Very annoying trojan/worm virus that I can't get rid of

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 3.9.2025 / 17:35

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > very annoying trojan/worm virus that i can't get rid of - please help!

Browse by topic

Forums

Start a new thread

Very annoying trojan/worm virus that I can't get rid of - Please help!

Jump to:

Posted

Message

adrianUK

Newbie

21. June 2007 @ 22:09

Link to this message

Hi, nice to meet you all as I?m a first time user. My laptop picked up a Trojan/Worm - (bagle type), probably from an email attachment. I have tried to get rid of it using various online antivirus scanners such as Kapersky, Panda and Trend Micro Housecall, but they seem unable to clear up these nasties. This virus seems to be deleting .exe files from installer packages, making it impossible for me to install any antivirus/firewall software. For the sake of my sanity, please help me get rid of this infection so that I can install my ZoneAlarm firewall and a decent antivirus. It's giving me a real headache.

Here is the hijack this log file:

Logfile of HijackThis v1.99.1
Scan saved at 14:00:34, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/us/en/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://adriansdiary.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8EE1D89-2ADA-4F13-ACA6-4A85B2D40EFC}: NameServer = 202.102.134.68 202.102.128.68
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: P4P Service - Unknown owner - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (file missing)
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

Here is the Kapersky online scanner report:

KASPERSKY ONLINE SCANNER REPORT
Friday, June 22, 2007 6:45:49 AMOperating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.83.0Kaspersky Anti-Virus database last update: 21/06/2007Kaspersky Anti-Virus database records: 329059

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\

Scan Statistics
Total number of scanned objects 60523
Number of viruses found 4
Number of infected objects 59 / 0
Number of suspicious objects 0
Duration of the scan process 01:10:49

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Adrian Tanner\.housecall6.6\log\engine0.log Object is locked skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\log\engine0.log.lck Object is locked skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\log\error0.log Object is locked skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\log\error0.log.lck Object is locked skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\log\execution0.log Object is locked skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\log\execution0.log.lck Object is locked skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0030908.exe.bac_a02244 Infected: Trojan-Downloader.Win32.Bagle.bu skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0033697.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0033722.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0034077.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0034165.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0034628.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0034637.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0034646.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0034655.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0034664.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035673.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035774.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035785.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035786.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035787.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035788.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035789.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035790.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035791.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035792.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035793.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035794.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035795.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035796.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035797.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035798.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035799.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035800.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035818.exe.bac_a02244 Infected: Trojan-Downloader.Win32.Bagle.bu skipped

C:\Documents and Settings\Adrian Tanner\.housecall6.6\Quarantine\A0035841.exe.bac_a02244 Infected: Email-Worm.Win32.Bagle.il skipped

C:\Documents and Settings\Adrian Tanner\Application Data\Sun\Java\Deployment\log\plugin150_11.trace Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Temp\Free Download Manager\tic10.tmp Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Temp\Free Download Manager\ticD.tmp Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Temp\Free Download Manager\ticF.tmp Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Temp\hsperfdata_Adrian Tanner\3236 Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Temp\~DF5977.tmp Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Temp\~DF598A.tmp Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Temp\~DF9F2C.tmp Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Adrian Tanner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Adrian Tanner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Adrian Tanner\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Softex\OmniPass\btype0.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype1.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype2.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype256.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype259.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype3.dat Object is locked skipped

C:\Program Files\Softex\OmniPass\btype4.dat Object is locked skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP133\A0033690.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP133\A0033720.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP133\A0033736.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP134\A0034130.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034145.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034164.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034556.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.gen skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034556.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034563.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034572.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034594.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034623.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034635.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP136\A0034643.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP137\A0034647.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP137\A0034653.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP138\A0034656.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP138\A0034662.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP139\A0034665.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP139\A0034671.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP139\A0035671.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP140\A0035772.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP140\A0035830.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP141\A0035859.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP141\A0035936.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP141\A0035960.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP141\A0036034.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP141\A0036042.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP142\A0036441.sys Infected: Email-Worm.Win32.Bagle.ik skipped

C:\System Volume Information\_restore{4D6BEA17-F0FC-48F3-9A6E-F4DFEC719F06}\RP142\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

Please let me know if you require any further logfiles/information. Thanks

[ + quote]

adrianUK

Newbie

21. June 2007 @ 22:21

Link to this message

Oh yeah, here are the Deckard System Scanner main and extra texts:

Deckard's System Scanner v20070611.50
Run by Adrian Tanner on 2007-06-22 at 12:36:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
85: 2007-06-22 04:36:16 UTC - RP143 - Deckard's System Scanner Restore Point
84: 2007-06-21 16:39:51 UTC - RP142 - System Checkpoint
83: 2007-06-20 07:15:08 UTC - RP141 - System Checkpoint
82: 2007-06-19 07:05:38 UTC - RP140 - Software Distribution Service 2.0
81: 2007-06-17 21:08:43 UTC - RP139 - System Checkpoint

