Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help restoring network access after removal of mywebsearch and other malware....


  • This topic is locked This topic is locked
7 replies to this topic

#1 Wxfreekj

Wxfreekj

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 30 January 2010 - 05:53 PM

Hello,

My click-happy six year old downloaded what I thought was Mywebsearch. When I ran NAV, it found nothing. When I ran Adaware and Spybot, there were many things discoverd...I than ran malwarebytes and more were discovered and all seemed clean and removed. When I try to access the net with IE/Firefox/ or Chrome, I can't access the internet--even though the status of the wireless network seems fine. I tried to purge and renew via ipconfig--nada. I made sure tcp/ip settings were correct (I think anyway)--still nada. I am really struggling with this one. I never ran in safe mode--because when I tried to restart in safe mode, I'd get the blue screen of death at the following line referencing aqpcpa.sys (I think)? Any help would be GREATLY appreciated! I have posted all info I have below. Thanks in advance.


DDS (Ver_09-12-01.01) - NTFSx86
Run by jtm17360 at 14:22:50.51 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.72 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\jtm17360\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\jtm17360\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\DeLorme\DelSerial\DeLSerial.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
E:\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\RootRepeal.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://search.live.com
uSearch Bar = hxxp://search.live.com/sphome.aspx
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SmileboxTray] "c:\documents and settings\jtm17360\application data\smilebox\SmileboxTray.exe"
uRun: [Google Update] "c:\documents and settings\jtm17360\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Microsoft Location Finder] "c:\program files\microsoft location finder\LocationFinder.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [IntelAPMClient] "c:\program files\landesk\ldclient\amclient.exe" /apm /s /ro /to=10 /Retry=2 /Tspan=60 /Rstart
mRun: [LANDeskInventoryClient] "c:\program files\landesk\ldclient\LDIScn32.exe" /NTT=LDMS:5007 /S=LDMS /I=HTTP://LDMS/ldlogon/ldappl3.ldz /NOUI /rstart=60
mRun: [SDClientMonitor] "c:\program files\landesk\ldclient\webportal\sdclientmonitor.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\jtm17360\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\jtm17360\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\delorm~1.lnk - c:\windows\installer\{89ee0ed7-dce1-4d3a-9f10-2bdccd97e9aa}\DelSerial_StartupS_89EE0ED7DCE14D3A9F102BDCCD97E9AA.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\seremu~1.lnk - c:\program files\common files\delorme\delserial\SerEmulVspStartup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: &Search - ?p=ZCfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: creighton.edu
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186933080718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://banprod.creighton.edu/forms/jinitiator/jinit.exe
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/games/beje2/popcaploader.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Notify: ACNotify - ACNotify.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jtm17360\applic~1\mozilla\firefox\profiles\xiq9pwcm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\jtm17360\application data\mozilla\firefox\profiles\xiq9pwcm.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\jtm17360\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-20 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
R2 SerEmulVsp;SerEmulVsp;c:\windows\system32\drivers\SerEmulVsp.sys [2007-3-28 134560]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-8 11152]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2007-8-12 249856]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-13 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-1 102448]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2007-8-12 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2007-8-12 3328]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-6-8 81280]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2007-8-12 3712]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100125.003\naveng.sys [2010-1-26 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100125.003\navex15.sys [2010-1-26 1323568]
R3 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
S1 00Q4034;00Q4034;c:\windows\system32\drivers\00Q4034.sys [2010-1-19 72192]
S2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2006-1-11 122880]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-10 135664]
S3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;c:\rsi\idl63\bin\bin.x86\idl_dicomexstorscp.exe [2006-3-27 49152]

=============== Created Last 30 ================

2010-01-30 01:54:35 0 d-----w- c:\docume~1\jtm17360\applic~1\Malwarebytes
2010-01-30 01:53:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 01:53:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-30 01:53:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 01:53:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 01:56:08 0 ----a-w- c:\windows\system32\18467.exe
2010-01-23 02:01:34 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-23 02:01:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-22 23:57:47 0 d-sh--w- c:\documents and settings\jtm17360\IECompatCache
2010-01-21 20:51:11 0 ----a-w- c:\windows\system32\drivers\.sys
2010-01-21 16:35:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-21 03:22:19 0 d-sh--w- c:\documents and settings\jtm17360\PrivacIE
2010-01-21 03:01:25 0 d-sh--w- c:\documents and settings\jtm17360\IETldCache
2010-01-21 02:42:59 0 d-----w- c:\windows\ie8updates
2010-01-21 02:34:23 0 dc-h--w- c:\windows\ie8
2010-01-21 02:24:31 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-21 02:24:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-21 02:23:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-21 02:23:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-21 02:23:25 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-21 02:23:22 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-21 02:22:50 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-20 21:39:59 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-20 12:51:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 05:18:27 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 05:15:41 0 d-----w- c:\program files\Lavasoft
2010-01-19 23:57:01 72192 ----a-w- c:\windows\system32\drivers\00Q4034.sys
2010-01-17 21:53:09 0 d-----w- c:\docume~1\alluse~1\applic~1\FreshGames
2010-01-13 14:59:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 20:33:55 0 d-----w- c:\program files\YouTube Downloader
2010-01-03 20:31:55 0 d-----w- c:\program files\iPod
2010-01-03 20:31:30 0 d-----w- c:\program files\iTunes
2010-01-03 20:31:30 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-03 20:04:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-03 19:49:19 0 d-----w- c:\program files\Bonjour
2010-01-03 19:44:51 0 d-----w- c:\program files\WindSolutions
2010-01-03 19:44:44 0 d-----w- c:\docume~1\jtm17360\applic~1\WindSolutions
2010-01-03 19:44:44 0 d-----w- c:\docume~1\alluse~1\applic~1\WindSolutions

