16 22:55 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-16 22:55 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-16 22:55 --------- d-----w C:\Program Files\Symantec
2008-05-16 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-16 22:49 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\LimeWire
2008-05-16 22:45 28,672 ----a-w C:\WINDOWS\system32\byXpMgff.dll
2008-05-15 22:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 22:23 --------- d-----w C:\Program Files\Incomplete
2008-05-15 22:22 --------- d-----w C:\Program Files\LimeWire
2008-05-11 20:29 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Deskbar_{1F1A4524-F788-482b-8D5C-13E72A3FBA46}
2008-05-06 03:52 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-05-06 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-06 03:48 167,545 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-05-06 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-04 02:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-24 08:15 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-03-24 08:15 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-03-24 08:15 115,960 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-24 07:57 21,393 ----a-w C:\WINDOWS\AegisP.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b2a3c13-392a-41ac-9abe-87d1bb6cc915}]
C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp\slcdeyys.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8CEB9F1-147A-48F8-A14B-1ABCEB821E89}]
C:\WINDOWS\system32\ssQigDwV.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 09:22 200704]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 03:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 03:07 512000]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 11:04 59168]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-08 22:49 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 10:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 00:23 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-06 18:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-06 18:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-06 18:27 137752]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 10:10 120368]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 16:35 2630968]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 13:00 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 19:51 185896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 11:00 419376]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 03:51 91688]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 09:22 208896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 18:23 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-24 01:00:07 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 00:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 19:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Robin Brown\\Desktop\\setup.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-12-06 09:22]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]
S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8fffc7e-3d8f-11dd-8b54-001f3b27bde1}]
\Shell\AutoRun\command - E:\PortableVault.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 17:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-21 01:15:55 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-21 00:17:32 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 18:16:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2008-06-20 18:17:01
ComboFix-quarantined-files.txt 2008-06-21 01:16:57

Pre-Run: 225,466,712,064 bytes free
Post-Run: 225,454,575,616 bytes free

218

-new combofix log-

ComboFix 08-06-20.1 - Robin Brown 2008-06-22 16:35:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1283 [GMT -7:00]
Running from: C:\Documents and Settings\Robin Brown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robin Brown\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\byXpMgff.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\owwikfer.dll
C:\WINDOWS\system32\qxajyyam.dll
C:\WINDOWS\system32\unqiotpg.dll
C:\WINDOWS\system32\wwgjdolo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byXpMgff.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\owwikfer.dll
C:\WINDOWS\system32\qxajyyam.dll
C:\WINDOWS\system32\unqiotpg.dll
C:\WINDOWS\system32\wwgjdolo.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-11 19:16 . 2008-06-18 23:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-11 19:16 . 2008-06-18 23:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-11 19:15 . 2008-06-11 19:15 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 16:10 541,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 19:15 . 2008-06-22 16:36 76,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-11 19:15 . 2008-06-20 16:10 6,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-11 19:15 . 2008-06-20 16:10 5,852 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-11 19:11 . 2008-06-11 19:11 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 23:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-19 06:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-25 14:20 --------- d-----w C:\Program Files\Avant Browser
2008-05-19 23:27 --------- d-----w C:\Program Files\Uniblue
2008-05-19 23:27 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Uniblue
2008-05-18 14:37 73,489,638 ----a-w C:\SYM_REGISTRY_BACKUP.reg
2008-05-18 12:58 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-17 14:50 --------- d-----w C:\Program Files\PCDR5
2008-05-17 03:58 --------- d-----w C:\Program Files\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 22:59 --------- d-----w C:\Program Files\Common Files\kzow
2008-05-16 22:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-16 22:55 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-16 22:55 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-16 22:55 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-16 22:55 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-16 22:55 --------- d-----w C:\Program Files\Symantec
2008-05-16 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-16 22:49 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\LimeWire
2008-05-15 22:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-06 03:52 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-05-06 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-06 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-04 02:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-24 08:15 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-03-24 08:15 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-03-24 08:15 115,960 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-24 07:57 21,393 ----a-w C:\WINDOWS\AegisP.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 09:22 200704]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 03:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 03:07 512000]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 11:04 59168]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-08 22:49 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 10:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 00:23 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-06 18:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-06 18:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-06 18:27 137752]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 10:10 120368]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 16:35 2630968]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 13:00 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 19:51 185896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 11:00 419376]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 03:51 91688]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 09:22 208896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 18:23 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-24 01:00:07 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 00:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 19:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\Robin Brown\\Desktop\\setup.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-12-06 09:22]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]
S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8fffc7e-3d8f-11dd-8b54-001f3b27bde1}]
\Shell\AutoRun\command - E:\PortableVault.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 17:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 23:05:43 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-22 22:19:43 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 16:36:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2008-06-22 16:38:04
ComboFix-quarantined-files.txt 2008-06-22 23:38:01
ComboFix2.txt 2008-06-21 01:17:01

