Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Pop-ups. Suspect -virtumonde-


  • This topic is locked This topic is locked
8 replies to this topic

#1 Snail

Snail

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:02:06 PM

Posted 05 August 2008 - 09:22 PM

Please help!

I keep getting these strange pop-up windows on this computer. I did a scan with Spybot S&D and found that darn virtumonde. I am attaching the DSS and HJT logs below.

Thanks in advance.

++++++++++++++++++++++++++++++++++++++++++++++++

Deckard's System Scanner v20071014.68
Run by emorris on 2008-08-05 20:08:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
58: 2008-08-06 02:08:29 UTC - RP97 - Deckard's System Scanner Restore Point
57: 2008-08-05 23:09:30 UTC - RP96 - System Checkpoint
56: 2008-08-04 22:59:39 UTC - RP95 - System Checkpoint
55: 2008-08-03 22:25:02 UTC - RP94 - Last known good configuration
54: 2008-08-03 22:24:47 UTC - RP93 - Installed Windows Support Tools


-- First Restore Point --
1: 2008-08-03 22:24:28 UTC - RP40 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as emorris.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:16 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IBM\Tivoli\Netcool\license\bin\lmgrd.exe
C:\Program Files\IBM\Tivoli\Netcool\omnibus\bin\nco_objserv.exe
C:\Program Files\IBM\Tivoli\Netcool\license\bin\netcool.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\emorris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\emorris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: {8ad5f23f-2130-4bd8-cc84-761a42162bae} - {eab26124-a167-48cc-8db4-0312f32f5da8} - C:\WINDOWS\system32\kdcvfl.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] "C:\Program Files\Lenovo\AwayTask\AwaySch.EXE"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPFNF7] "C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GoBoingo] "C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [989c8f27] rundll32.exe "C:\WINDOWS\system32\kxvdofqd.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-21-3798106555-3128421271-2912687969-1884\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {55536E1C-8D74-4CC0-B39D-A3151002E43C} (InstallationModuleAX Class) - http://209.98.212.5:6975/webexplorer/Insta...stallClient.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BWINC.local
O17 - HKLM\Software\..\Telephony: DomainName = BWINC.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BWINC.local
O20 - AppInit_DLLs: sgqaad.dll kdcvfl.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NCO Flex License Manager (NCOFlexLicense) - Macrovision Corporation - C:\Program Files\IBM\Tivoli\Netcool\license\bin\lmgrd.exe
O23 - Service: Netcool/OMNIbus Object Server (NCOObjectServer) - IBM Corp. - C:\Program Files\IBM\Tivoli\Netcool\omnibus\bin\nco_objserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 11944 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 EGATHDRV (IBM eGatherer) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 PrivateDisk - c:\program files\lenovo\safeguard privatedisk\privatediskm.sys <Not Verified; Utimaco Safeware AG; SafeGuard PrivateDisk>
R2 PROCDD (IPS Helper Driver) - c:\windows\system32\drivers\procdd.sys <Not Verified; Lenovo Group Limited; Away Manager>
R2 smi2 - c:\program files\smi2\smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>
R3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys (file missing)
S3 TVTPktFilter (TVT Packet Filter Service) - c:\windows\system32\drivers\tvtpktfilter.sys (file missing)
S4 vsdatant - a (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
R2 IPSSVC (IPS Core Service) - c:\windows\system32\ipssvc.exe <Not Verified; Lenovo Group Limited; Away Manager>
R2 NCOFlexLicense (NCO Flex License Manager) - "c:\program files\ibm\tivoli\netcool\license\bin\lmgrd.exe" <Not Verified; Macrovision Corporation; >
R2 NCOObjectServer (Netcool/OMNIbus Object Server) - c:\program files\ibm\tivoli\netcool\omnibus\bin\nco_objserv.exe <Not Verified; IBM Corp.; Netcool/OMNIbus nco_objserv>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe

S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10108086&REV_02\4&20975680&0&00E1
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10108086&REV_02\4&20975680&0&00E1
Service: NETw4x32

