Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » Hijacked Browser, please help

[Pending] HJT Logs - Hijacked Browser, please help posted in the Security & Safety forums; Hello all, I suspect my browser has been hijacked as I get the same "your computer may be infected with a virus" ads on most websites I visit. I also ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 06-13-2008
New Poster
  
Join Date: Jun 2008
Posts: 1
PC Experience: Experienced
humourcar - See this Members User comments on their Profile page
Default Hijacked Browser, please help
Hello all,
I suspect my browser has been hijacked as I get the same "your computer may be infected with a virus" ads on most websites I visit. I also get automatically redirected a lot to questionable sites.

I ran norton antivirus and adaware pro and neither program found anything.

I followed the instructions in the sticky and here are the log files:

Extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 2.13GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1534.42 MiB / 806.09 MiB
Pagefile Memory (total/avail): 3429.48 MiB / 2672.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.92 MiB

C: is Fixed (NTFS) - 51.09 GiB total, 10.17 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - HTS721060G9AT00 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 51.09 GiB - C:
\PARTITION1 - Unknown - 4.79 GiB

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 3.81 GiB - 1 partition
\PARTITION0 - Unknown - 3.81 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2005 (Symantec)
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Steam\\steamapps\\humourcar\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\humourcar\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe:*:Enabled:FTP Transfer Engine"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\T43p\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IBM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\T43p
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\IBM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WI NDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\PC-Doctor for Windows\;C:\WINDOWS\Downloaded Program Files;C:\IBMTOOLS\Python22;C:\Program Files\Common Files\Lenovo;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH;.pyo;.pyc;.py;.pyw
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONCASEOK=1
PYTHONPATH=C:\IBMTOOLS\utils\support;C:\IBMTOOLS\u tils\logger
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RRU=C:\Program Files\IBM\IBM Rapid Restore Ultra\
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TCL_LIBRARY=C:\IBMTOOLS\Python22\tcl\tcl8.4
TEMP=C:\DOCUME~1\T43p\LOCALS~1\Temp
TK_LIBRARY=C:\IBMTOOLS\Python22\tcl\tk8.4
TMP=C:\DOCUME~1\T43p\LOCALS~1\Temp
TVT=C:\Program Files\Lenovo
USERDOMAIN=IBM
USERNAME=T43p
USERPROFILE=C:\Documents and Settings\T43p
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

T43p (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Access IBM --> MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Access IBM Message Center --> MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
ACDSee Pro 2 --> MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}
Adobe Bridge Start Meeting --> MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{183B7569-90FB-4C56-9761-0EEB002CAB83}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a2 6e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{9802AB7D-9BB2-4FC9-A9B6-681696F1E2DA}
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3 --> MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb 9ac1\Setup.exe
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7379
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ccc-Branding --> MsiExec.exe /I{7379FDD1-D0ED-4FF2-B168-E246772E731E}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CompuPic Pro --> C:\Program Files\Photodex\CompuPicPro\compupic.exe . -u
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
DiMAGE Transfer for Maxxum 7D, Dynax 7D --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E3CCF75-A850-48D6-99BD-8A71145B645A}\Setup.exe" -l0x9 anything
Garmin City Navigator North America 2008 --> MsiExec.exe /X{AA1542E6-D54D-4AB3-97E1-28DB4CEB4B90}
Garmin Communicator Plugin --> MsiExec.exe /X{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}
Garmin MapSource --> MsiExec.exe /X{CF07A1C9-098F-47DD-99E0-B6558C33871B}
Garmin MetroGuide North America v7.01 --> MsiExec.exe /X{273ED89A-A5DA-4999-9685-69CA98A578FE}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Earth Pro --> MsiExec.exe /X{29622F4A-245C-4126-8764-897E21E888D1}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
IBM Rescue and Recovery with Rapid Restore --> MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
ID_DCRaw Image Decoder Plug-In --> MsiExec.exe /X{DA1876DD-323E-4D78-8F9F-8F4FDE25C010}
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Mega Codec Pack 3.3.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire PRO 4.16.0 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MapSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
MapSource - Topo Canada v2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{9F308117-9B2F-45EB-9FAF-B59CD8339673} /l1033
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft English TTS Engine --> MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Streets & Trips 2008 --> MsiExec.exe /I{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
palmOne --> MsiExec.exe /X{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
PC-Doctor for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1 \IDriver.exe /M{8F55B163-7B42-42A3-9307-C7FCB9655225} /l1033
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe"
Software Installer --> _tpiu000.exe /U
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Starry Night Pro 5 --> "C:\Program Files\Starry Night Pro 5\Uninstall Starry Night Pro 5\Uninstall Starry Night Pro 5.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\Rosetta Stone\TRS Support\uninstal.log
ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SU BSYS_05591014\HXFSETUP.EXE -U -ITkp0559k.inf -ISFG
ThinkPad Integrated Bluetooth IV Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad SATA Power Management Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}\setup.exe" -l0x9 anything
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall
ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x9 UNINSTALL
ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Fingerprint Software 5.6 --> MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
VNC Enterprise Edition E4.2.9 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
WinAVI Video Converter 9.0 --> "C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type3443 / Warning
Event Submitted/Written: 06/12/2008 08:52:29 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3400 / Warning
Event Submitted/Written: 06/12/2008 08:42:34 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3207 / Warning
Event Submitted/Written: 06/12/2008 06:37:13 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type3054 / Warning
Event Submitted/Written: 06/10/2008 09:15:49 PM
Event ID/Source: 11014 / RouteService
Event Description:
Failed to open MapPoint routing construction file. See the documentation for details.