Pre-Run: 225,501,335,552 bytes free
Post-Run: 225,494,040,576 bytes free

175

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 June 2008 - 04:47 AM

That looks alot better. :thumbsup:

Find these and delete please.

C:\Documents and Settings\Robin Brown\Application Data\LimeWire<-- Folder

C:\WINDOWS\system32\vbzip10.dll<-- File

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


#7 xDiablox

xDiablox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 24 June 2008 - 06:47 PM

Deckard's System Scanner v20071014.68
Run by Robin Brown on 2008-06-11 19:11:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-12 02:11:56 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-06-08 21:04:50 UTC - RP4 - System Checkpoint
3: 2008-05-26 15:59:50 UTC - RP3 - System Checkpoint
2: 2008-05-25 15:02:10 UTC - RP2 - System Checkpoint
1: 2008-05-24 14:31:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 19:13:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Documents and Settings\Robin Brown\Local Settings\Temporary Internet Files\Content.IE5\PMAWX8WL\dss[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7F6F0017-B05A-4D9D-B2A6-A2F239730CB0} - C:\WINDOWS\system32\ssQigDwV.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPFNF7] "C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [TPHOTKEY] "C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ACTray] "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
O4 - HKLM\..\Run: [ACWLIcon] "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [AwaySch] "C:\Program Files\Lenovo\AwayTask\AwaySch.EXE"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [BM3f4bd784] Rundll32.exe "C:\WINDOWS\system32\sqjcpvvp.dll",s
O4 - HKLM\..\Run: [3c78e418] rundll32.exe "C:\WINDOWS\system32\qawcavws.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ACNotify - C:\WINDOWS\system32\ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\Installshield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 15073 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 dump_wmimmc - c:\nexon\maplestory\gameguard\dump_wmimmc.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module>
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 19:05:00 266 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-11 18:55:55 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-05-26 10:24:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 19:05:02 95232 --a------ C:\WINDOWS\system32\qawcavws.dll
2008-06-11 19:02:02 111616 --a------ C:\WINDOWS\system32\uoxtwjyk.dll
2008-06-11 18:59:01 106496 --a------ C:\WINDOWS\system32\sqjcpvvp.dll
2008-06-11 18:57:06 106496 --a------ C:\WINDOWS\system32\xkabhnee.dll
2008-06-08 13:51:09 101376 -----n--- C:\WINDOWS\system32\cwrlugjm.dll
2008-06-08 13:45:09 113664 --a------ C:\WINDOWS\system32\nbepnxeo.dll
2008-05-25 07:15:41 117760 --a------ C:\WINDOWS\system32\nyvegmwy.dll
2008-05-25 07:13:31 109056 --a------ C:\WINDOWS\system32\arfojgwp.dll
2008-05-23 17:22:02 118272 --a------ C:\WINDOWS\system32\twadipia.dll
2008-05-23 17:14:01 110080 --a------ C:\WINDOWS\system32\shimmbfd.dll
2008-05-19 16:27:24 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Uniblue
2008-05-19 16:27:10 0 d-------- C:\Program Files\Uniblue
2008-05-18 21:24:40 109568 --a------ C:\WINDOWS\system32\mxlfyteo.dll
2008-05-18 07:33:32 73489638 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-05-18 05:58:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-18 05:55:11 0 d-------- C:\WINDOWS\pss
2008-05-17 15:58:48 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-05-17 15:58:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-05-17 15:47:16 118784 --a------ C:\WINDOWS\system32\wwgjdolo.dll
2008-05-17 15:41:16 109568 --a------ C:\WINDOWS\system32\nugekbei.dll
2008-05-17 08:51:35 0 d-------- C:\WINDOWS\??crosoft.NET
2008-05-16 22:17:31 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-05-16 21:00:44 118784 --a------ C:\WINDOWS\system32\unqiotpg.dll
2008-05-16 20:58:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-16 20:58:10 0 d-------- C:\Program Files\Webroot
2008-05-16 20:58:10 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Webroot
2008-05-16 20:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 20:57:44 108544 --a------ C:\WINDOWS\system32\djpgabrh.dll
2008-05-16 17:27:44 118784 --a------ C:\WINDOWS\system32\qxajyyam.dll
2008-05-16 17:05:55 108544 --a------ C:\WINDOWS\system32\qhseramp.dll
2008-05-16 16:03:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-05-16 16:00:11 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-16 15:53:35 118784 --a------ C:\WINDOWS\system32\owwikfer.dll
2008-05-16 15:53:20 0 d-------- C:\Program Files\Symantec
2008-05-16 15:53:07 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-16 15:45:44 28672 --a------ C:\WINDOWS\system32\byXpMgff.dll
2008-05-16 15:45:17 108544 --a------ C:\WINDOWS\system32\mddposwy.dll
2008-05-15 15:11:48 0 d-------- C:\Program Files\Incomplete
2008-05-15 15:10:57 727907 --ahs---- C:\WINDOWS\system32\VwDgiQss.ini2
2008-05-15 15:10:49 373248 --a------ C:\WINDOWS\system32\ssQigDwV.dll
2008-05-15 15:05:52 0 d-------- C:\WINDOWS\system32\dFrnx18
2008-05-15 15:04:49 0 d-------- C:\WINDOWS\kzow
2008-05-15 15:04:49 0 d-------- C:\Program Files\Common Files\kzow
2008-05-11 13:55:13 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\??curity
2008-05-11 13:45:04 0 d-------- C:\Program Files\JavaCore
2008-05-11 13:40:00 0 d-------- C:\Program Files\Spcron
2008-05-11 13:34:53 0 d-------- C:\Program Files\Temporary
2008-05-11 13:34:53 0 d-------- C:\Program Files\Svconr
2008-05-11 13:29:44 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Deskbar_{1F1A4524-F788-482b-8D5C-13E72A3FBA46}


