the hjt log is blue,
combofix is green.
uninstall log is purple
It says that this thing is supposed to have a lot of pop ups, but I haven't had any at all....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:50 AM, on 8/29/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Waterproof\winlogon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Windows Logon Applicationedc] C:\Users\Waterproof\winlogon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxba_device - - C:\Windows\system32\lxbacoms.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13223 bytes
ComboFix 08-08-28.04 - Waterproof 2008-08-29 6:56:38.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.631 [GMT -4:00]
Running from: C:\Users\Waterproof\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Users\Waterproof\AppData\Roaming\macromedia\Flash Player\#SharedObjects\3KS38BBT\interclick.com
C:\Users\Waterproof\AppData\Roaming\macromedia\Flash Player\#SharedObjects\3KS38BBT\interclick.com\ud.sol
C:\Users\Waterproof\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Waterproof\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\system32\blphcltrj0e7fg.scr
C:\Windows\system32\fclfrkdw.dll
C:\Windows\system32\fgxirxpi.exe
C:\Windows\system32\fhuexe.dll
C:\Windows\system32\fttfwnit.dll
C:\Windows\system32\jkkLCtTN.dll
C:\Windows\system32\lphcltrj0e7fg.exe
C:\Windows\system32\MSINET.oca
C:\Windows\system32\OnXHjiOq.ini
C:\Windows\System32\OnXHjiOq.ini2
C:\Windows\system32\p32
C:\Windows\system32\pac.txt
C:\Windows\system32\phcltrj0e7fg.bmp
C:\Windows\system32\qOijHXnO.dll
C:\Windows\system32\sysrest.sys
C:\Windows\system32\sysrest32.exe
C:\Windows\system32\tidkrlnk.exe
C:\Windows\System32\tinwfttf.ini
C:\Windows\system32\trkwexes.dll
C:\Windows\system32\urqPheEV.dll
C:\Windows\System32\VEehPqru.ini
C:\Windows\System32\VEehPqru.ini2
C:\Windows\system32\vtUOGXol.dll
C:\Windows\system32\wrdhqkct.dll
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
2008-08-29 06:09 . 2008-08-29 06:09 224,255,928 --a------ C:\Windows\MEMORY.DMP
2008-08-28 23:11 . 2008-08-28 23:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-28 21:08 . 2008-08-28 22:37 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-28 21:08 . 2008-08-28 22:37 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-28 21:08 . 2008-08-28 21:15 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-28 17:25 . 2008-08-28 17:25 203,776 --a------ C:\Windows\System32\wtlmhlnl.exe
2008-08-28 16:44 . 2008-08-28 16:44 71 --a------ C:\Users\Waterproof\7812.bat
2008-08-28 10:50 . 2008-08-28 10:50 <DIR> d-------- C:\Windows\System32\kp4
2008-08-28 10:50 . 2008-08-28 10:50 99,328 --a------ C:\Windows\faceback.exe
2008-08-28 10:49 . 2008-08-28 10:49 <DIR> d-------- C:\Windows\System32\eMaxt02
2008-08-28 10:49 . 2008-08-28 10:50 <DIR> d-------- C:\Temp\bbc2
2008-08-28 10:49 . 2008-08-29 06:57 <DIR> d-------- C:\Temp
2008-08-28 10:49 . 2008-08-28 16:43 44,544 --a------ C:\Users\Waterproof\index.exe
2008-08-28 10:49 . 2008-08-28 10:49 71 --a------ C:\Users\Waterproof\3434.bat
2008-08-28 10:43 . 2008-08-28 10:43 <DIR> d-------- C:\Users\All Users\PopCap
2008-08-28 10:43 . 2008-08-28 10:43 <DIR> d-------- C:\ProgramData\PopCap
2008-08-28 10:43 . 2008-08-28 10:43 <DIR> d-------- C:\Program Files\PopCap Games
2008-08-27 10:03 . 1999-12-17 10:13 86,016 --a------ C:\Windows\unvise32.exe
2008-08-26 18:09 . 2008-08-26 18:09 <DIR> d-------- C:\Program Files\GoldWave
2008-08-26 18:07 . 2008-08-26 18:07 <DIR> d-------- C:\Program Files\AltoMP3 Gold
2008-08-26 17:55 . 2008-08-26 17:55 <DIR> d-------- C:\Users\Waterproof\AppData\Roaming\Roxio
2008-08-26 17:55 . 2008-08-26 17:55 <DIR> d-------- C:\Users\All Users\Roxio
2008-08-26 17:55 . 2008-08-26 17:55 <DIR> d-------- C:\ProgramData\Roxio
2008-08-26 17:39 . 2008-08-26 18:15 <DIR> d-------- C:\UW20
2008-08-26 17:05 . 2008-08-26 17:05 <DIR> d-------- C:\Users\All Users\HP Product Assistant
2008-08-26 17:05 . 2008-08-26 17:05 <DIR> d-------- C:\ProgramData\HP Product Assistant
2008-08-26 17:02 . 2008-08-26 17:02 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-26 17:02 . 2008-08-26 17:02 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-26 17:01 . 2008-08-26 17:01 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-26 16:58 . 2008-08-26 17:05 <DIR> d-------- C:\Program Files\HP