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-08-05 17:16:16 306 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-07-29 13:19:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-03 16:42:16 98688 --a------ C:\WINDOWS\system32\kxvdofqd.dll
2008-08-03 16:39:24 130432 --a------ C:\WINDOWS\system32\kdcvfl.dll
2008-08-03 16:39:21 130432 --a------ C:\WINDOWS\system32\rboupguj.dll
2008-08-03 16:15:28 0 d-------- C:\Program Files\Support Tools
2008-08-03 15:25:50 0 d-------- C:\Documents and Settings\emorris\Application Data\Malwarebytes
2008-08-03 15:25:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 14:41:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-03 13:36:41 0 d-------- C:\Program Files\Trend Micro
2008-08-03 13:11:59 164 --a------ C:\install.dat
2008-08-03 11:57:50 0 d-------- C:\WINDOWS\pss
2008-08-03 10:42:08 0 d-------- C:\Program Files\Lavasoft
2008-08-03 10:42:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-03 10:30:29 0 d-------- C:\Documents and Settings\emorris\Application Data\TmpRecentIcons
2008-07-29 14:12:08 0 d-------- C:\Documents and Settings\emorris\Application Data\WinRAR
2008-07-25 13:03:23 0 d-------- C:\Documents and Settings\emorris\Application Data\Apple Computer
2008-07-25 12:57:10 0 d-------- C:\Program Files\Apple Software Update
2008-07-25 12:57:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-10 11:32:37 0 d-------- C:\Program Files\Gadwin Systems


-- Find3M Report ---------------------------------------------------------------

2008-08-03 18:36:20 0 d-------- C:\Program Files\PCDR5
2008-08-03 15:14:13 3216 --a------ C:\WINDOWS\system32\encobject.dat
2008-08-03 12:54:31 0 d-------- C:\Program Files\Google
2008-08-03 10:41:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 22:07:16 0 d-------- C:\Documents and Settings\emorris\Application Data\uTorrent
2008-06-24 16:28:48 0 d-------- C:\Documents and Settings\emorris\Application Data\.purple
2008-06-17 20:17:15 0 d-------- C:\Documents and Settings\emorris\Application Data\Sonic
2008-06-17 20:17:05 0 d-------- C:\Documents and Settings\emorris\Application Data\Leadertech
2008-06-17 16:22:57 0 d-------- C:\Program Files\Picasa2
2008-06-16 21:39:16 0 d-------- C:\Documents and Settings\emorris\Application Data\Opera
2008-06-16 21:39:08 0 d-------- C:\Program Files\Opera
2008-06-16 10:04:27 0 d-------- C:\Documents and Settings\emorris\Application Data\AdobeUM
2008-06-11 16:31:40 0 d-------- C:\Documents and Settings\emorris\Application Data\U3
2008-06-11 14:51:35 0 d-------- C:\Program Files\MSECache
2008-06-11 09:26:50 0 d-------- C:\Program Files\IBM
2008-06-11 09:25:38 0 d-------- C:\Documents and Settings\emorris\Application Data\.ncisetup
2008-06-11 09:23:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-11 09:23:24 0 d-------- C:\Program Files\Common Files
2008-06-06 13:39:48 0 d-------- C:\Documents and Settings\emorris\Application Data\Adobe
2008-05-14 16:37:28 72 --a------ C:\WINDOWS\system32\°S÷
2008-05-05 17:17:20 720 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eab26124-a167-48cc-8db4-0312f32f5da8}]
08/03/2008 04:39 PM 130432 --a------ C:\WINDOWS\system32\kdcvfl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [01/11/2008 02:30 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [01/11/2008 02:30 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [08/11/2007 02:30 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/11/2007 02:30 AM]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [04/27/2007 03:33 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [06/02/2006 11:00 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/19/2005 06:11 PM]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [01/11/2008 03:21 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 02:03 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 06:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [08/16/2006 11:07 AM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [03/15/2006 05:07 PM]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [03/13/2006 05:38 PM]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [07/14/2006 07:13 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/05/2008 03:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/05/2008 03:48 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/05/2008 03:48 PM]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [03/26/2008 04:06 AM]
"LPMailChecker"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe" [01/11/2008 03:21 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/19/2008 04:26 PM]
"GoBoingo"="C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk" [08/05/2008 10:35 AM]
"TpShocks"="TpShocks.exe" [11/22/2007 04:09 PM C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [10/17/2005 02:11 AM C:\WINDOWS\system32\TP4EX.exe]
"Antivirus"="C:\Program Files\VAV\vav.exe" []
"989c8f27"="C:\WINDOWS\system32\kxvdofqd.dll" [08/03/2008 04:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [08/20/2007 02:42 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 4:38:16 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/30/2008 10:45:37 AM]
Program Neighborhood Agent.lnk - C:\WINDOWS\Installer\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [5/2/2008 7:41:10 AM]
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [4/30/2008 3:25:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 08/16/2006 11:07 AM 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 08/14/2007 04:54 PM 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sgqaad.dll kdcvfl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys]
@="driver"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5efeb94a-37ca-11dd-b68b-001558815562}]
AutoRun\command- E:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-05 20:12:21 ------------