-- Find3M Report ---------------------------------------------------------------

2008-05-25 07:20:17 0 d-------- C:\Program Files\Avant Browser
2008-05-17 09:23:13 0 d-------- C:\Program Files\Common Files
2008-05-17 07:50:22 0 d-------- C:\Program Files\PCDR5
2008-05-16 22:33:02 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\??curity
2008-05-16 15:56:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-16 15:49:36 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\LimeWire
2008-05-15 15:26:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 15:26:53 0 d-------- C:\Documents and Settings\Robin Brown\Application Data\Adobe
2008-05-15 15:22:51 0 d-------- C:\Program Files\LimeWire
2008-05-05 20:52:36 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F6F0017-B05A-4D9D-B2A6-A2F239730CB0}]
05/15/2008 03:10 PM 373248 --a------ C:\WINDOWS\system32\ssQigDwV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [12/06/2007 09:22 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/05/2007 03:07 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/05/2007 03:07 AM]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [11/29/2007 11:04 AM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [03/08/2007 10:49 PM]
"@"="" []
"TpShocks"="TpShocks.exe" [11/22/2007 03:09 PM C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [03/28/2007 10:32 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/09/2007 12:23 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/03/2007 07:55 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/06/2007 06:27 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/06/2007 06:27 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [09/06/2007 06:27 PM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [02/08/2007 01:19 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 05:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [04/26/2007 10:10 AM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 04:24 PM]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [08/03/2007 04:35 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/29/2008 01:00 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/03/2008 07:51 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [07/05/2007 02:58 PM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [07/05/2007 02:51 PM]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [02/01/2007 11:00 AM]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [11/07/2006 03:51 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [12/06/2007 09:22 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]
"BM3f4bd784"="C:\WINDOWS\system32\sqjcpvvp.dll" [06/11/2008 06:59 PM]
"3c78e418"="C:\WINDOWS\system32\qawcavws.dll" [06/11/2008 07:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 01:06 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2/27/2007 5:43:30 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/24/2008 1:00:07 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 07/05/2007 02:52 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 12:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/13/2006 07:06 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssQigDwV
"Notification Packages"= scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-11 19:14:04 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III Xeon processor
CPU 1: Intel Pentium III Xeon processor
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 2022.22 MiB / 962 MiB
Pagefile Memory (total/avail): 3914.14 MiB / 2896.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.94 MiB