2008-08-26 16:55 . 2008-08-26 17:07 <DIR> d-------- C:\Users\All Users\HP
2008-08-26 16:55 . 2008-08-26 17:07 <DIR> d-------- C:\ProgramData\HP
2008-08-26 16:55 . 2008-08-26 17:28 157,583 --a------ C:\Windows\hpoins26.dat
2008-08-26 12:16 . 2008-08-28 22:40 <DIR> d-------- C:\Users\Waterproof\AppData\Roaming\vusbsp
2008-08-18 19:56 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-18 19:56 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-18 19:56 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-18 19:56 . 2008-07-19 01:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-18 19:56 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-18 19:56 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-18 19:56 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-18 19:56 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-18 19:56 . 2008-07-18 23:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-14 06:03 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 06:01 . 2008-04-10 01:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 06:01 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 06:01 . 2008-04-18 01:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-14 06:00 . 2008-06-26 21:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 06:00 . 2008-06-27 00:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-07 15:48 . 2008-08-07 15:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-07 01:50 . 2008-08-13 03:20 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-08-03 01:56 . 2008-08-28 22:39 <DIR> d-------- C:\Users\Waterproof\AppData\Roaming\OpenOffice.org2
2008-08-02 17:42 . 2008-08-02 17:42 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-08-02 06:45 . 2008-08-02 06:45 <DIR> d-------- C:\Windows\Sun
2008-08-01 16:07 . 2008-08-01 16:08 <DIR> d-------- C:\Windows\System32\Adobe
2008-07-31 18:58 . 2008-07-31 18:58 <DIR> d-------- C:\Program Files\iTunes
2008-07-31 18:58 . 2008-07-31 18:58 <DIR> d-------- C:\Program Files\iPod
2008-07-31 18:43 . 2008-07-31 18:44 <DIR> d-------- C:\Program Files\Safari
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 14:47 --------- d-----w C:\Users\Waterproof\AppData\Roaming\LimeWire
2008-08-28 05:54 --------- d-----w C:\Program Files\Trillian
2008-08-14 10:09 --------- d-----w C:\Program Files\Windows Mail
2008-08-07 05:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 21:39 --------- d-----w C:\Program Files\Java
2008-07-31 23:00 --------- d-----w C:\Users\Waterproof\AppData\Roaming\Apple Computer
2008-07-27 03:16 --------- d-----w C:\Program Files\Microsoft Games
2008-07-19 07:09 --------- d-----w C:\Program Files\AskPBar
2008-07-19 01:24 --------- d-----w C:\Users\Waterproof\AppData\Roaming\App Launcher Gadget
2008-07-17 07:08 --------- d-----w C:\Program Files\MSECache
2008-07-17 06:52 --------- d-----w C:\Users\Waterproof\AppData\Roaming\Microsoft Web Folders
2008-07-17 06:37 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-15 17:27 --------- d-----w C:\Program Files\Lexmark X5100 Series
2008-07-13 10:12 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-12 17:41 --------- d-----w C:\Program Files\LimeWire
2008-07-12 17:17 --------- d-----w C:\ProgramData\Apple Computer
2008-07-12 17:15 --------- d-----w C:\Program Files\QuickTime
2008-07-12 17:15 --------- d-----w C:\Program Files\Bonjour
2008-07-12 17:08 --------- d-----w C:\ProgramData\Apple
2008-07-12 17:08 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-12 06:04 --------- d-----w C:\ProgramData\Lenovo
2008-07-10 16:35 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-09 23:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-09 22:05 --------- d-----w C:\Users\Waterproof\AppData\Roaming\Leadertech
2008-07-09 21:37 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-09 21:17 --------- d-----w C:\ProgramData\Symantec
2008-07-09 21:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-09 21:13 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-09 21:12 806 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-07-09 21:12 8,014 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-07-09 21:12 115,000 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-07-09 21:12 --------- d-----w C:\Program Files\Symantec
2008-07-09 20:59 --------- d-----w C:\Users\Waterproof\AppData\Roaming\Lenovo