==================== Find3M ====================

2010-01-19 02:43:41 58164 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 14:33:39.29 ===============


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/30 14:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00Q4034.sys
Image Path: C:\WINDOWS\system32\drivers\00Q4034.sys
Address: 0xEBE8F000 Size: 94208 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xEBDAD000 Size: 778240 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB35D1000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8601bf68

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8601be38

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8587c108

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x85e37a78

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf761987e

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8601fe00

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x859f5108

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xeb075350

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x86032f40

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8601de40

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8601cf40

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x85f03dd0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x86020b70

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8602af68

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8604bc80

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0x8585c778

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x859347b8

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8604cc50

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x86049c88

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8604cd80

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xeb075580

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x86020c10

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8604ec18

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x86003e40

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8604dd40

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8604be68

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x85decc58

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x85d7f020]
Process: System Address: 0xebe91af0 Size: 632

Object: Hidden Code [ETHREAD: 0x82ddf020]
Process: System Address: 0xebe91dd0 Size: 183

Object: Hidden Code [ETHREAD: 0x82be4da8]
Process: System Address: 0xebe914e0 Size: 634

==EOF==

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:28 PM, on 1/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\LANDesk\LDClient\LDIScn32.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\jtm17360\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\jtm17360\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\DeLorme\DelSerial\DeLSerial.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /to=10 /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=LDMS:5007 /S=LDMS /I=HTTP://LDMS/ldlogon/ldappl3.ldz /NOUI /rstart=60
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\jtm17360\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jtm17360\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\jtm17360\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: DeLorme Serial Emulator.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: SerEmul for DeLorme Serial Emulator.lnk = C:\Program Files\Common Files\DeLorme\DelSerial\SerEmulVspStartup.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZCfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\helper32.dll' missing
O15 - Trusted Zone: *.creighton.edu
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (MSN Games – Matchmaking) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (MSN Games – Game Chat) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186933080718
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://banprod.creighton.edu/forms/jinitiator/jinit.exe
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/beje2/popcaploader.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blue.jays.creighton.edu
O17 - HKLM\Software\..\Telephony: DomainName = blue.jays.creighton.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = blue.jays.creighton.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blue.jays.creighton.edu
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IDL DicomEx Storage SCP - Unknown owner - C:\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 17789 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:37 AM

Posted 07 February 2010 - 11:03 AM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 Wxfreekj

Wxfreekj
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 07 February 2010 - 02:35 PM

Thank you Syler!

NAV Autoprotect has recently began catching--but unsuccessfully removing : Backdoor.tidserv.I!inf

Here are the logs you requested!

Logfile of random's system information tool 1.06 (written by random/random)
Run by JTM17360 at 2010-02-07 12:48:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (12%) free of 76 GB
Total RAM: 1006 MB (26% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2753870689-4151370466-3966214741-55236Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2753870689-4151370466-3966214741-55236UA.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2010-01-14 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll [2009-12-08 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-10-14 131072]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll [2009-12-08 506720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-17 8433664]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-04-09 1015808]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2007-04-03 839680]
"PSQLLauncher"=C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [2007-03-08 49168]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-17 81920]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2007-03-23 120368]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-04-10 58416]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"IntelAPMClient"=C:\Program Files\LANDesk\LDClient\amclient.exe [2006-08-07 311296]
"LANDeskInventoryClient"=C:\Program Files\LANDesk\LDClient\LDIScn32.exe [2006-09-19 847872]
"SDClientMonitor"=C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe [2005-12-09 258048]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [2009-12-08 240992]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"SmileboxTray"=C:\Documents and Settings\jtm17360\Application Data\Smilebox\SmileboxTray.exe [2009-12-07 266888]
"Google Update"=C:\Documents and Settings\jtm17360\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 133104]
"Microsoft Location Finder"=C:\Program Files\Microsoft Location Finder\LocationFinder.exe [2005-08-24 101080]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-18 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DeLorme Serial Emulator.lnk - C:\WINDOWS\Installer\{89EE0ED7-DCE1-4D3A-9F10-2BDCCD97E9AA}\DelSerial_StartupS_89EE0ED7DCE14D3A9F102BDCCD97E9AA.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
SerEmul for DeLorme Serial Emulator.lnk - C:\Program Files\Common Files\DeLorme\DelSerial\SerEmulVspStartup.exe