C: is Fixed (NTFS) - 226.18 GiB total, 210.31 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HITACHI HTS542525K9SA00 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 226.18 GiB - C:
\PARTITION1 - Unknown - 6.71 GiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Robin Brown\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DIABLO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Robin Brown
LOGONSERVER=\\DIABLO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp
TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=DIABLO
USERNAME=Robin Brown
USERPROFILE=C:\Documents and Settings\Robin Brown
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Robin Brown (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites --> "C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Business Contact Manager for Outlook 2007 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Client Security Solution --> MsiExec.exe /I{F055E1B2-8A05-4D87-8039-1BE979BA4193}
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Spcron\"" /f
Diskeeper Lite --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111 -->
Integrated Camera --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 3 --> "C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lenovo Registration --> C:\Program Files\Lenovo Registration\uninstall.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
MapleStory --> MsiExec.exe /I{9B40FEE5-85E8-4851-89AD-66E2A1B4DC04}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center --> C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery --> MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Step By Step Interactive Training (KB898458) -->
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo --> MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x9 anything
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update for Office 2007 (KB934528) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3082 / Error
Event Submitted/Written: 06/11/2008 07:03:56 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avant.exe, version 11.6.0.13, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000118d0.
Processing media-specific event for [avant.exe!ws!]

Event Record #/Type2983 / Error
Event Submitted/Written: 06/08/2008 01:41:13 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\documents and settings\robin brown\application data\??curity\taskmgr.exe by: Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:

Event Record #/Type2982 / Error
Event Submitted/Written: 06/08/2008 01:41:10 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: c:\documents and settings\robin brown\application data\??curity\taskmgr.exe by: Invalid : (15) scan. Action: Delete failed. Action Description: The file was left unchanged.

Event Record #/Type2838 / Error
Event Submitted/Written: 05/25/2008 09:45:30 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application VPC32.exe, version 10.1.6.6000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2837 / Error
Event Submitted/Written: 05/25/2008 09:36:36 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Adware.Purityscan in File: C:\WINDOWS\CROSOF~1.NET\explorer.exe by: Manual scan. Action: Delete was partially successful.. Action Description: Delete was partially successful.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2681 / Error
Event Submitted/Written: 06/11/2008 07:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2630 / Error
Event Submitted/Written: 06/08/2008 11:00:25 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Event Record #/Type2629 / Error
Event Submitted/Written: 06/08/2008 10:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2628 / Error
Event Submitted/Written: 06/08/2008 09:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type2627 / Error
Event Submitted/Written: 06/08/2008 08:05:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-06-11 19:14:04 ------------

-COMBOFIX REPORT-

ComboFix 08-06-20.1 - Robin Brown 2008-06-20 18:14:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1334 [GMT -7:00]
Running from: C:\Documents and Settings\Robin Brown\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Robin Brown\Application Data\CURITY~1
C:\Documents and Settings\Robin Brown\Application Data\CURITY~1\taskmgr.exe
C:\Program Files\JavaCore
C:\Program Files\Spcron
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Program Files\Temporary\inPV.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\tmpvc14
C:\Temp\tmpvc14\dllvc.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\arfojgwp.dll
C:\WINDOWS\system32\djpgabrh.dll
C:\WINDOWS\system32\ffugsqjl.ini
C:\WINDOWS\system32\gvnbmkxv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mddposwy.dll
C:\WINDOWS\system32\mjgulrwc.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mxlfyteo.dll
C:\WINDOWS\system32\nugekbei.dll
C:\WINDOWS\system32\nyvegmwy.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pwmhslrv.ini
C:\WINDOWS\system32\qhseramp.dll
C:\WINDOWS\system32\qiylsyku.ini
C:\WINDOWS\system32\shimmbfd.dll
C:\WINDOWS\system32\sqjcpvvp.dll
C:\WINDOWS\system32\swvacwaq.ini
C:\WINDOWS\system32\tacsixyd.ini
C:\WINDOWS\system32\twadipia.dll
C:\WINDOWS\system32\uoxtwjyk.dll
C:\WINDOWS\system32\vstrqxvp.ini
C:\WINDOWS\system32\VwDgiQss.ini
C:\WINDOWS\system32\VwDgiQss.ini2
C:\WINDOWS\system32\xkabhnee.dll
C:\WINDOWS\system32\xpclnnob.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.