-- First Restore Point --
1: 2007-03-24 09:52:19 UTC - RP59 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Adrian Tanner.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:37:06, on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\PMHandler.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Adrian Tanner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Adrian Tanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/us/en/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://adriansdiary.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8EE1D89-2ADA-4F13-ACA6-4A85B2D40EFC}: NameServer = 202.102.134.68 202.102.128.68
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: P4P Service - Unknown owner - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (file missing)
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070619-195520-937 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; Lenovo Group Limited; OnScreenDisplay>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 EGATHDRV (IBM eGatherer) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; RRU>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 smi2 - c:\program files\smi2\smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>
R3 CnxEtP (Conexant AccessRunner USB ADSL Adapter Filter Driver) - c:\windows\system32\drivers\cnxetp.sys <Not Verified; Conexant Systems, Inc.; Conexant AccessRunner ADSL>
R3 CnxEtU (Conexant AccessRunner USB ADSL Interface Device Driver) - c:\windows\system32\drivers\cnxetu.sys <Not Verified; Conexant Systems, Inc.; Conexant AccessRunner ADSL>
R3 CnxTgNW (Conexant AccessRunner ADSL WAN PPPoA Adapter Driver) - c:\windows\system32\drivers\cnxtgnw.sys <Not Verified; Conexant Systems, Inc.; Conexant AccessRunner ADSL>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 m_hook (Empty) - c:\documents and settings\adrian tanner\application data\hidires\m_hook.sys

S0 ANCSQ - c:\windows\system32\drivers\ancsq.sys (file missing)
S1 AVG Anti-Spyware Driver - c:\program files\grisoft\avg anti-spyware 7.5\guard.sys (file missing)
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 AdfuUd (%USB\VID_10D6&PID_1160.DeviceDesc%) - c:\windows\system32\drivers\adfuud.sys (file missing)
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Lenovo; SMI Driver>
S3 SymEvent - c:\program files\symantec\symevent.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 PMSveH - c:\windows\system32\pmsveh.exe <Not Verified; Lenovo; PMSveH>

S2 P4P Service - c:\program files\common files\sogou pxp\p2psvr.exe (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)
S4 AVG Anti-Spyware Guard - c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (file missing)
S4 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
S4 TVT Scheduler - "c:\program files\ibm thinkvantage\common\scheduler\tvtsched.exe" <Not Verified; ; tvtsched Module>
S4 UCLauncherService (ThinkVantage System Update) - c:\program files\thinkvantage\systemupdate\uclauncherservice.exe

-- Scheduled Tasks -------------------------------------------------------------

2007-06-22 12:35:00 438 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{223CCB8B-7E2C-4A0A-B1D5-48E3B46878B5}.job
2007-05-25 17:15:00 406 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-05-14 19:16:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-05-22 and 2007-06-22 -----------------------------