C:\Documents and Settings\jtm17360\Start Menu\Programs\Startup
MLB.TV NexDef Plug-in.lnk - C:\Documents and Settings\jtm17360\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2007-07-05 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2007-03-08 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00Q4034]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\00Q4034]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\msgsys.exe"="C:\WINDOWS\system32\msgsys.exe:*:Enabled:CBA -- Message System"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe"="C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe:*:Enabled:mlb-nexdef-autobahn"
"C:\Program Files\WinSCP\WinSCP.exe"="C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\U.exe"="C:\U.exe:*:Enabled:enable"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\LANDesk\Shared Files\residentagent.exe"="C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\outlook.exe"="C:\Program Files\Microsoft Office\OFFICE11\outlook.exe:localsubnet:enabled:outlook"
"C:\Program Files\WinSCP\WinSCP.exe"="C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LANDesk\Shared Files\residentagent.exe"="C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{525d4643-3412-11de-aa28-00197ef9347c}]
shell\AutoRun\command - F:\PhotoViewerAP_V2.1.9.exe


======List of files/folders created in the last 1 months======

2010-02-07 12:45:27 ----D---- C:\Program Files\trend micro
2010-02-07 12:45:24 ----D---- C:\rsit
2010-02-01 20:17:05 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-02-01 12:05:40 ----D---- C:\Program Files\schtml
2010-02-01 10:41:26 ----A---- C:\WINDOWS\system32\28145.exe
2010-02-01 10:21:26 ----A---- C:\WINDOWS\system32\5705.exe
2010-02-01 10:01:25 ----A---- C:\WINDOWS\system32\24464.exe
2010-02-01 09:41:25 ----A---- C:\WINDOWS\system32\26962.exe
2010-02-01 09:21:24 ----A---- C:\WINDOWS\system32\29358.exe
2010-02-01 09:01:24 ----A---- C:\WINDOWS\system32\11478.exe
2010-02-01 08:41:23 ----A---- C:\WINDOWS\system32\15724.exe
2010-02-01 08:21:23 ----A---- C:\WINDOWS\system32\19169.exe
2010-02-01 08:01:22 ----A---- C:\WINDOWS\system32\26500.exe
2010-02-01 07:41:22 ----A---- C:\WINDOWS\system32\6334.exe
2010-01-30 22:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-01-30 15:59:32 ----A---- C:\RootRepeal report 01-30-10 (15-59-32).txt
2010-01-29 19:54:35 ----D---- C:\Documents and Settings\jtm17360\Application Data\Malwarebytes
2010-01-29 19:53:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-29 19:53:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-25 19:56:08 ----A---- C:\WINDOWS\system32\18467.exe
2010-01-22 20:01:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-22 20:01:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-20 20:42:59 ----D---- C:\WINDOWS\ie8updates
2010-01-20 20:37:54 ----D---- C:\WINDOWS\WBEM
2010-01-20 20:34:23 ----HDC---- C:\WINDOWS\ie8
2010-01-20 15:39:59 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-01-19 23:18:27 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-19 23:15:41 ----D---- C:\Program Files\Lavasoft
2010-01-17 15:53:09 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames
2010-01-13 12:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 12:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-07 12:47:28 ----D---- C:\Program Files\Symantec AntiVirus
2010-02-07 12:46:48 ----D---- C:\WINDOWS\Temp
2010-02-07 12:46:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-07 12:45:27 ----D---- C:\Program Files
2010-02-07 12:45:22 ----D---- C:\WINDOWS\Prefetch
2010-02-07 09:20:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-07 08:08:20 ----D---- C:\WINDOWS\system32
2010-02-07 08:08:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-07 08:04:19 ----SD---- C:\WINDOWS\Tasks
2010-02-07 08:03:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-02-07 08:03:35 ----A---- C:\WINDOWS\system32\PROCDB.INI
2010-02-07 08:02:54 ----D---- C:\Documents and Settings\All Users\Application Data\vulScan
2010-02-07 08:02:34 ----A---- C:\TPHKLOCK.TXT
2010-02-07 08:02:33 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
2010-02-07 08:02:32 ----SHD---- C:\WINDOWS\CSC
2010-02-05 06:57:53 ----SHD---- C:\WINDOWS\Installer
2010-02-05 06:57:01 ----D---- C:\Program Files\Google
2010-02-04 20:38:07 ----D---- C:\WINDOWS\system32\drivers
2010-02-03 07:25:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-02 20:08:46 ----A---- C:\WINDOWS\DeLGPS.ini
2010-02-01 19:57:34 ----D---- C:\WINDOWS
2010-01-30 22:10:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-30 21:35:33 ----HD---- C:\WINDOWS\inf
2010-01-30 19:56:13 ----D---- C:\Program Files\Mozilla Firefox
2010-01-30 12:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-01-29 21:28:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2010-01-29 19:13:38 ----D---- C:\WINDOWS\network diagnostic
2010-01-22 17:36:18 ----D---- C:\Program Files\Internet Explorer
2010-01-22 07:56:02 ----A---- C:\WINDOWS\imsins.BAK
2010-01-22 07:48:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 15:03:43 ----D---- C:\Documents and Settings\jtm17360\Application Data\Smilebox
2010-01-20 20:55:19 ----D---- C:\WINDOWS\Help
2010-01-20 20:37:54 ----D---- C:\WINDOWS\system32\en-us
2010-01-20 20:37:42 ----D---- C:\WINDOWS\Media
2010-01-20 19:00:00 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-20 06:51:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-19 23:15:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-19 23:15:12 ----D---- C:\WINDOWS\WinSxS
2010-01-19 23:14:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-19 18:07:46 ----SHD---- C:\System Volume Information
2010-01-19 18:07:46 ----D---- C:\WINDOWS\system32\Restore
2010-01-17 16:12:44 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2010-01-17 15:44:17 ----D---- C:\Program Files\Big fish
2010-01-17 15:39:29 ----D---- C:\Program Files\bfgclient
2010-01-14 07:29:33 ----D---- C:\WINDOWS\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-02-12 196752]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-06-18 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-04-10 12848]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-08-11 21393]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R2 SerEmulVsp;SerEmulVsp; C:\WINDOWS\system32\drivers\SerEmulVsp.sys [2007-03-28 134560]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-04-13 306176]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-03-23 94848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-05-11 252312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424]
R3 ldblank;Screen Blanking driver for Remote Control; C:\WINDOWS\system32\DRIVERS\ldblank.sys [2005-07-01 11904]
R3 ldmirror;ldmirror; C:\WINDOWS\system32\DRIVERS\ldmirror.sys [2005-07-01 3328]
R3 LenovoRd;LenovoRd; C:\WINDOWS\System32\Drivers\LenovoRd.sys [2007-06-08 81280]
R3 mirrorflt;Mirror Filter Driver for Uninstall; C:\WINDOWS\system32\DRIVERS\mirrorflt.sys [2005-07-01 3712]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-17 6346720]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-18 21376]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-02-12 24720]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-03-08 40848]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S1 00Q4034;00Q4034; \??\C:\WINDOWS\system32\drivers\00Q4034.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 mr7910;Photo Viewer; C:\WINDOWS\system32\DRIVERS\mr7910.sys [2006-08-02 114560]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100204.006\naveng.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100204.006\navex15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-07-05 65536]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-07-05 184320]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 CBA8;LANDesk® Management Agent; C:\Program Files\LANDesk\Shared Files\residentagent.exe [2006-01-11 122880]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-05-31 36400]
R2 Intel Local Scheduler Service;Intel Local Scheduler Service; C:\Program Files\LANDesk\LDClient\LocalSch.EXE [2006-05-12 86016]
R2 Intel PDS;Intel PDS; C:\WINDOWS\system32\CBA\pds.exe [2005-11-17 32819]
R2 Intel Targeted Multicast;LANDesk Targeted Multicast; C:\Program Files\LANDesk\LDClient\tmcsvc.exe [2005-12-09 114688]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080]
R2 ISSUSER;LANDesk Remote Control Service; C:\PROGRA~1\LANDesk\LDClient\issuser.exe [2006-09-18 815104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-20 1181328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-06-01 987136]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 Softmon;LANDesk® Software Monitoring Service; C:\Program Files\LANDesk\LDClient\softmon.exe [2006-09-20 249856]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2009-02-06 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-10 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-17 163908]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP; C:\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe [2006-03-27 49152]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2010-02-07 12:48:57