2008-06-11 19:16 . 2008-06-18 23:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-11 19:16 . 2008-06-18 23:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-11 19:15 . 2008-06-11 19:15 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 16:10 417,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 19:15 . 2008-06-20 18:15 62,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-11 19:15 . 2008-06-20 16:10 6,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-11 19:15 . 2008-06-20 16:10 5,852 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-11 19:11 . 2008-06-11 19:11 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 23:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\wwgjdolo.dll
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\unqiotpg.dll
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\qxajyyam.dll
2008-06-20 02:51 118,784 ----a-w C:\WINDOWS\system32\owwikfer.dll
2008-06-19 06:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-25 14:20 --------- d-----w C:\Program Files\Avant Browser
2008-05-19 23:27 --------- d-----w C:\Program Files\Uniblue
2008-05-19 23:27 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Uniblue
2008-05-18 14:37 73,489,638 ----a-w C:\SYM_REGISTRY_BACKUP.reg
2008-05-18 12:58 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-17 14:50 --------- d-----w C:\Program Files\PCDR5
2008-05-17 03:58 --------- d-----w C:\Program Files\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 22:59 --------- d-----w C:\Program Files\Common Files\kzow
2008-05-16 22:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-16 22:55 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-16 22:55 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-16 22:55 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-16 22:55 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-16 22:55 --------- d-----w C:\Program Files\Symantec
2008-05-16 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-16 22:49 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\LimeWire
2008-05-16 22:45 28,672 ----a-w C:\WINDOWS\system32\byXpMgff.dll
2008-05-15 22:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 22:23 --------- d-----w C:\Program Files\Incomplete
2008-05-15 22:22 --------- d-----w C:\Program Files\LimeWire
2008-05-11 20:29 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Deskbar_{1F1A4524-F788-482b-8D5C-13E72A3FBA46}
2008-05-06 03:52 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-05-06 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-06 03:48 167,545 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-05-06 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-04 02:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-24 08:15 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-03-24 08:15 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-03-24 08:15 115,960 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-24 07:57 21,393 ----a-w C:\WINDOWS\AegisP.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b2a3c13-392a-41ac-9abe-87d1bb6cc915}]
C:\DOCUME~1\ROBINB~1\LOCALS~1\Temp\slcdeyys.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8CEB9F1-147A-48F8-A14B-1ABCEB821E89}]
C:\WINDOWS\system32\ssQigDwV.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 09:22 200704]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 03:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 03:07 512000]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 11:04 59168]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-08 22:49 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 10:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 00:23 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-06 18:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-06 18:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-06 18:27 137752]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 10:10 120368]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 16:35 2630968]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 13:00 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 19:51 185896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 11:00 419376]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 03:51 91688]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 09:22 208896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 18:23 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-24 01:00:07 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 00:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 19:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Robin Brown\\Desktop\\setup.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-12-06 09:22]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]
S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8fffc7e-3d8f-11dd-8b54-001f3b27bde1}]
\Shell\AutoRun\command - E:\PortableVault.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 17:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-21 01:15:55 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-21 00:17:32 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 18:16:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2008-06-20 18:17:01
ComboFix-quarantined-files.txt 2008-06-21 01:16:57

