Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Or Not?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Black Adam

Black Adam

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 29 July 2008 - 08:34 PM

Hi,
My laptop has recently been slowing down, so I decided to install some antivirus software like AVG to see if it could help remove some of it.
For a while, it seemed to help, but recently, some recurring items began to show up at startup, with names like 17pholmes1001186.exe and Mrofinu1001186.exe.
After fiddling around for a while, I think that I may have temporarily removed those two, but now my AVG is starting to go crazy every few minutes, telling me that so and so is infected with Win32.Gen or Win32/Virtus. Some of these files are essential to my computer, such as Thinkpad applications and drivers, so I have doubts about whether or not there really is an infection or not now. I've been repeatedly running scans on AVG, but there's always something new showing up.


Thanks in advance.

Deckard's System Scanner v20071014.68
Run by amoy938 on 2008-07-29 21:22:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; access is denied.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as amoy938.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:58 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\student\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\amoy938.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cpprod.stjohns.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - .DEFAULT User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207680333281
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--
End of file - 7317 bytes

-- HijackThis Fixed Entries (C:\Program Files\Trend Micro\HijackThis\backups\) -

backup-20080709-183953-124 O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
backup-20080709-183953-302 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by St. John's University
backup-20080709-183953-313 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080709-183953-391 O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
backup-20080709-183953-396 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080709-183953-488 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080709-183953-590 O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
backup-20080709-183953-846 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
backup-20080709-183953-853 O4 - .DEFAULT User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
backup-20080711-112835-290 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080720-113705-113 O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - unable to read value
.inf - inffile - shell\open\command - unable to read value
.txt - txtfile - shell\open\command - %windir%\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module>
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 TVT_UpdateMonitor (TVT Windows Update Monitor) - c:\program files\lenovo\rescue and recovery\updatemonitor.exe <Not Verified; Lenovo Group Limited; Fast Restore>

S3 MSIServer (Windows Installer) - c:\windows\system32\msiexec.exe /v (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-18 12:31:54 300 --a------ C:\WINDOWS\Tasks\PMTask.job


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 20:23:05 0 d--h---c- C:\$AVG8.VAULT$
2008-07-29 20:19:55 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-29 20:19:51 0 d-------- C:\Program Files\AVG
2008-07-29 20:19:51 0 d------c- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-29 17:26:13 0 d-------- C:\Program Files\Skra
2008-07-29 17:21:10 0 d-------- C:\Program Files\mjc
2008-07-29 17:21:10 0 d-------- C:\Program Files\InetGet2
2008-07-29 17:21:09 0 d-------- C:\Program Files\Webtools
2008-07-28 13:06:12 56832 --a------ C:\WINDOWS\b155.exe
2008-07-24 11:02:24 91136 --a------ C:\WINDOWS\b152.exe
2008-07-22 12:46:56 34816 --a------ C:\WINDOWS\b156.exe
2008-07-18 12:53:18 30256 --a------ C:\WINDOWS\macromix.dll <Not Verified; Macromedia, Inc.; Macromedia Director>
2008-07-14 09:09:27 0 d-------- C:\Program Files\Foxit Software
2008-07-11 11:30:57 0 dr-h----- C:\Documents and Settings\student\Recent
2008-07-10 14:52:55 0 d-------- C:\Documents and Settings\student\Application Data\WinRAR
2008-07-10 12:29:10 0 d-------- C:\Documents and Settings\student\Application Data\Nexon
2008-07-10 12:25:12 4682 -----n--- C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-07-10 12:25:02 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-10 12:12:04 0 d------c- C:\Nexon
2008-07-09 22:57:06 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-09 22:52:55 0 d-------- C:\Program Files\CCleaner
2008-07-09 18:39:10 0 d-------- C:\Program Files\Trend Micro
2008-07-09 17:39:03 717296 -----n--- C:\WINDOWS\system32\drivers\sptd.sys
2008-07-09 17:39:03 0 d-------- C:\Documents and Settings\student\Application Data\DAEMON Tools
2008-07-09 17:34:02 2829 -----n--- C:\WINDOWS\War3Unin.pif
2008-07-09 17:34:02 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-07-09 17:34:02 77125 -----n--- C:\WINDOWS\War3Unin.dat
2008-07-09 17:26:25 0 d-------- C:\Program Files\Warcraft III
2008-07-09 17:23:53 17408 -----n--- C:\WINDOWS\system32\rpcnetp.dll
2008-07-09 17:23:19 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-07-09 17:19:51 0 d-------- C:\Documents and Settings\student\dwhelper
2008-07-09 17:12:14 0 d-------- C:\Documents and Settings\student\Application Data\Mozilla
2008-07-09 17:11:28 0 d-------- C:\Documents and Settings\Default User\Local Settings