2008-07-09 20:55 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-09 20:54 100 ----a-w C:\Windows\system32\drivers\Lenovo_7659_N2U.MRK
2008-06-27 22:38 53,248 --sh--w C:\Users\Waterproof\winlogon.exe
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 05:14 1,732 ----a-w C:\tvtpktfilter.dat
2008-06-12 03:55 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-06-12 03:53 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-06-12 03:52 988,216 ----a-w C:\Windows\System32\winload.exe
2008-06-12 03:52 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-06-12 03:52 615,992 ----a-w C:\Windows\System32\ci.dll
2008-06-12 03:52 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-06-12 03:52 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-06-12 03:52 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-06-12 03:52 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-06-12 03:52 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-06-12 03:52 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-06-12 03:52 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2008-07-19 03:09 61440]
[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 22:23 1233920]
"Windows Logon Applicationedc"="C:\Users\Waterproof\winlogon.exe" [2008-06-27 18:38 53248]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 14:04 59168]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-12-06 13:11 324896]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-12-06 13:11 214576]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 05:20 820520]
"snp2uvc"="C:\Windows\vsnp2uvc.exe" [2006-12-28 22:48 569344]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 01:49 66176]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 13:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-07-09 16:40 1282048]
"LenovoOobeOffers"="c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 15:53 28672]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 23:12 536576]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 19:21 217176]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 06:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 13:10 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 14:00 419376]
"CameraApplicationLauncher"="C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2007-08-22 20:26 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 07:27 144784]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 18:48 419112]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 18:49 124200]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 22:28 431752]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 23:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 23:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 23:13 133656]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 13:50 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 12:47 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 13:47 289064]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 21:17 49152]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]
C:\Users\Waterproof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 19:41:28 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 16:11:50 719664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 20:38:52 214360]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{994FB1BF-3B05-4D3D-B5A8-9A32BCCF60A5}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BE81EE69-8783-4988-9E64-1E7EEF70F978}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{748F7A36-C95F-4356-BDA0-2C930A79677E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2642E82F-AE32-48F4-BC6A-F7E95575D099}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D893D200-9126-4A4E-AE2A-4D843133EB2B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{056C1D64-1AD5-4717-B38F-D66EFEC16058}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{7C7F5A76-6079-467B-8A18-0B4B8195A91B}"= UDP:C:\Windows\System32\lxbacoms.exe:Lexmark Communications System
"{40817FE4-D1BA-4B82-8A08-7606601ADE11}"= TCP:C:\Windows\System32\lxbacoms.exe:Lexmark Communications System
"{66C31868-57A6-4001-895D-4B71027CD110}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbapswx.exe:Printer Status Window
"{FAC413EC-B54E-4BB2-8CEE-B374023EB1B0}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbapswx.exe:Printer Status Window