Event Record #/Type3053 / Warning
Event Submitted/Written: 06/10/2008 09:15:49 PM
Event ID/Source: 11014 / RouteService
Event Description:
Failed to open MapPoint routing construction file. See the documentation for details.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4705 / Error
Event Submitted/Written: 06/13/2008 01:53:48 PM
Event ID/Source: 111 / Removable Storage Service
Event Description:
RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer Micro USB Device.

Event Record #/Type4704 / Error
Event Submitted/Written: 06/13/2008 01:53:48 PM
Event ID/Source: 111 / Removable Storage Service
Event Description:
RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer Micro USB Device.

Event Record #/Type4703 / Error
Event Submitted/Written: 06/13/2008 01:53:44 PM
Event ID/Source: 111 / Removable Storage Service
Event Description:
RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer Micro USB Device.

Event Record #/Type4702 / Error
Event Submitted/Written: 06/13/2008 01:53:44 PM
Event ID/Source: 111 / Removable Storage Service
Event Description:
RSM could not load media in drive Drive 0 of library SanDisk U3 Cruzer Micro USB Device.

Event Record #/Type4699 / Warning
Event Submitted/Written: 06/13/2008 00:12:06 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-06-13 13:59:49 ------------

Main.txt:

Deckard's System Scanner v20071014.68
Run by T43p on 2008-06-13 13:56:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-13 17:56:27 UTC - RP90 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as T43p.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:20 PM, on 13/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Documents and Settings\T43p\Application Data\U3\0000185E25725304\LaunchPad.exe
C:\Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\T43p.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = CBCNews.ca - Breaking News, Canada, World, Health, Business, Entertainment
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E45F935-DC6F-4669-855E-1407E2D49188} - C:\WINDOWS\system32\xxyYsQIB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {4e232206-e27e-c80a-b854-321b8597faa7} - {7aaf7958-b123-458b-a08c-e72e602232e4} - C:\WINDOWS\system32\jprwgdrl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: (no name) - {BF0CA4FC-6378-4062-B546-3CDE8A28B1E0} - C:\WINDOWS\system32\fccaApPG.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [BMaf67704f] Rundll32.exe "C:\WINDOWS\system32\hcmumjdo.dll",s
O4 - HKLM\..\Run: [ac5443d3] rundll32.exe "C:\WINDOWS\system32\dsxpyats.dll",b
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CCC.lnk = ?
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: fccaApPG - C:\WINDOWS\SYSTEM32\fccaApPG.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 15196 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPDiskPM - c:\windows\system32\drivers\tpdiskpm.sys <Not Verified; Lenovo, Ltd. and IBM Corporation; ThinkPad SATA Power Management Driver>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 TPInput - c:\windows\system32\drivers\tpinput.sys <Not Verified; Lenovo, Ltd. and IBM Corporation.; ThinkPad SATA Power Management Driver>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 IBM Rapid Restore Ultra Service - "c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe" <Not Verified; ; rrpcsb Module>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 ScsiAccess - c:\program files\photodex\compupicpro\scsiaccess.exe
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27118086&REV_05\4&AD1 B67F&0&10F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27118086&REV_05\4&AD1 B67F&0&10F0
Service: w29n51


-- Scheduled Tasks -------------------------------------------------------------

2008-06-12 20:54:46 298 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-06-06 20:38:40 528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - T43p.job