2007-06-22 01:36:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-22 01:36:11 0 d-------- C:\WINDOWS\LastGood
2007-06-22 01:16:31 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Microsoft Web Folders
2007-06-21 23:39:50 0 d-------- C:\Documents and Settings\Adrian Tanner\.housecall6.6
2007-06-21 14:40:16 0 d-------- C:\Program Files\Security Stronghold
2007-06-21 14:26:56 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-06-21 14:26:15 0 d-------- C:\WINDOWS\Internet Logs
2007-06-21 14:15:36 0 d-------- C:\Program Files\SpywareBlaster
2007-06-20 17:24:03 0 dr-h----- C:\Documents and Settings\Adrian Tanner\Recent
2007-06-19 19:56:23 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Uniblue
2007-06-19 16:40:09 69632 --a------ C:\WINDOWS\system32\asprouni.exe <Not Verified; Panda Software; Panda Software ASPRODesinstalador>
2007-06-19 16:37:20 0 d-------- C:\WINDOWS\system32\ASPRO
2007-06-19 15:12:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-13 21:51:52 0 d-------- C:\Program Files\PCPitstop
2007-06-13 20:24:37 0 d-------- C:\Program Files\Lavasoft
2007-06-13 20:24:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-06-13 20:17:15 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Help
2007-06-13 19:52:47 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\DelinvFile
2007-06-13 19:52:45 0 d-------- C:\Program Files\PurgeIE
2007-06-13 17:38:34 0 d-------- C:\WINDOWS\Sun
2007-06-13 16:39:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-06-13 16:39:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-06-13 16:32:05 0 d-------- C:\Documents and Settings\All Users\Templates
2007-06-13 16:25:45 0 d-------- C:\Program Files\Ashampoo
2007-06-13 16:16:21 0 d-------- C:\Program Files\Yahoo!
2007-06-13 16:16:15 0 d-------- C:\Program Files\CCleaner
2007-06-13 12:20:57 131072 --a------ C:\WINDOWS\system32\datestamp.dll <Not Verified; FBMSoftware; FBMSoftware TimeStamp>
2007-06-13 12:15:58 0 d-------- C:\Program Files\FBM Software
2007-06-13 09:35:08 0 d-------- C:\Program Files\F-Secure
2007-06-12 21:38:37 14880 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-12 21:38:37 240160 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-12 21:13:17 0 d-------- C:\Program Files\Norton AntiVirus
2007-06-12 21:12:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-07 14:37:40 0 d-------- C:\adaff
2007-06-06 21:31:17 0 d-------- C:\ARES SHARED
2007-06-05 20:59:29 0 d-------- C:\Documents and Settings\Adrian Tanner\Contacts
2007-06-04 15:18:48 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
2007-06-04 15:17:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
2007-06-04 15:14:56 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
2007-06-02 12:45:59 0 d-------- C:\WINDOWS\exefld
2007-05-31 11:35:58 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Roxio
2007-05-31 07:01:15 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Ahead
2007-05-31 06:56:16 0 d-------- C:\Program Files\Nero
2007-05-31 06:56:16 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-25 13:45:36 0 d-------- C:\Program Files\Support.com
2007-05-24 23:29:11 0 d-------- C:\WINDOWS\MaxTV
2007-05-24 23:29:11 0 d-------- C:\Program Files\MaxTV
2007-05-24 20:54:41 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\SopCast
2007-05-24 20:54:37 0 d-------- C:\Program Files\SopCast

-- Find3M Report ---------------------------------------------------------------

2007-06-22 01:12:55 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Free Download Manager
2007-06-21 17:56:54 0 d-------- C:\Program Files\Roxio
2007-06-20 16:26:17 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-06-20 16:19:31 0 d-------- C:\Program Files\Free Download Manager
2007-06-19 14:49:40 0 d-------- C:\Program Files\PC Tools AntiVirus
2007-06-13 20:23:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-13 16:32:54 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Macromedia
2007-06-13 16:30:09 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Adobe
2007-06-13 16:29:22 0 d-------- C:\Program Files\Lenovo
2007-06-13 16:29:22 0 d-------- C:\Program Files\Google
2007-06-13 16:29:21 0 d-------- C:\Program Files\QuickTime
2007-06-13 16:29:21 0 d-------- C:\Program Files\PPLive
2007-06-13 12:32:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-25 13:45:35 0 d-------- C:\Program Files\IBM
2007-05-17 10:31:58 0 d-------- C:\Program Files\Winamp
2007-05-12 19:04:20 16 --a------ C:\WINDOWS\popcinfot.dat
2007-05-06 02:39:03 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Real
2007-05-06 02:34:01 0 d-------- C:\Program Files\Common Files\xing shared
2007-05-06 02:33:47 0 d-------- C:\Program Files\Common Files\Real
2007-05-06 02:32:32 0 d-------- C:\Program Files\Real
2007-05-06 02:04:53 0 -rahs---- C:\MSDOS.SYS
2007-05-05 23:32:04 0 d-------- C:\Program Files\MSN Messenger
2007-05-05 19:39:37 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Business Logic
2007-05-05 19:31:04 0 d-------- C:\Program Files\blcorp
2007-04-26 23:17:58 0 d-------- C:\Documents and Settings\Adrian Tanner\Application Data\Media Player Classic
2007-04-26 23:16:24 0 d-------- C:\Program Files\Ringz Studio
2007-04-26 10:00:57 0 d-------- C:\Program Files\InterVideo
2007-04-24 13:42:53 0 d-------- C:\Program Files\Sogou PXP
2007-04-21 10:29:08 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
2007-04-19 13:47:06 14 --a------ C:\WINDOWS\popcinfo.dat
2007-04-19 13:13:13 0 --a------ C:\WINDOWS\popcreg.dat
2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} C:\Program Files\Free Download Manager\iefdmcks.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"TPWAUDAP"="C:\\Program Files\\Lenovo\\HOTKEY\\TpWAudAp.exe"
"PMHandler"="C:\\WINDOWS\\system32\\PMHandler.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"OmniPass"="C:\\Program Files\\Softex\\OmniPass\\scureapp.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"="0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=dword:00000001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\1\Command RUNAUT~1\autorun.pif
Shell\2\Command RUNAUT~1\autorun.pif
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cf95c77-1e5a-11dc-9530-00d0f86f60b4}]
Shell\1\Command E:\.\recycled\info.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4fd4284-d144-11db-9452-00d0f86f60b4}]
Shell\Auto\command E:\fun.xls.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