-- Find3M Report ---------------------------------------------------------------

2008-07-29 21:04:49 52848 --a------ C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-29 21:02:55 347136 --a------ C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:02:54 75776 --a----c- C:\WINDOWS\system32\telnet.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:02:54 131584 --a----c- C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:02:53 132608 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:02:52 84480 --a----c- C:\WINDOWS\system32\pintool.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:02:52 215552 --a----c- C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:02:50 6144 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-07-29 21:02:49 143360 --a----c- C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Microsoft Synchronization Manager>
2008-07-29 21:02:48 36864 --a------ C:\WINDOWS\system32\instw32.exe <Not Verified; Absolute Software Corp.; instw32>
2008-07-29 21:02:47 64000 --a------ C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:02:47 5632 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:02:25 62172 --a----c- C:\F405FIX.EXE
2008-07-29 21:02:01 32256 --a----c- C:\WINDOWS\system32\wupdmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:54 119808 --a----c- C:\WINDOWS\system32\winmine.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:53 433664 --a----c- C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:45 289792 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:44 28672 --a------ C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:39 18432 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:33 135680 --a----c- C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:24 538624 --a------ C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:23 56832 --a----c- C:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:23 138752 --a----c- C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:22 89600 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:17 140800 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:01:00 11776 --a----c- C:\WINDOWS\system32\regsvr32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:00:59 35840 --a----c- C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:00:45 1200128 --a----c- C:\WINDOWS\system32\ntbackup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:00:31 126976 --a------ C:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:00:26 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-07-29 21:00:23 72704 --a----c- C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:00:08 55296 --a----c- C:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:00:07 23040 --a----c- C:\WINDOWS\system32\fltmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 21:00:05 180224 --a----c- C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2008-07-29 20:59:48 224768 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-07-29 20:58:01 8192 --a------ C:\WINDOWS\system32\control.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:57:43 388608 --a------ C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:57:39 80384 --a----c- C:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:57:37 114688 --a----c- C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:37:13 13824 --a------ C:\WINDOWS\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:25:26 10752 --a----c- C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 20:25:15 183808 --a----c- C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-18 12:34:45 0 d-------- C:\Program Files\ThinkVantage
2008-07-18 12:34:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-10 12:25:02 0 d-------- C:\Program Files\Common Files
2008-07-09 22:56:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-09 22:28:55 188 -------c- C:\WINDOWS\x
2008-07-09 22:15:42 0 d-------- C:\Program Files\Common Files\Lenovo
2008-07-09 22:15:41 0 d-------- C:\Program Files\Lenovo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
07/29/2008 05:21 PM 91648 --a------ C:\Program Files\Webtools\webtools.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/05/2008 02:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/05/2008 02:48 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/05/2008 02:48 PM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [02/13/2008 06:28 PM]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [04/27/2007 02:33 AM]
"TPFNF7"="C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [03/26/2008 03:06 AM]
"TpShocks"="TpShocks.exe" [11/22/2007 03:09 PM C:\WINDOWS\system32\TpShocks.exe]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [01/11/2008 02:21 AM]
"LPMailChecker"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe" [01/11/2008 02:21 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/29/2008 08:19 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
"LogonType"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoPropertiesMyComputer"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 04:37 PM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/14/2007 04:36 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^student^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\student\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mjc]
C:\Program Files\mjc\mjc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1d02c88-0d74-11dd-8a16-001f3b028835}]
AutoRun\command- "E:\Install FreeAgent Tools.exe" /run