-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 13:53:37 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-13 12:25:46 0 d-------- C:\Program Files\Trend Micro
2008-06-13 11:46:07 0 d-------- C:\Documents and Settings\T43p\Application Data\Lavasoft
2008-06-13 11:45:51 0 d-------- C:\Program Files\Lavasoft
2008-06-13 03:58:51 80896 --a------ C:\WINDOWS\system32\dsxpyats.dll
2008-06-13 03:55:58 98816 --a------ C:\WINDOWS\system32\jprwgdrl.dll
2008-06-13 03:55:51 89600 --a------ C:\WINDOWS\system32\hcmumjdo.dll
2008-06-12 17:06:17 0 d-------- C:\Documents and Settings\T43p\Application Data\Leadertech
2008-06-12 17:01:13 0 d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-06-12 17:00:09 0 d-------- C:\Program Files\palmOne
2008-06-12 16:59:41 0 d-------- C:\Documents and Settings\T43p\Application Data\HotSync
2008-06-12 16:59:24 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-12 15:53:04 80896 -----n--- C:\WINDOWS\system32\bghtbank.dll
2008-06-12 15:52:02 558769 --ahs---- C:\WINDOWS\system32\BIQsYyxx.ini2
2008-06-12 15:51:59 322560 --a------ C:\WINDOWS\system32\xxyYsQIB.dll
2008-06-12 13:49:06 0 d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-06-12 13:49:05 0 d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-06-12 13:48:58 33280 --a------ C:\WINDOWS\system32\fccaApPG.dll
2008-06-10 18:32:31 0 d-------- C:\Nintendo
2008-06-01 19:42:46 0 d-------- C:\Temp
2008-06-01 19:40:31 0 d-------- C:\Program Files\Xilisoft
2008-05-30 06:57:21 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-30 06:46:40 0 d-------- C:\Program Files\Garmin GPS Plugin
2008-05-29 05:52:04 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-29 05:50:44 0 d-------- C:\Program Files\Rosetta Stone
2008-05-28 16:23:22 0 d-------- C:\Program Files\Photodex
2008-05-25 20:58:31 0 d-------- C:\Program Files\Common Files\Lenovo
2008-05-23 16:04:31 11520 --a------ C:\WINDOWS\system32\drivers\WDMSTUB.sys <Not Verified; Walter Oney Software; Programming the Microsoft Windows Driver Model SP-4>
2008-05-22 21:22:04 0 d-------- C:\Documents and Settings\T43p\Application Data\GARMIN
2008-05-22 20:52:47 1089536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; eHelp Corporation.; RoboHelp for Word X3>
2008-05-22 20:52:46 49152 --a------ C:\WINDOWS\system32\INETWH32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-05-22 18:56:38 0 d-------- C:\Documents and Settings\All Users\Application Data\AcrobatInstall
2008-05-20 05:02:37 18432 --a------ C:\WINDOWS\system32\drivers\grmngen.sys <Not Verified; GARMIN Corp.; >
2008-05-20 05:02:36 8320 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
2008-05-20 05:02:36 0 d-------- C:\Garmin
2008-05-19 14:00:00 0 d-------- C:\Documents and Settings\T43p\(null)
2008-05-16 23:03:15 0 d-------- C:\Documents and Settings\T43p\Application Data\Intel
2008-05-14 18:08:22 0 d-------- C:\Documents and Settings\T43p\Application Data\InterVideo
2008-05-13 17:11:09 0 d-------- C:\Program Files\Microsoft Streets & Trips
2008-05-13 17:11:09 0 d-------- C:\Program Files\Microsoft Location Finder
2008-05-13 17:04:56 0 d-------- C:\Program Files\MSXML 6.0
2008-05-13 16:47:19 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-13 16:46:14 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-13 16:44:47 0 d-------- C:\Program Files\MSBuild
2008-05-13 16:43:17 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-13 16:42:37 0 d-------- C:\Program Files\Reference Assemblies
2008-05-13 16:41:36 0 d-------- C:\122b6b3a61430d54ce7ff3
2008-05-13 16:37:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-13 16:23:52 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-13 16:20:42 0 d-------- C:\WINDOWS\system32\drivers\umdf
2008-05-13 06:46:37 0 d-------- C:\WINDOWS\Sun
2008-05-13 06:46:37 0 d-------- C:\Documents and Settings\T43p\Application Data\Sun