+++++++++++++++++++++++++++++++++++++++++++++++


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
CPU 1: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 1014.36 MiB / 294.79 MiB
Pagefile Memory (total/avail): 2440.52 MiB / 1375.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.34 MiB

C: is Fixed (NTFS) - 51.35 GiB total, 25.04 GiB free.
D: is CDROM (No Media)
R: is Removable (FAT)
X: is Network (Unformatted)
Y: is Network (Unformatted)
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - HTS541060G9SA00 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 51.35 GiB - C:
\PARTITION1 - Unknown - 4.53 GiB



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

AV: Symantec Endpoint Protection v11.0.1000.1112 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe:*:Enabled:SMC Service"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE:*:Enabled:SNAC Service"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\IBM\\Tivoli\\Netcool\\platform\\win32\\jre_1.5.4\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Tivoli\\Netcool\\platform\\win32\\jre_1.5.4\\jre\\bin\\java.exe:*:Enabled:Java launcher"
"C:\\Program Files\\IBM\\Tivoli\\Netcool\\omnibus\\bin\\nco_objserv.exe"="C:\\Program Files\\IBM\\Tivoli\\Netcool\\omnibus\\bin\\nco_objserv.exe:*:Enabled:nco_objserv"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\emorris\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MORRIS-ET60
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\emorris
LOGONSERVER=\\ADC6
NCHOME=C:\Program Files\IBM\Tivoli\Netcool
NCLICENSE=C:\Program Files\IBM\Tivoli\Netcool\license
NUMBER_OF_PROCESSORS=2
OMNIHOME=C:\Program Files\IBM\Tivoli\Netcool\omnibus
OS=Windows_NT
Path=C:\Program Files\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\IBM\Tivoli\Netcool\platform\win32\bin;C:\Program Files\IBM\Tivoli\Netcool\omnibus\platform\win32\bin;C:\Program Files\Support Tools\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWSHARE=C:\SWSHARE
SYBASE=C:\Program Files\IBM\Tivoli\Netcool\
SYBASE_OCS=OCS-15_0
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\emorris\LOCALS~1\Temp
TMP=C:\DOCUME~1\emorris\LOCALS~1\Temp
TPCCommon=C:\PROGRA~1\THINKV~2\PrdCtr
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
USERDNSDOMAIN=BWINC.LOCAL
USERDOMAIN=BWINC
USERNAME=emorris
USERPROFILE=C:\Documents and Settings\emorris
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