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
-->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4 Elements-->"C:\Program Files\4 Elements\ReflexiveArcade\unins000.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x9 UNINSTALL
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bejeweled 2 Deluxe-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
Bejeweled Twist 1.0-->C:\Program Files\PopCap Games\Bejeweled Twist\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Twist\Install.log"
Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bookworm Adventures-->"C:\Program Files\Big fish\Bookworm Adventures\Uninstall.exe"
Bookworm Deluxe 1.13-->C:\Program Files\PopCap Games\Bookworm Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bookworm Deluxe\Install.log"
Bookworm Deluxe-->"C:\Program Files\Big fish\Bookworm Deluxe\Uninstall.exe"
Cassandra's Journey 2: The Fifth Sun of Nostradamus-->"C:\Program Files\Big fish\Cassandra's Journey 2 - The Fifth Sun of Nostradamus\Uninstall.exe"
Chuzzle Deluxe 1.0-->C:\Program Files\PopCap Games\Chuzzle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Chuzzle Deluxe\Install.log"
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CopyTrans Suite Remove Only-->C:\Program Files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DeLorme Serial Emulator-->MsiExec.exe /X{89EE0ED7-DCE1-4D3A-9F10-2BDCCD97E9AA}
Enlightenus-->"C:\Program Files\Big fish\Enlightenus\Uninstall.exe"
FirstClass® Client-->C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Gemini Lost-->"C:\Program Files\Big fish\Gemini Lost\Uninstall.exe"
Glyph-->"C:\Program Files\Big fish\Glyph\Uninstall.exe"
Glyph-->"C:\Program Files\Glyph\unins000.exe"
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google SketchUp 7-->MsiExec.exe /X{E209F988-EF49-4B3D-84A6-3CBB67F058AC}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GR2Analyst Version 1.44-->"C:\Program Files\GRLevelX\GR2Analyst\unins000.exe"
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\setup.exe" -l0x9 -AddRemove
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"E:\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Ipswitch WS_FTP LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}\setup.exe" -l0x9
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Jasc Paint Shop Pro Studio Additional Content-->C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~2\INSTALL.LOG
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LANDesk Advance Agent-->MsiExec.exe /I{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Maintenance Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math Missions Grades 3-5-->C:\PROGRA~1\SCHOLA~1\MATHMI~2\UNWISE.EXE /U C:\PROGRA~1\SCHOLA~1\MATHMI~2\INSTALL.LOG
Math Missions Grades K-2-->C:\PROGRA~1\SCHOLA~1\MATHMI~1\UNWISE.EXE /U C:\PROGRA~1\SCHOLA~1\MATHMI~1\INSTALL.LOG
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Location Finder-->MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets & Trips 2006-->MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MLB.TV NexDef Plug-in-->C:\Documents and Settings\jtm17360\Local Settings\Application Data\Autobahn\Uninstall.exe
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Toolbar Platform-->MsiExec.exe /I{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}
MSN Toolbar-->C:\Program Files\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
On Screen Display-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Oracle JInitiator 1.3.1.22-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
Peggle Deluxe 1.01-->C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
Photo Viewer-->MsiExec.exe /I{67183F00-3DDC-497B-A090-4E2B79EAF1CD}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Plants vs. Zombies-->"C:\Program Files\Big fish\Plants vs. Zombies\Uninstall.exe"
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\SETUP.EXE" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
PuTTY version 0.60-->"C:\Program Files\PuTTY\unins000.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Ranch Rush-->"C:\Program Files\Big fish\Ranch Rush\Uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Roller Typing-->MsiExec.exe /I{7CAC49DA-8EF9-46DF-894E-197230634475}
Rollercoaster Rush™-->C:\PROGRA~1\SHOCKW~1.COM\ROLLER~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\ROLLER~1\INSTALL.LOG
RSI IDL 6.3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{0250F6B4-796C-4845-9BD8-1008935FB70A}
Sandlot Games Client Services 1.2.2-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Scholastic's I SPY School Days-->C:\PROGRA~1\SCHOLA~1\ISPYSC~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSC~1\INSTALL.LOG
Scholastic's The Magic School Bus® Lands on Mars-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F5C4C80-1FA7-11D4-B333-E7021860665A}\setup.exe" MarsUninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
SEGA Swirl-->C:\Program Files\SEGA\Swirl107\sw_del.exe
Serif PhotoPlus 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9
SnagIt 7-->MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
Software Installer-->swiif.exe /U
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SvrPlot2-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\svp2_old\ST6UNST.LOG"
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec AntiVirus-->MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
ToneThis 3.5-->C:\Program Files\ToneThis 3.5\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VoiceOver Kit-->MsiExec.exe /I{6DE13770-01B7-4366-8DA6-48237793F445}
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstXP.exe /u C:\WINDOWS\system32\DRVSTORE\mr7910_1FFEF370F39864F3AAA62219D434AE06B02B70AB\mr7910.inf
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinSCP 4.0.3-->"C:\Program Files\WinSCP\unins000.exe"
WordBiz version 1.8-->"C:\Program Files\WordBiz\unins000.exe"
YouTube Downloader 2.5.3-->"C:\Program Files\YouTube Downloader\uninstall.exe"
Zoo Empire-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B46E96E-6E42-407B-B61A-86594AD376BC}\setup.exe" -l0x9 -uninst