-- Find3M Report ---------------------------------------------------------------

2008-06-13 13:57:29 0 d-------- C:\Documents and Settings\T43p\Application Data\mIRC
2008-06-13 12:51:11 0 d-------- C:\Program Files\mIRC
2008-06-13 12:25:15 0 d-------- C:\Documents and Settings\T43p\Application Data\uTorrent
2008-06-13 12:25:07 0 d-------- C:\Documents and Settings\T43p\Application Data\U3
2008-06-13 08:00:34 0 d-------- C:\Documents and Settings\T43p\Application Data\LimeWire
2008-06-13 06:44:42 0 d-------- C:\Program Files\Steam
2008-06-12 20:54:31 0 d-------- C:\Program Files\Common Files
2008-06-11 22:16:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-03 17:33:13 0 d-------- C:\Program Files\Starry Night Pro 5
2008-05-25 20:58:32 0 d-------- C:\Program Files\Lenovo
2008-05-23 16:25:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-16 04:38:12 0 d-------- C:\Documents and Settings\T43p\Application Data\Adobe
2008-05-15 05:32:35 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-13 16:45:55 0 d-------- C:\Program Files\Windows Media Connect
2008-05-11 21:25:49 0 d-------- C:\Documents and Settings\T43p\Application Data\ACD Systems
2008-05-11 19:05:27 0 d-------- C:\Program Files\DiMAGE Transfer for Maxxum 7D, Dynax 7D
2008-05-11 12:27:16 0 d-------- C:\Program Files\LimeWire
2008-05-11 12:03:49 0 d-------- C:\Documents and Settings\T43p\Application Data\Nero
2008-05-11 11:34:26 0 d-------- C:\Program Files\Common Files\Nero
2008-05-11 11:33:37 0 d-------- C:\Program Files\Nero
2008-05-09 21:39:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 21:30:39 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-09 20:53:39 0 d-------- C:\Program Files\Messenger
2008-05-09 20:50:48 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-09 20:46:06 0 d-------- C:\Program Files\Microsoft.NET
2008-05-09 19:13:34 0 d-------- C:\Program Files\Bonjour
2008-05-09 19:07:48 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-09 18:55:05 0 d-------- C:\Program Files\PowerISO
2008-05-07 15:26:21 0 d-------- C:\Program Files\MSXML 4.0
2008-05-07 14:42:37 0 d-------- C:\Documents and Settings\T43p\Application Data\GlobalSCAPE
2008-05-07 14:42:30 0 d-------- C:\Program Files\GlobalSCAPE
2008-05-07 05:45:33 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-07 05:45:23 0 d-------- C:\Program Files\ACD Systems
2008-05-07 05:42:59 0 d-------- C:\Documents and Settings\T43p\Application Data\Apple Computer
2008-05-07 05:42:02 0 d-------- C:\Program Files\QuickTime
2008-05-07 05:41:21 0 d-------- C:\Program Files\Apple Software Update
2008-05-07 05:26:46 0 d-------- C:\Documents and Settings\T43p\Application Data\ATI
2008-05-07 05:15:52 0 d-------- C:\Program Files\ThinkVantage
2008-05-07 05:14:19 0 d-------- C:\Program Files\ThinkPad
2008-05-07 05:12:15 0 d-------- C:\Program Files\Sonic
2008-05-07 05:11:49 0 d-------- C:\Program Files\Digital Line Detect
2008-05-07 05:11:44 0 d-------- C:\Program Files\NetWaiting
2008-05-07 05:11:31 0 d-------- C:\Program Files\CONEXANT
2008-05-07 05:10:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-07 05:09:38 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-05-07 05:08:44 0 d-------- C:\Program Files\ThinkVantage Fingerprint Software
2008-05-07 05:08:22 0 d-------- C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2008-05-07 05:08:15 0 d-------- C:\Program Files\Common Files\Virtual Token
2008-05-07 05:06:03 0 d-------- C:\Program Files\PCDR5
2008-05-07 05:01:09 2087 --a------ C:\WINDOWS\system32\SMBIOS.bin
2008-05-06 23:18:28 0 d-------- C:\Program Files\ATI Technologies
2008-05-06 23:09:40 188 --a------ C:\WINDOWS\x
2008-05-06 23:09:23 0 -rahs---- C:\MSDOS.SYS
2008-05-06 11:16:49 0 d-------- C:\Documents and Settings\T43p\Application Data\Media Player Classic
2008-05-06 09:27:11 0 d-------- C:\Documents and Settings\T43p\Application Data\WinRAR
2008-05-06 08:44:19 0 d--h----- C:\Program Files\Zero G Registry
2008-05-06 07:33:11 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-06 07:33:07 0 d-------- C:\Documents and Settings\T43p\Application Data\Real
2008-05-06 06:03:51 0 d-------- C:\Documents and Settings\T43p\Application Data\Google
2008-05-06 06:03:10 0 d-------- C:\Program Files\Google
2008-05-06 05:14:58 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-05 20:52:05 0 d-------- C:\Program Files\Symantec
2008-05-05 20:51:37 0 d-------- C:\Program Files\SymNetDrv
2008-05-05 20:46:49 0 d-------- C:\Documents and Settings\T43p\Application Data\Symantec
2008-05-05 20:39:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-05 20:39:15 0 d-------- C:\Documents and Settings\T43p\Application Data\Mozilla
2008-05-05 20:37:25 0 d-------- C:\Program Files\uTorrent
2008-05-05 19:35:42 0 d-------- C:\Program Files\RealVNC
2008-05-05 18:30:24 0 d-------- C:\Program Files\Java