helpdesk (admin)
Administrator (admin)
helpdesk.BWINC (admin)
emorris (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Cisco Systems VPN Client 5.0.02.0090 --> MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE}
Citrix Presentation Server Client --> MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
Client Security Solution --> MsiExec.exe /I{48227AEB-DC8E-4A90-A274-0B4A39D699B1}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Diskeeper Lite --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
Gadwin PrintScreen --> C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
GoBoingo! --> MsiExec.exe /X{12723C3A-0FF8-4A0C-8BD3-DC958F388F67}
GTK+ Runtime 2.12.8 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111 -->
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
jre150IBMr4 --> MsiExec.exe /X{0B46FA00-BEEF-4024-BF2C-6EB1D96E88AA}
libtre --> MsiExec.exe /X{34A6216E-0911-480E-A2BA-16DBB7AE4C30}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.3 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
nco_admin_feature --> MsiExec.exe /X{99A826AA-0793-4C29-9AC9-948DB8CE6877}
nco_administrator --> MsiExec.exe /X{34F8D641-773B-4486-8309-F676C059F90B}
nco_administrator_script --> MsiExec.exe /X{408F9C74-E3BA-4C07-802A-F06A620DA303}
nco_aen_client --> MsiExec.exe /X{A75F4F64-CA18-4412-B570-5BB378D864CF}
nco_aen_client_feature --> MsiExec.exe /X{BF6FFFC3-9E42-4EBA-9F05-E648CA2293F1}
nco_aen_help --> MsiExec.exe /X{618D63C3-A874-4DB9-B0F3-9078625183F7}
nco_aes_crypt --> MsiExec.exe /X{BB45212B-A068-4D31-9813-801CE447DA76}
nco_baroc2sql --> MsiExec.exe /X{67CE6C2A-3628-4367-B01E-75AE15590707}
nco_check_store --> MsiExec.exe /X{38B1DC83-C3AD-4570-B2A3-7D42011A3B56}
nco_conductor --> MsiExec.exe /X{D8EC54BC-FD78-4171-B28E-6E587F787278}
nco_config_help --> MsiExec.exe /X{7E7A9DCD-AAE2-4F99-8775-3C8F9E82CC7C}
nco_confpack --> MsiExec.exe /X{6626ED8E-BC54-404F-AC98-035C1BD300D0}
nco_confpack_feature --> MsiExec.exe /X{DE0508AC-1073-4C91-A9D4-ED0C3F66063F}
nco_crypt --> MsiExec.exe /X{8AD1B9D6-2AC4-4231-A919-D333C3E20A4F}
nco_dbinit --> MsiExec.exe /X{088E3BA9-2B80-4A4A-8AA0-4703A7FB0E8A}
nco_desktop_config --> MsiExec.exe /X{1D702C17-5C13-4120-8EA4-74A4BC05803F}
nco_desktop_dll --> MsiExec.exe /X{D625A389-C650-4D6B-934E-E9CB0CDAF2CC}
nco_desktop_feature --> MsiExec.exe /X{29B06A5A-29C0-455D-8821-3379370D4B82}
nco_desktop_help --> MsiExec.exe /X{70031790-74D6-4B9C-8E27-A423CF4702D9}
nco_desktop_ocx --> MsiExec.exe /X{4501A605-2728-4AE9-A98B-4B779ED20AF8}
nco_elct --> MsiExec.exe /X{7A7903B2-282C-4499-8641-1FB081B01443}
nco_eventlist --> MsiExec.exe /X{DA21F468-A589-45EF-BB45-91F0BA0E9023}
nco_g_crypt --> MsiExec.exe /X{DFC94465-F7B2-4F57-8211-A06788E7FB6B}
nco_g_objserv_bi --> MsiExec.exe /X{AAD5622A-5B5E-43B1-AF95-9DCD74068E7F}
nco_g_objserv_uni --> MsiExec.exe /X{0C74F02C-9BE6-4330-865C-09B6C88D5C3F}
nco_gateways_feature --> MsiExec.exe /X{439802C9-BB6F-410D-B71A-C932FCB36F3C}
nco_help_configuration --> MsiExec.exe /X{C9A742ED-D9B5-43E8-8601-C18D33CA5500}
nco_helpexec --> MsiExec.exe /X{9626C73D-DDAC-4C5B-857E-B8B77380954B}
nco_IEHS --> MsiExec.exe /X{49005E6F-FE72-41E9-8F7E-7E3D1CBFE9A4}
nco_iehs_feature --> MsiExec.exe /X{2D9D2253-09AE-45A6-8522-33F2B9C0EF33}
nco_java_niduc --> MsiExec.exe /X{019EA5FC-A659-40A1-AD78-0EBA5C7093BB}
nco_java_utility --> MsiExec.exe /X{65953229-931F-4A95-B352-62FFE4B60857}
nco_jConnect --> MsiExec.exe /X{485D2323-FDB4-4E78-9E1C-814C2E4FCE5A}
nco_jre150 --> MsiExec.exe /X{26523054-B917-4E43-B644-68716FA22288}
nco_keygen --> MsiExec.exe /X{51062247-3249-4D04-B3F5-E9D551FFCE27}
nco_libADT --> MsiExec.exe /X{0D0623A7-F671-42D7-8CE2-501E2BFE5C64}
nco_libArch --> MsiExec.exe /X{415FEF10-F845-478F-97CF-4F9151DAA8A1}
nco_libCrypt --> MsiExec.exe /X{CADBAAC0-8F18-4752-A32A-96EC71394033}
nco_libDaemon --> MsiExec.exe /X{834AD00A-9105-4623-ACCA-DD7E73B41569}
nco_libnauto --> MsiExec.exe /X{E11A48EA-CEBF-4703-83DA-B01AF26050DE}
nco_libncmd --> MsiExec.exe /X{3CEBA8D8-2CF0-473A-B381-51F1ADD57FBB}
nco_libnetcool --> MsiExec.exe /X{843A0B42-BB82-4D95-9934-1262C99E591D}
nco_libngcmd --> MsiExec.exe /X{2270A100-9F40-4CD3-A0A9-2705E28DB085}
nco_libngobjserv --> MsiExec.exe /X{E0956FFA-994F-4B7D-8C45-AEDF8D7B5090}
nco_libngtk --> MsiExec.exe /X{1D955E07-E38A-4525-914B-1C73E94F7359}