======Security center information======

AV: Symantec AntiVirus Corporate Edition (disabled)

======System event log======

Computer Name: EAS-JTM17360
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll.
Reference error message: The operation completed successfully.
.

Record Number: 12692
Source Name: SideBySide
Time Written: 20100127230420.000000-360
Event Type: error
User:

Computer Name: EAS-JTM17360
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: Insufficient system resources exist to complete the requested service.
.

Record Number: 12691
Source Name: SideBySide
Time Written: 20100127230420.000000-360
Event Type: error
User:

Computer Name: EAS-JTM17360
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll.
Reference error message: The operation completed successfully.
.

Record Number: 12690
Source Name: SideBySide
Time Written: 20100127230420.000000-360
Event Type: error
User:

Computer Name: EAS-JTM17360
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: Insufficient system resources exist to complete the requested service.
.

Record Number: 12689
Source Name: SideBySide
Time Written: 20100127230420.000000-360
Event Type: error
User:

Computer Name: EAS-JTM17360
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll.
Reference error message: The operation completed successfully.
.

Record Number: 12688
Source Name: SideBySide
Time Written: 20100127230420.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: EAS-JTM17360
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 26683
Source Name: PerfDisk
Time Written: 20100122090339.000000-360
Event Type: warning
User:

Computer Name: EAS-JTM17360
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 26682
Source Name: PerfDisk
Time Written: 20100122090048.000000-360
Event Type: warning
User:

Computer Name: EAS-JTM17360
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 26681
Source Name: PerfDisk
Time Written: 20100122090047.000000-360
Event Type: warning
User:

Computer Name: EAS-JTM17360
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 26680
Source Name: PerfDisk
Time Written: 20100122090017.000000-360
Event Type: warning
User:

Computer Name: EAS-JTM17360
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 26679
Source Name: PerfDisk
Time Written: 20100122090016.000000-360
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\Lenovo;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TPCCommon"=C:\PROGRA~1\THINKV~2\PrdCtr
"LDMS_LOCAL_DIR"=C:\Program Files\LANDesk\LDClient\Data
"TVT"=C:\Program Files\Lenovo
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-07 13:00:07
Windows 5.1.2600 Service Pack 3
Running: 4hz7sgf6.exe; Driver: C:\DOCUME~1\jtm17360\LOCALS~1\Temp\agdoakow.sys