-- End of Deckard's System Scanner: finished at 2007-06-22 at 12:37:26 ---------

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1014.11 MiB / 559.43 MiB
Pagefile Memory (total/avail): 1673.33 MiB / 1297.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.3 MiB

C: is Fixed (NTFS) - 69.69 GiB total, 33.87 GiB free.
D: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal firewall is enabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Adrian Tanner\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Adrian Tanner\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\MaxTV\\maxtv.exe"="C:\\Program Files\\MaxTV\\maxtv.exe:*:Enabled:MaxTV Online"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Adrian Tanner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LENOVO-N100
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Adrian Tanner
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\LENOVO-N100
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Softex\OmniPass;C:\Program Files\IBM ThinkVantage\Client Security Solution;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
RR=C:\Program Files\IBM ThinkVantage\Rescue and Recovery
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADRIAN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADRIAN~1\LOCALS~1\Temp
TVT=C:\Program Files\IBM ThinkVantage
TVTPYDIR=C:\Program Files\IBM ThinkVantage\Common\Python24
USERDOMAIN=LENOVO-N100
USERNAME=Adrian Tanner
USERPROFILE=C:\Documents and Settings\Adrian Tanner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Adrian Tanner (admin)

-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\SETUP.EXE" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\SETUP.EXE" -l0x9 UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Acrobat 7.0 Professional -->
Adobe Acrobat 7.0.9 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems HDA Modem --> agrsmdel
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Ares 2.0.8 --> "C:\Program Files\Ares\uninstall.exe"
AVIConverter 2.0 --> C:\Program Files\AVIConverter\uninst.exe
Broadcom 802.11 Network Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant AccessRunner ADSL --> "C:\Program Files\Conexant\AccessRunner ADSL USB\setup.exe" -u
DelinvFile - 3.01 --> "C:\Program Files\PurgeIE\unins000.exe"
Diskeeper Lite --> MsiExec.exe /X{F6A04D96-C6D7-498C-9099-BCAD0D99778D}
Fingerprint Sensor Minimum Install --> MsiExec.exe /I{0763E426-FB61-4CD3-B8C7-01A0F37CAAEB}
Free Download Manager 2.1 --> "C:\Program Files\Free Download Manager\unins000.exe"
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x9 -AddRemove
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.2 -->
IBM 32-bit Runtime Environment for Java 2, v1.4.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
Inst5657 --> MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
InterVideo WinDVD Creator 3 --> "C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Lenovo Bluetooth with Enhanced Data Rate Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Lenovo Care --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\SETUP.EXE" -l0x9 -AddRemove
Lenovo Care Supplement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\SETUP.EXE" -l0x9 -AddRemove
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\SETUP.EXE" -l0x9 -AddRemove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 7 Premium --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NJStar Communicator --> C:\Program Files\NJStar Communicator\uninst.exe
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
OmniPass --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\SETUP.EXE" -l0x9
On Screen Display --> RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Program Files\Lenovo\HOTKEY\tphkinst.inf
On2 VP3 Video for Windows codec --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF59708F-60F4-11D5-866A-00A0D2183227}\Setup.exe" -l0x9
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda ActiveScan Pro --> C:\WINDOWS\system32\ASProUni.exe Panda ActiveScan Pro
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PM Driver -->
PM Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C11DFB24-1018-4722-917C-5288E18A46CF}
PPLive 1.5.43 --> C:\Program Files\PPLive\uninst.exe
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\SETUP.EXE" -l0x9 -AddRemove
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.exe" -l0x9 -removeonly
Rescue and Recovery --> MsiExec.exe /I{1A07F627-0F8F-43EE-B667-38908DF85911}
Roxio Digital Media LE --> C:\ibmtools\apps\digmedle\sequencer.exe -fc:\ibmtools\apps\digmedle\uninst.seq
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sogou PXP Accelerator 2.2.0.1 --> C:\Program Files\Sogou PXP\Uninstall.exe
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Storm codec --> C:\Program Files\Ringz Studio\Storm Codec\uninst.exe
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\IBMTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\SETUP.EXE" -l0x9 anything
ThinkVantage System Update --> MsiExec.exe /X{2A43FF29-0D97-4445-B82D-9324F176AED5}
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\SETUP.EXE" -l0x9 UNINSTALL
WebFldrs XP -->
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}

-- End of Deckard's System Scanner: finished at 2007-06-22 at 12:37:26 ---------

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > very annoying trojan/worm virus that i can't get rid of - please help!


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.