nco_libniduc_client --> MsiExec.exe /X{40A33D21-3071-4B0D-92E2-40A83FB491EB}
nco_libniduc_server --> MsiExec.exe /X{70350E97-AE9E-4B94-9E47-2174E16A7D5B}
nco_libnipc --> MsiExec.exe /X{6F34D36D-F691-4594-8075-1868FCD34D78}
nco_libnmemstore --> MsiExec.exe /X{3C4885D3-B8D4-4639-B8AD-F8894FBE06EF}
nco_libnobjserv --> MsiExec.exe /X{1717B453-A3CA-4C13-BD18-1B471C8BC325}
nco_libnproc --> MsiExec.exe /X{42129935-7F5D-4740-BED6-32486F24C40D}
nco_libnregion --> MsiExec.exe /X{DF00DF58-4252-49C2-AAE9-630AAF1B490A}
nco_libnsecurity --> MsiExec.exe /X{40F4ABD1-6FC8-47BB-B595-A56741EB250F}
nco_libnstk --> MsiExec.exe /X{89A4F9AB-2E30-4E3D-8BBA-206D36D7C1C7}
nco_libnstore --> MsiExec.exe /X{D62362AB-B02E-4DA8-B79F-050B56A1E766}
nco_libOpl --> MsiExec.exe /X{DC9411BB-CA60-4A6F-9EC7-B0E16DAC5F42}
nco_libOul --> MsiExec.exe /X{713F080D-E815-449D-B11E-0EBC0E473119}
nco_libPl --> MsiExec.exe /X{D08AAA85-28E9-4185-833F-70625B301F15}
nco_libregexp --> MsiExec.exe /X{F3E1BFA4-27FE-4490-9B51-5698AE38336F}
nco_libsecurelogin --> MsiExec.exe /X{679B7982-97E8-4E70-A51F-1D97D6C7FF4A}
nco_message --> MsiExec.exe /X{00D82E03-DCD3-4A32-BE99-648A8ED49860}
nco_network_ipv4 --> MsiExec.exe /X{A838563F-46F0-4C55-8399-D29189233244}
nco_objserv --> MsiExec.exe /X{9F3699C1-D261-4CF4-A7E7-580F6BB14F49}
nco_oem_files --> MsiExec.exe /X{CD71B1C2-AE58-4968-BD6D-517B40CC4632}
nco_omnibus_scripts --> MsiExec.exe /X{B6158850-321C-4A81-8A84-6319460BA9C0}
nco_omnirun --> MsiExec.exe /X{0EBAEE9C-8596-4B14-A6E9-DDA6FB2D3EBF}
nco_os_migrate --> MsiExec.exe /X{54252C96-18A0-4675-8DFD-FDAF66E5B8D6}
nco_pa --> MsiExec.exe /X{21C4872D-4361-4480-B0B8-AFD88B525065}
nco_pa_feature --> MsiExec.exe /X{EC735EDB-C556-429F-89AA-4CBD77164192}
nco_postinstall_feature --> MsiExec.exe /X{8AF26865-DD22-40B2-8D2F-077552CC715E}
nco_preinstall_feature --> MsiExec.exe /X{6C6E15F5-95CA-44A3-AFB6-AC54BDD11A99}
nco_probe_support_feature --> MsiExec.exe /X{E230ACC1-91D1-4564-AC5B-A0D4BAA7DBA0}
nco_proxyserv --> MsiExec.exe /X{B63AD184-039C-4389-B302-B1BAC93AAEC1}
nco_sectables --> MsiExec.exe /X{4B7E9216-D5BA-4AEB-84C8-B62C38652A7C}
nco_server_feature --> MsiExec.exe /X{84F8644D-228B-4D34-AE41-7516669D9380}
nco_sql_ini --> MsiExec.exe /I{6DFE30D8-C8F3-4597-9E63-43811E79E1A0}
nco_ssladmin --> MsiExec.exe /X{66D949DA-74A1-49BC-A780-8A8E64FEE1D9}
nco_store_resize --> MsiExec.exe /X{838ADC95-6C2F-4ECA-9EC9-3C3EAA1E30C9}
nco_win_migrate --> MsiExec.exe /X{A13E5F35-7467-40AA-8B3E-6C5D4B286CBF}
nco_win_migrate_final --> MsiExec.exe /X{9AF7D302-8E7A-4E09-AA2B-166A762F60FC}
Netcool/Licensing --> MsiExec.exe /X{FEFCEA13-09F2-4109-A68E-B25FCE09DD89}
Opera 9.50 --> MsiExec.exe /X{7472B5B4-3FB7-446F-BC78-6BBA506EC473}
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\SETUP.EXE" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remedy User 6.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{437B532F-EB2B-40A2-8585-DEFA15F92C76}\setup.exe" -l0x9 Useruninstall
Remove Multimedia Center --> C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery Critical Patch for Windows Update (KB917422) --> MsiExec.exe /X{83E5061B-A69A-46AD-A780-1DA6569FF283}
Security Update for Step By Step Interactive Training (KB898458) -->
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo --> MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sybase15Libs --> MsiExec.exe /X{4EBE4D19-3B56-40B1-8103-1A32019F96BA}
SybaseOCS --> MsiExec.exe /X{F51552DF-29BF-4F52-9599-25B158D22355}
Symantec Endpoint Protection --> MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
System Migration Assistant --> MsiExec.exe /X{9EA84FDD-CCC0-47FD-A993-923165BEA47A}
ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Away Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Fingerprint Software 5.6 --> MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe"
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Server 2003 Administration Tools Pack --> MsiExec.exe /I{5E076CF2-EFED-43A2-A623-13E0D62EC7E0}
Windows Support Tools --> MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type11059 / Error
Event Submitted/Written: 08/04/2008 06:45:31 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info: Suspend Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\system32\IPSSVC.EXE (PID 1304)
Time: Monday, August 04, 2008 6:45:31 PM