---- System - GMER 1.0.15 ----

SSDT 85FC2B70 ZwAlertResumeThread
SSDT 85FC3B70 ZwAlertThread
SSDT 85F94F80 ZwAllocateVirtualMemory
SSDT 85F1CBB8 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF76D987E]
SSDT 82B058E0 ZwCreateMutant
SSDT 85F99BD0 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEBF29350]
SSDT 86029DC0 ZwFreeVirtualMemory
SSDT 85F04AC0 ZwImpersonateAnonymousToken
SSDT 85F10AC0 ZwImpersonateThread
SSDT 85E71B98 ZwMapViewOfSection
SSDT 8614E2D8 ZwOpenEvent
SSDT 85FC8A78 ZwOpenProcessToken
SSDT 85F67A78 ZwOpenThreadToken
SSDT 85883AE8 ZwQueryValueKey
SSDT 858AF3C8 ZwResumeThread
SSDT 85F6DA78 ZwSetContextThread
SSDT 8600BA78 ZwSetInformationProcess
SSDT 85F9CA78 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEBF29580]
SSDT 85F02AC0 ZwSuspendProcess
SSDT 85FC5B70 ZwSuspendThread
SSDT 85F0CAC0 ZwTerminateProcess
SSDT 85FD6B70 ZwTerminateThread
SSDT 86013BD8 ZwUnmapViewOfSection
SSDT 85FB1FC0 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\iaStor \Device\Harddisk0\DR0 86C99856

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ef9347c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ef9347c@08007bd4c820 0x0A 0xDB 0x01 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ef9347c@00233a354c65 0xCA 0x2D 0x6C 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ef9347c@0024908abcf2 0x44 0x4F 0x31 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ef9347c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ef9347c@08007bd4c820 0x0A 0xDB 0x01 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ef9347c@00233a354c65 0xCA 0x2D 0x6C 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ef9347c@0024908abcf2 0x44 0x4F 0x31 0x66 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00197ef9347c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00197ef9347c@08007bd4c820 0x0A 0xDB 0x01 0xB0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00197ef9347c@00233a354c65 0xCA 0x2D 0x6C 0x1D ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00197ef9347c@0024908abcf2 0x44 0x4F 0x31 0x66 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----




#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:37 AM

Posted 07 February 2010 - 03:48 PM

Your logs show that you have a rootkit infection, so you should be aware of the following information.

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 Wxfreekj

Wxfreekj
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 08 February 2010 - 08:58 AM

Here is the combofix log. I am going to attempt to get this comp functional, then remove personal items..and reinstall OS. Thanks for all your help so far!