2008-05-05 18:28:29 0 d-------- C:\Program Files\Common Files\Java
2008-05-05 17:29:44 0 d-------- C:\Documents and Settings\T43p\Application Data\IBM
2008-05-05 15:27:35 0 --ah----- C:\IO.SYS
2008-05-05 15:27:35 0 --ah----- C:\CONFIG.SYS
2008-05-05 15:27:35 0 --ah----- C:\AUTOEXEC.BAT
2008-05-05 15:00:20 0 d-------- C:\Program Files\InterVideo
2008-05-05 14:59:26 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-05-05 14:59:08 0 d-------- C:\Documents and Settings\T43p\Application Data\Sonic
2008-05-05 14:57:40 0 d-------- C:\Program Files\IBM
2008-05-05 14:51:04 0 d-------- C:\Program Files\Analog Devices
2008-05-05 14:50:00 0 d-------- C:\Program Files\IBM fingerprint software
2008-05-05 14:50:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 14:47:48 0 d-------- C:\Program Files\Intel
2008-05-05 14:34:20 0 d-------- C:\Program Files\Synaptics
2008-05-05 13:07:04 0 d-------- C:\Documents and Settings\T43p\Application Data\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E45F935-DC6F-4669-855E-1407E2D49188}]
12/06/2008 03:52 PM 322560 --a------ C:\WINDOWS\system32\xxyYsQIB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7aaf7958-b123-458b-a08c-e72e602232e4}]
13/06/2008 03:55 AM 98816 --a------ C:\WINDOWS\system32\jprwgdrl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF0CA4FC-6378-4062-B546-3CDE8A28B1E0}]
12/06/2008 01:48 PM 33280 --a------ C:\WINDOWS\system32\fccaApPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/12/2007 04:14 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/12/2007 04:14 PM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [09/01/2007 04:28 PM]
"TpShocks"="TpShocks.exe" [22/11/2007 03:09 PM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKM GR.exe" [02/10/2006 10:19 AM]
"TP4EX"="tp4ex.exe" [17/10/2005 01:11 AM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [27/04/2007 02:33 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [14/10/2004 12:11 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [06/08/2004 10:27 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/05/2005 12:05 AM]
"@"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [06/08/2004 05:10 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [17/01/2008 11:42 AM]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [27/04/2005 12:53 PM]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR .DLL" [11/01/2008 01:30 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL " [11/01/2008 01:30 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [05/05/2008 08:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 11:13 PM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [14/03/2008 06:57 PM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [14/03/2008 06:53 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [27/07/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 04:50 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/10/2005 05:20 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [09/04/2007 08:23 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11/01/2008 07:54 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51 AM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [04/03/2008 10:34 AM]
"BMaf67704f"="C:\WINDOWS\system32\hcmumjdo.dll " [13/06/2008 03:55 AM]
"ac5443d3"="C:\WINDOWS\system32\dsxpyats.dll" [13/06/2008 03:58 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [06/08/2004 05:10 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 12:24 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 08:05 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 03:35 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{BF0CA4FC-6378-4062-B546-3CDE8A28B1E0}"= C:\WINDOWS\system32\fccaApPG.dll [12/06/2008 01:48 PM 33280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 14/03/2008 06:54 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaApPG]
fccaApPG.dll 12/06/2008 01:48 PM 33280 C:\WINDOWS\system32\fccaApPG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 14/08/2007 03:54 PM 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 05/07/2005 11:45 PM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 30/11/2005 08:16 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyYsQIB
"Notification Packages"= scecli pwdmon ACGina psqlpwd

*Newly Created Service* - NTMSSVC



-- End of Deckard's System Scanner: finished at 2008-06-13 13:59:49 ------------

Any help you could offer would be appreciated.

humourcar
  #2  
Old 06-14-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,086
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Hijacked Browser, please help
Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should get a prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
=======================================
Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!

Bookmarks