Event Record #/Type11058 / Error
Event Submitted/Written: 08/04/2008 06:45:31 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info: Suspend Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\system32\IPSSVC.EXE (PID 1304)
Time: Monday, August 04, 2008 6:45:31 PM

Event Record #/Type11057 / Error
Event Submitted/Written: 08/04/2008 06:45:31 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info: Suspend Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\system32\IPSSVC.EXE (PID 1304)
Time: Monday, August 04, 2008 6:45:31 PM

Event Record #/Type11056 / Error
Event Submitted/Written: 08/04/2008 06:45:31 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info: Suspend Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\system32\IPSSVC.EXE (PID 1304)
Time: Monday, August 04, 2008 6:45:31 PM

Event Record #/Type11055 / Error
Event Submitted/Written: 08/04/2008 06:45:31 PM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
Event Info: Suspend Thread
Action Taken: Logged
Actor Process: C:\WINDOWS\system32\IPSSVC.EXE (PID 1304)
Time: Monday, August 04, 2008 6:45:31 PM



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8831 / Warning
Event Submitted/Written: 08/05/2008 04:43:31 PM
Event ID/Source: 11165 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


Adapter Name : {B5EFE5C6-65FE-44D8-B6C1-F57CF3157729}

Host Name : morris-et60

Primary Domain Suffix : BWINC.local

DNS server list :

192.168.0.1, 24.56.133.70

Sent update to server : 10.1.1.1

IP Address(es) :

192.168.0.12


The reason the system could not register these RRs was because the
DNS server contacted refused the update request. The reasons for this
might be (a) you are not allowed to update the specified DNS domain name,
or (:thumbsup: because the DNS server authoritative for this name does not support
the DNS dynamic update protocol.


To register the DNS host (A) resource records using the specific DNS
domain name and IP addresses for this adapter, contact your DNS server
or network systems administrator.

Event Record #/Type8828 / Warning
Event Submitted/Written: 08/05/2008 04:29:26 PM
Event ID/Source: 30 / e1express
Event Description:
Intel® PRO/1000 PL Network Connection
is set up for auto-negotiation but the link partner is not configured for auto-negotiation. A duplex mismatch may occur.

Event Record #/Type8823 / Error
Event Submitted/Written: 08/05/2008 04:28:49 PM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain BWINC due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Event Record #/Type8814 / Warning
Event Submitted/Written: 08/05/2008 03:08:27 PM
Event ID/Source: 11197 / DnsApi
Event Description:
The system failed to update and remove host (A) resource records (RRs)
for network adapter
with settings:


Adapter Name : {90C4EA1D-9313-4FEE-8D06-6A4544637C89}

Host Name : morris-et60

Primary Domain Suffix : BWINC.local

DNS server list :

10.1.0.19, 10.10.0.11

Sent update to server : 10.1.1.1

IP Address(es) :

10.1.5.102


The reason the update request failed was because of a system problem.
For specific error code, see the record data displayed below.