ComboFix 10-02-07.05 - JTM17360 02/08/2010 7:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.532 [GMT -6:00]
Running from: c:\documents and settings\jtm17360\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\jtm17360\nah_log.dat
c:\recycler\S-1-5-21-507921405-362288127-839522115-1003
c:\recycler\S-1-5-21-507921405-362288127-839522115-500
c:\windows\AegisP.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-07 18:45 . 2010-02-07 18:45 -------- d-----w- c:\program files\trend micro
2010-02-07 18:45 . 2010-02-07 18:48 -------- d-----w- C:\rsit
2010-02-07 18:00 . 2010-02-07 18:00 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-02-03 13:39 . 2010-02-03 13:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-03 13:39 . 2010-02-03 13:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-02 02:17 . 2010-02-02 02:17 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-02-01 18:05 . 2010-02-02 02:29 -------- d-----w- c:\program files\schtml
2010-02-01 18:01 . 2010-02-01 18:01 36 ----a-w- c:\program files\skynet.dat
2010-01-30 01:54 . 2010-01-30 01:54 -------- d-----w- c:\documents and settings\jtm17360\Application Data\Malwarebytes
2010-01-30 01:53 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 01:53 . 2010-01-30 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 01:53 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 01:53 . 2010-01-30 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-26 01:47 . 2010-01-26 01:47 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-01-23 02:01 . 2010-01-23 15:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-23 02:01 . 2010-01-23 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-22 23:57 . 2010-01-22 23:57 -------- d-sh--w- c:\documents and settings\jtm17360\IECompatCache
2010-01-21 20:51 . 2010-01-21 20:51 0 ----a-w- c:\windows\system32\drivers\.sys
2010-01-21 16:35 . 2010-02-03 04:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-21 03:22 . 2010-01-21 03:22 -------- d-sh--w- c:\documents and settings\jtm17360\PrivacIE
2010-01-21 03:01 . 2010-01-21 03:01 -------- d-sh--w- c:\documents and settings\jtm17360\IETldCache
2010-01-21 03:00 . 2010-01-21 03:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-21 02:42 . 2010-01-22 13:53 -------- d-----w- c:\windows\ie8updates
2010-01-21 02:34 . 2010-01-21 02:38 -------- dc-h--w- c:\windows\ie8
2010-01-21 02:24 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-21 02:24 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-21 02:23 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-21 02:23 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-21 02:23 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-21 02:23 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-21 02:22 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-21 02:16 . 2010-01-21 02:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\UserData
2010-01-20 21:39 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-20 12:51 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-20 05:18 . 2010-01-20 05:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 05:15 . 2010-01-20 05:15 -------- d-----w- c:\program files\Lavasoft
2010-01-17 21:53 . 2010-01-17 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\FreshGames
2010-01-13 14:59 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 13:32 . 2007-08-13 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\vulScan
2010-02-07 18:47 . 2007-08-12 02:14 -------- d-----w- c:\program files\Symantec AntiVirus
2010-02-07 14:03 . 2008-09-18 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-05 12:57 . 2008-05-21 16:57 -------- d-----w- c:\program files\Google
2010-02-05 11:50 . 2007-08-07 09:43 277784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-03 13:25 . 2009-05-22 12:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 00:10 . 2010-01-20 12:49 372280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-23 00:10 . 2010-01-23 00:10 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-23 00:10 . 2010-01-20 12:49 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-21 21:03 . 2008-08-24 15:51 -------- d-----w- c:\documents and settings\jtm17360\Application Data\Smilebox
2010-01-21 01:00 . 2008-04-17 00:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 12:49 . 2010-01-20 12:49 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-20 12:49 . 2010-01-20 12:49 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-20 12:49 . 2010-01-20 12:49 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-20 12:49 . 2010-01-20 12:49 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-20 12:49 . 2010-01-20 12:49 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-20 12:49 . 2010-01-20 12:49 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-20 12:49 . 2010-01-20 12:49 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-20 12:49 . 2010-01-20 12:49 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-20 12:49 . 2010-01-20 12:49 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-20 12:49 . 2010-01-20 12:49 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-20 12:49 . 2010-01-20 12:49 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-20 05:15 . 2008-11-18 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-20 05:14 . 2008-08-24 16:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-19 02:43 . 2008-11-20 20:01 58164 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-17 22:12 . 2009-07-09 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-01-17 21:44 . 2009-07-09 00:40 -------- d-----w- c:\program files\Big fish
2010-01-17 21:39 . 2009-07-09 00:40 -------- d-----w- c:\program files\bfgclient
2010-01-04 20:34 . 2010-01-04 20:33 -------- d-----w- c:\program files\YouTube Downloader
2010-01-04 03:09 . 2008-07-19 10:41 -------- d-----w- c:\documents and settings\jtm17360\Application Data\Apple Computer
2010-01-04 03:09 . 2010-01-03 20:31 -------- d-----w- c:\program files\iTunes
2010-01-04 02:53 . 2008-11-20 03:49 -------- d-----w- c:\program files\NetMeter
2010-01-04 00:18 . 2008-07-19 10:36 -------- d-----w- c:\program files\Apple Software Update
2010-01-03 20:32 . 2010-01-03 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-03 20:31 . 2010-01-03 20:31 -------- d-----w- c:\program files\iPod
2010-01-03 20:31 . 2008-07-19 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-01-03 20:10 . 2010-01-03 20:09 -------- d-----w- c:\program files\QuickTime
2010-01-03 19:51 . 2010-01-03 19:51 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-03 19:49 . 2010-01-03 19:49 -------- d-----w- c:\program files\Bonjour
2010-01-03 19:48 . 2010-01-03 19:44 -------- d-----w- c:\documents and settings\jtm17360\Application Data\WindSolutions
2010-01-03 19:44 . 2010-01-03 19:44 -------- d-----w- c:\program files\WindSolutions
2010-01-03 19:44 . 2010-01-03 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-12-29 16:53 . 2009-12-29 16:50 -------- d-----w- c:\program files\MSN Toolbar Installer
2009-12-29 16:52 . 2009-12-29 16:52 -------- d-----w- c:\program files\Microsoft
2009-12-29 16:52 . 2009-12-29 16:52 -------- d-----w- c:\program files\MSN Toolbar
2009-12-29 16:50 . 2009-12-29 16:50 -------- d-----w- c:\program files\Shockwave.com
2009-12-26 19:29 . 2009-09-25 11:17 -------- d-----w- c:\documents and settings\jtm17360\Application Data\Enlightenus
2009-12-26 18:08 . 2009-12-26 18:08 -------- d-----w- c:\documents and settings\jtm17360\Application Data\JoyBits
2009-12-23 23:53 . 2008-12-19 21:48 75 ---h--w- c:\windows\popcreg.dat
2009-12-23 23:53 . 2008-12-19 21:06 40 ----a-w- c:\windows\popcinfot.dat
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 13:34 . 2007-08-12 19:33 -------- d-----w- c:\program files\Java
2009-12-17 13:25 . 2009-12-17 13:25 152576 ----a-w- c:\documents and settings\jtm17360\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-17 05:54 . 2009-11-13 00:50 79488 ----a-w- c:\documents and settings\jtm17360\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-07 14:10 . 2010-01-20 05:18 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-07 10:22 . 2009-05-12 21:33 168584 ----a-w- c:\documents and settings\jtm17360\Application Data\Smilebox\SmileboxBrowserEngine.dll
2009-12-07 10:22 . 2008-12-03 19:22 205448 ----a-w- c:\documents and settings\jtm17360\Application Data\Smilebox\SmileboxDvd.exe
2009-12-07 10:22 . 2008-11-26 02:02 266888 ----a-w- c:\documents and settings\jtm17360\Application Data\Smilebox\SmileboxTray.exe
2009-12-07 10:22 . 2008-07-31 03:56 373384 ----a-w- c:\documents and settings\jtm17360\Application Data\Smilebox\SmileboxStarter.exe
2009-12-07 10:14 . 2009-12-07 10:14 1593992 ----a-w- c:\documents and settings\jtm17360\Application Data\Smilebox\SmileboxClient.exe
2009-12-07 09:39 . 2009-12-07 09:39 344712 ----a-w- c:\documents and settings\jtm17360\Application Data\Smilebox\SmileboxDvdEngine.dll
2009-12-07 09:39 . 2009-12-07 09:39 123528 ----a-w- c:\documents and settings\jtm17360\Application Data\Smilebox\SmileboxUpdater.exe
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2008-11-10 00:17 . 2008-11-10 00:17 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-10 00:17 . 2008-11-10 00:17 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SmileboxTray"="c:\documents and settings\jtm17360\Application Data\Smilebox\SmileboxTray.exe" [2009-12-07 266888]
"Google Update"="c:\documents and settings\jtm17360\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-22 133104]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-18 8433664]
"nwiz"="nwiz.exe" [2007-05-18 1626112]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2007-03-08 49168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-18 81920]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-23 120368]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-18 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-18 208896]
"TpShocks"="TpShocks.exe" [2007-03-29 181808]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-10 58416]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-08 91688]
"IntelAPMClient"="c:\program files\LANDesk\LDClient\amclient.exe" [2006-08-07 311296]
"LANDeskInventoryClient"="c:\program files\LANDesk\LDClient\LDIScn32.exe" [2006-09-19 847872]
"SDClientMonitor"="c:\program files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2005-12-09 258048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\jtm17360\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\jtm17360\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2009-4-1 801032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DeLorme Serial Emulator.lnk - c:\windows\Installer\{89EE0ED7-DCE1-4D3A-9F10-2BDCCD97E9AA}\DelSerial_StartupS_89EE0ED7DCE14D3A9F102BDCCD97E9AA.exe [2009-6-6 40960]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-11 50688]
SerEmul for DeLorme Serial Emulator.lnk - c:\program files\Common Files\DeLorme\DelSerial\SerEmulVspStartup.exe [2007-3-28 192512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-08 23:08 89600 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 21:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 16:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\msgsys.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/20/2010 6:51 AM 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 4:47 PM 19760]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [1/11/2006 8:32 AM 122880]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416]
R2 SerEmulVsp;SerEmulVsp;c:\windows\system32\drivers\SerEmulVsp.sys [3/28/2007 10:59 AM 134560]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/8/2007 5:01 PM 11152]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [8/12/2007 7:49 PM 249856]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/13/2008 6:24 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/1/2010 4:28 AM 102448]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [8/12/2007 7:49 PM 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [8/12/2007 7:49 PM 3328]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [6/8/2007 8:36 AM 81280]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [8/12/2007 7:49 PM 3712]
S1 00Q4034;00Q4034;\??\c:\windows\system32\drivers\00Q4034.sys --> c:\windows\system32\drivers\00Q4034.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/10/2010 11:04 AM 135664]
S3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe [3/27/2006 7:09 PM 49152]
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:10]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:10]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:10]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:10]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:10]