-- End of Deckard's System Scanner: finished at 2008-07-29 21:25:47 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III Xeon processor
CPU 1: Intel Pentium III Xeon processor
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2022.22 MiB / 1404.5 MiB
Pagefile Memory (total/avail): 3913.92 MiB / 3445.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.84 MiB

C: is Fixed (NTFS) - 111.79 GiB total, 87.95 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-08UST0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\student\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ST-213770B4DA59
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\student
LOGONSERVER=\\ST-213770B4DA59
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Lenovo;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\Wireless\Bin\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\student\LOCALS~1\Temp
TMP=C:\DOCUME~1\student\LOCALS~1\Temp
TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=ST-213770B4DA59
USERNAME=amoy938
USERPROFILE=C:\Documents and Settings\student
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

student (admin)
Admin.ST-045C1B17CD2F (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Camera Center --> MsiExec.exe /I{668ACF05-E455-4932-A2D2-5822A8206FEB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Integrated Camera --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
MapleStory --> MsiExec.exe /I{E6FC4EEE-2EEA-49A7-B036-908B9BD4BB70}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\SETUP.EXE" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center --> C:\windows\sequencer.exe -fc:\windows\uninst.seq
Rescue and Recovery --> MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo --> MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Windows Driver Package - Intel (NETw4x32) net (11/27/2007 11.5.0.36) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4x32_F1BDA345F929A55ADE451DC360816BB19A3A10ED\netw4x32.inf
Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\w29n51_E99959A506B0423451BFDD2FE3C8B527B6AF45BD\w29n51.inf
Windows Driver Package - Intel net (11/27/2007 11.5.0.36) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4k32_C6850AD7E04103838F1654B76EF154906C187309\netw4k32.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type520 / Error
Event Submitted/Written: 07/29/2008 05:36:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mte3mtk6odoxng.exe, version 0.0.0.0, faulting module mte3mtk6odoxng.exe, version 0.0.0.0, fault address 0x0000eb4c.
Processing media-specific event for [mte3mtk6odoxng.exe!ws!]

Event Record #/Type62 / Error
Event Submitted/Written: 07/09/2008 05:44:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application daemon4124-lite.exe, version 4.12.4.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type21 / Error
Event Submitted/Written: 07/09/2008 10:56:47 PM
Event ID/Source: 11500 / MsiInstaller
Event Description:
Product: Opera 9.51 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Event Record #/Type20 / Error
Event Submitted/Written: 07/09/2008 10:56:41 PM
Event ID/Source: 11500 / MsiInstaller
Event Description:
Product: Opera 9.51 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Event Record #/Type19 / Error
Event Submitted/Written: 07/09/2008 10:56:36 PM
Event ID/Source: 11500 / MsiInstaller
Event Description:
Product: Opera 9.51 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2293 / Error
Event Submitted/Written: 07/29/2008 09:06:26 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Event Record #/Type2292 / Error
Event Submitted/Written: 07/29/2008 09:06:16 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Event Record #/Type2291 / Error
Event Submitted/Written: 07/29/2008 09:06:06 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Event Record #/Type2290 / Error
Event Submitted/Written: 07/29/2008 09:06:04 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Event Record #/Type2289 / Error
Event Submitted/Written: 07/29/2008 09:06:04 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding



-- End of Deckard's System Scanner: finished at 2008-07-29 21:25:47 ------------

Edited by Black Adam, 29 July 2008 - 08:38 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:45 AM

Posted 30 July 2008 - 03:08 PM

Hi,

but now my AVG is starting to go crazy every few minutes, telling me that so and so is infected with Win32.Gen or Win32/Virtus

You are indeed dealing with a Fileinfector + a password stealer. The File infector infected a lot of legitimate files. The fact is, you cannot delete them since they are Windows files and needed for your system. So these files should be disinfected instead. And in your case, it appears that AVG can't disinfect them.
As a matter of fact, if people are dealing with a File Infector, I always suggest a format and reinstall, because it's the best/fastest and especially the safest method.

Also see here:

http://miekiemoes.blogspot.com/2008/06/vir...again-sigh.html (this is one of the variants you are dealing with)
http://miekiemoes.blogspot.com/2008/06/mal...-draw-line.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:45 AM

Posted 11 August 2008 - 05:08 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users