Event Record #/Type8803 / Warning
Event Submitted/Written: 08/05/2008 02:17:13 PM
Event ID/Source: 11165 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


Adapter Name : {B5EFE5C6-65FE-44D8-B6C1-F57CF3157729}

Host Name : morris-et60

Primary Domain Suffix : BWINC.local

DNS server list :

192.168.100.1

Sent update to server : 10.1.1.1

IP Address(es) :

192.168.100.123


The reason the system could not register these RRs was because the
DNS server contacted refused the update request. The reasons for this
might be (a) you are not allowed to update the specified DNS domain name,
or (:) because the DNS server authoritative for this name does not support
the DNS dynamic update protocol.


To register the DNS host (A) resource records using the specific DNS
domain name and IP addresses for this adapter, contact your DNS server
or network systems administrator.



-- End of Deckard's System Scanner: finished at 2008-08-05 20:12:21 ------------

+++++++++++++++++++++++++++++++++

End of post!

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:06 PM

Posted 06 August 2008 - 09:42 PM

Hello Snail,

Is this a work or business computer?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Snail

Snail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:02:06 PM

Posted 07 August 2008 - 09:52 AM

Sifu,

It's a work computer.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:06 PM

Posted 07 August 2008 - 10:12 AM

Hi Snail,

You said this is a work computer.....does your company have an IT department?

If so, this would be a job for them. This computer is really infected, and this is what they are paid to do. We're volunteers that work for free here, on a donation only basis.

Your company may also have policies in place for this kind of thing, and I won't be responsible for possibly going against policy.

Please let me know what you're going to do.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Snail

Snail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:02:06 PM

Posted 07 August 2008 - 12:55 PM

Thank you. I will contact IT and see if they can do something remotely since I am not in the office.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:06 PM

Posted 07 August 2008 - 05:12 PM

Hi snail,

IT depts will not want to have your business information at risk, so they normally reformat and reinstall the business computer to make sure it is clean.

I can remove the malware... but IT dept will frown on that, as it is against their policy.

Edited by SifuMike, 07 August 2008 - 05:13 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Snail

Snail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:02:06 PM

Posted 07 August 2008 - 06:30 PM

Sifu,

I was advised to update and scan with Symantec Endpoint Protection which I did and followed up by running Spybot S&D which found and cleaned some infections. Spybot S&D confirms that all infections have been removed. DSS log is included below:


++++++++++++++++++++++++++++++

Deckard's System Scanner v20071014.68
Run by emorris on 2008-08-07 17:22:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as emorris.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:00 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IBM\Tivoli\Netcool\license\bin\lmgrd.exe
C:\Program Files\IBM\Tivoli\Netcool\omnibus\bin\nco_objserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\Tivoli\Netcool\license\bin\netcool.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\emorris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\emorris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] "C:\Program Files\Lenovo\AwayTask\AwaySch.EXE"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPFNF7] "C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GoBoingo] "C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {55536E1C-8D74-4CC0-B39D-A3151002E43C} (InstallationModuleAX Class) - http://209.98.212.5:6975/webexplorer/Insta...stallClient.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BWINC.local
O17 - HKLM\Software\..\Telephony: DomainName = BWINC.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BWINC.local
O20 - AppInit_DLLs: sgqaad.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NCO Flex License Manager (NCOFlexLicense) - Macrovision Corporation - C:\Program Files\IBM\Tivoli\Netcool\license\bin\lmgrd.exe
O23 - Service: Netcool/OMNIbus Object Server (NCOObjectServer) - IBM Corp. - C:\Program Files\IBM\Tivoli\Netcool\omnibus\bin\nco_objserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 11731 bytes