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2010-02-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-21 04:09]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 17:04]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2753870689-4151370466-3966214741-55236Core.job
- c:\documents and settings\jtm17360\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 13:25]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2753870689-4151370466-3966214741-55236UA.job
- c:\documents and settings\jtm17360\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 13:25]

2010-02-08 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-08-12 06:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZCfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: buy-internet-security10.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: creighton.edu
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: buy-internet-security10.com
Trusted Zone: buy-internetsecurity10.com
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://banprod.creighton.edu/forms/jinitiator/jinit.exe
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/games/beje2/popcaploader.cab
FF - ProfilePath - c:\documents and settings\jtm17360\Application Data\Mozilla\Firefox\Profiles\xiq9pwcm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\jtm17360\Application Data\Mozilla\Firefox\Profiles\xiq9pwcm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\jtm17360\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Aim6 - (no file)
Notify-ACNotify - ACNotify.dll
SafeBoot-00Q4034
AddRemove-HijackThis - E:\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 07:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1428)
c:\windows\system32\vrlogon.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(1484)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(5596)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\windows\system32\CBA\pds.exe
c:\program files\LANDesk\LDClient\tmcsvc.exe
c:\progra~1\LANDesk\LDClient\issuser.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\DeLorme\DelSerial\DeLSerial.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-08 07:51:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-08 13:51

Pre-Run: 9,624,735,744 bytes free
Post-Run: 10,796,756,992 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F9E5CE031090779D5EA8F6117AF8B1C6


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:37 AM

Posted 08 February 2010 - 09:12 AM

If you are going to reinstall the OS then you should be ok to do it now as Combofix has taken out the rootkit and the bulk of malware,
just some bits are remaining. let me know if the computer is now functional enough for you to backup and reinstall the OS.

unite.jpg


#7 Wxfreekj

Wxfreekj
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 08 February 2010 - 05:10 PM

Thank you--pulled off all I need and reinstalled OS without an issue.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:37 AM

Posted 09 February 2010 - 10:53 AM

You're welcome glad it's sorted.

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users