Pre-Run: 225,466,712,064 bytes free
Post-Run: 225,454,575,616 bytes free

218

-new combofix log-

ComboFix 08-06-20.1 - Robin Brown 2008-06-22 16:35:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1283 [GMT -7:00]
Running from: C:\Documents and Settings\Robin Brown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robin Brown\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\byXpMgff.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\owwikfer.dll
C:\WINDOWS\system32\qxajyyam.dll
C:\WINDOWS\system32\unqiotpg.dll
C:\WINDOWS\system32\wwgjdolo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byXpMgff.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\owwikfer.dll
C:\WINDOWS\system32\qxajyyam.dll
C:\WINDOWS\system32\unqiotpg.dll
C:\WINDOWS\system32\wwgjdolo.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-11 19:16 . 2008-06-18 23:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-11 19:16 . 2008-06-18 23:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-11 19:15 . 2008-06-11 19:15 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-11 19:15 . 2008-06-20 16:10 541,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 19:15 . 2008-06-22 16:36 76,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-11 19:15 . 2008-06-20 16:10 6,452 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-11 19:15 . 2008-06-20 16:10 5,852 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-11 19:11 . 2008-06-11 19:11 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 23:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-19 06:23 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-25 14:20 --------- d-----w C:\Program Files\Avant Browser
2008-05-19 23:27 --------- d-----w C:\Program Files\Uniblue
2008-05-19 23:27 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Uniblue
2008-05-18 14:37 73,489,638 ----a-w C:\SYM_REGISTRY_BACKUP.reg
2008-05-18 12:58 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-17 14:50 --------- d-----w C:\Program Files\PCDR5
2008-05-17 03:58 --------- d-----w C:\Program Files\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-17 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 22:59 --------- d-----w C:\Program Files\Common Files\kzow
2008-05-16 22:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-16 22:55 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-16 22:55 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-16 22:55 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-16 22:55 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-16 22:55 --------- d-----w C:\Program Files\Symantec
2008-05-16 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-16 22:49 --------- d-----w C:\Documents and Settings\Robin Brown\Application Data\LimeWire
2008-05-15 22:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-06 03:52 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-05-06 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-06 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-04 02:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-24 08:15 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-03-24 08:15 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-03-24 08:15 115,960 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-24 07:57 21,393 ----a-w C:\WINDOWS\AegisP.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 09:22 200704]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 03:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 03:07 512000]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 11:04 59168]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-08 22:49 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 10:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 00:23 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-06 18:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-06 18:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-06 18:27 137752]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 10:10 120368]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 16:35 2630968]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 13:00 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 19:51 185896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 11:00 419376]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 03:51 91688]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 09:22 208896]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 18:23 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-24 01:00:07 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 00:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 19:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\Robin Brown\\Desktop\\setup.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-12-06 09:22]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]
S3 dump_wmimmc;dump_wmimmc;C:\Nexon\MapleStory\GameGuard\dump_wmimmc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8fffc7e-3d8f-11dd-8b54-001f3b27bde1}]
\Shell\AutoRun\command - E:\PortableVault.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 17:24:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 23:05:43 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-22 22:19:43 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 16:36:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2008-06-22 16:38:04
ComboFix-quarantined-files.txt 2008-06-22 23:38:01
ComboFix2.txt 2008-06-21 01:17:01

Pre-Run: 225,501,335,552 bytes free
Post-Run: 225,494,040,576 bytes free

175


Scanning Report
Tuesday, June 24, 2008 15:56:20 - 16:42:15
Computer name: DIABLO
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 1 malware found
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 34922
System: 4665
Not scanned: 7
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Blacklight: 1.0.68
F-Secure Hydra: 2.8.8110, 2008-06-24
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure AVP: 7.0.171, 2008-06-24
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 26 June 2008 - 02:22 AM

Click Start--> Run--> Type in combofix /u and click OK to uninstall ComboFix.

Type in cd\ and click OK


Now we need to reset System Restore and Clear out all the old infected restore points.
  • Click Start
  • Right-Click "My Computer" and Select Properties.
  • Click on the "System Restore" tab.
  • Place a checkmark in the box for "Turn off System Restore" and Click "Apply."
  • Restart the Computer.
  • Return to System Restore and Uncheck the box for "Turn off System Restore" and Click "Apply."
  • A fresh Restore Point will be created.
Take the time to look through Add\Remove Programs and get rid of anything you dont use and are sure you can live without and keep all current applications up to date and fully patched.

Secunia has a good check for such things
http://secunia.com/software_inspector/


So,How is the PC running today?

#9 xDiablox

xDiablox
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 27 June 2008 - 07:55 PM

My computer is running a lot better. i have control of my desktop again XD, and that is a huge improvement. i have ran the disk defragmentor and disk cleanup to help with the slowness, two things i couldn't really do before cause it was so agonizing to do anything at all. symantec ran and it hasnt found anything. spysweeper got damaged so i have to reinstall it and i am hoping it finds nothing. i owe you guys a huge favor. you saved my bleeping computer!

Thank you once again and i hope there are no future problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users