-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-07 11:52:49 0 d-------- C:\TEMP
2008-08-03 16:15:28 0 d-------- C:\Program Files\Support Tools
2008-08-03 15:25:50 0 d-------- C:\Documents and Settings\emorris\Application Data\Malwarebytes
2008-08-03 15:25:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 14:41:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-03 13:36:41 0 d-------- C:\Program Files\Trend Micro
2008-08-03 13:11:59 164 --a------ C:\install.dat
2008-08-03 11:57:50 0 d-------- C:\WINDOWS\pss
2008-08-03 10:42:08 0 d-------- C:\Program Files\Lavasoft
2008-08-03 10:42:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-03 10:30:29 0 d-------- C:\Documents and Settings\emorris\Application Data\TmpRecentIcons
2008-07-29 14:12:08 0 d-------- C:\Documents and Settings\emorris\Application Data\WinRAR
2008-07-25 13:03:23 0 d-------- C:\Documents and Settings\emorris\Application Data\Apple Computer
2008-07-25 12:57:10 0 d-------- C:\Program Files\Apple Software Update
2008-07-25 12:57:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-10 11:32:37 0 d-------- C:\Program Files\Gadwin Systems


-- Find3M Report ---------------------------------------------------------------

2008-08-07 14:40:22 0 d-------- C:\Documents and Settings\emorris\Application Data\.purple
2008-08-07 12:22:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-07 12:20:33 0 d-------- C:\Program Files\Symantec
2008-08-03 18:36:20 0 d-------- C:\Program Files\PCDR5
2008-08-03 15:14:13 3216 --a------ C:\WINDOWS\system32\encobject.dat
2008-08-03 12:54:31 0 d-------- C:\Program Files\Google
2008-08-03 10:41:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 22:07:16 0 d-------- C:\Documents and Settings\emorris\Application Data\uTorrent
2008-06-17 20:17:15 0 d-------- C:\Documents and Settings\emorris\Application Data\Sonic
2008-06-17 20:17:05 0 d-------- C:\Documents and Settings\emorris\Application Data\Leadertech
2008-06-17 16:22:57 0 d-------- C:\Program Files\Picasa2
2008-06-16 21:39:16 0 d-------- C:\Documents and Settings\emorris\Application Data\Opera
2008-06-16 21:39:08 0 d-------- C:\Program Files\Opera
2008-06-16 10:04:27 0 d-------- C:\Documents and Settings\emorris\Application Data\AdobeUM
2008-06-11 16:31:40 0 d-------- C:\Documents and Settings\emorris\Application Data\U3
2008-06-11 14:51:35 0 d-------- C:\Program Files\MSECache
2008-06-11 09:26:50 0 d-------- C:\Program Files\IBM
2008-06-11 09:25:38 0 d-------- C:\Documents and Settings\emorris\Application Data\.ncisetup
2008-06-11 09:23:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-11 09:23:24 0 d-------- C:\Program Files\Common Files
2008-05-14 16:37:28 72 --a------ C:\WINDOWS\system32\°S÷


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [01/11/2008 02:30 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [01/11/2008 02:30 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [08/11/2007 02:30 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/11/2007 02:30 AM]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [04/27/2007 03:33 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [06/02/2006 11:00 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/19/2005 06:11 PM]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [01/11/2008 03:21 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 02:03 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 06:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [08/16/2006 11:07 AM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [03/15/2006 05:07 PM]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [03/13/2006 05:38 PM]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [07/14/2006 07:13 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/05/2008 03:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/05/2008 03:48 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/05/2008 03:48 PM]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [03/26/2008 04:06 AM]
"LPMailChecker"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe" [01/11/2008 03:21 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/14/2008 06:11 PM]
"GoBoingo"="C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk" [08/07/2008 03:27 PM]
"TpShocks"="TpShocks.exe" [11/22/2007 04:09 PM C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [10/17/2005 02:11 AM C:\WINDOWS\system32\TP4EX.exe]
"Antivirus"="C:\Program Files\VAV\vav.exe" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 04:06 PM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 05:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [08/20/2007 02:42 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 4:38:16 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/30/2008 10:45:37 AM]
Program Neighborhood Agent.lnk - C:\WINDOWS\Installer\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [5/2/2008 7:41:10 AM]
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [4/30/2008 3:25:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 08/16/2006 11:07 AM 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 08/14/2007 04:54 PM 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sgqaad.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys]
@="driver"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5efeb94a-37ca-11dd-b68b-001558815562}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-08-07 17:23:50 ------------

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:06 PM

Posted 07 August 2008 - 10:07 PM

Hi Snail,

Good thing you contacted your IT Dept. as they are in charge of cleaning this computer.
Their policy is not to let outsiders change files on your computer, as it is too risky.

I don't want to interfere with your IT Dept's cleaning of this computer, so contact them, and follow their advice.

Edited by SifuMike, 07 August 2008 - 10:12 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:06 PM

Posted 13 August 2008 - 03:22 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users