"{EF49CA3D-8267-4FC0-A957-E465C8F67324}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A4A176D1-F5EE-4BFE-A518-AC3FDFC143E8}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C3E9063A-971B-4DCB-93A2-614AC0EE6D60}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{53906E77-27BE-41EF-AD49-BA13C9F718E2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{9683E431-E588-4A52-BCA4-197F24D2E82B}C:\\users\\waterproof\\appdata\\local\\temp\\vusbsp\\vonagetalkusb.exe"= UDP:C:\users\waterproof\appdata\local\temp\vusbsp\vonagetalkusb.exe:vonagetalkusb.exe
"UDP Query User{940D550F-8105-4A8D-A052-4E74FF4FED5F}C:\\users\\waterproof\\appdata\\local\\temp\\vusbsp\\vonagetalkusb.exe"= TCP:C:\users\waterproof\appdata\local\temp\vusbsp\vonagetalkusb.exe:vonagetalkusb.exe
"TCP Query User{4FADB00A-E2A5-4F21-A71E-A7CD2B4AFCBB}C:\\users\\waterproof\\appdata\\roaming\\vusbsp\\vonagetalkusb.exe"= UDP:C:\users\waterproof\appdata\roaming\vusbsp\vonagetalkusb.exe:vonagetalkusb.exe
"UDP Query User{8981B39C-2F8E-4123-BF42-C6D3C6F9C73F}C:\\users\\waterproof\\appdata\\roaming\\vusbsp\\vonagetalkusb.exe"= TCP:C:\users\waterproof\appdata\roaming\vusbsp\vonagetalkusb.exe:vonagetalkusb.exe
"{617C5A68-B086-462A-9BE7-08B3F5BA67C5}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{6B0A4DC4-9C19-43F9-804C-C1E904D0FFEF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{365DD8CC-F926-49A3-993A-1297672A7117}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{976D515E-E2BC-4040-8BBF-D2D3A4E8D25A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{898A948D-841A-47F8-ABFB-1EFC939CABB3}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{8D685019-8334-40F3-A2D4-38163DFCD119}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{A98782BD-8C4D-4F79-B6D6-105C9872D92A}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{08348A5B-3772-4C13-BC12-E048CBFC5423}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{DF39095D-DF41-4712-87DB-09B714EB1D74}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{25EBD56A-6227-4298-A225-9CB8A4D1B32F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{4F7D0682-F6B6-400B-9137-5DC89D4CC714}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{76486E61-FAE2-455A-B522-E81D9BE308D4}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{F95EED90-5805-46AF-898F-94DF14996AFE}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{7763661D-3D1A-4123-959D-8679A847D5CB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{009D7874-056C-4F46-8339-5745209EBDFD}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{FA08B81B-5398-4827-85B5-63AB31FCC68D}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{FCC7C48E-958A-4090-9EA1-AFA154981299}"= UDP:C:\Users\Waterproof\AppData\Local\Temp\.tt1797.tmp:enable
"{DCC3B91A-9560-4976-84E1-5D6FDC737F2A}"= TCP:C:\Users\Waterproof\AppData\Local\Temp\.tt1797.tmp:enable
R0 Shockprf;Shockprf;C:\Windows\system32\DRIVERS\Apsx86.sys [2007-10-16 21:33]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM86.sys [2007-10-16 21:32]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 23:05]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 06:04]
R1 TPPWRIF;TPPWRIF;C:\Windows\system32\drivers\Tppwr32v.sys [2007-12-06 13:11]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 18:44]
R2 lxba_device;lxba_device;C:\Windows\system32\lxbacoms.exe [2007-04-24 22:24]
R2 TPHKSVC;On Screen Display;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 01:07]
R2 TVT Backup Protection Service;TVT Backup Protection Service;C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 23:03]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 18:59]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 14:46]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 01:20]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 01:20]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 02:48]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 22:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 22:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-08-29 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 18:54]
2008-08-29 C:\Windows\Tasks\User_Feed_Synchronization-{7D0A9B2B-A02A-4A6B-9DF0-B9E3EEF4E5BB}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-20 22:25]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MSServer - C:\Windows\system32\jkkLCtTN.dll
HKLM-Run-lphcltrj0e7fg - C:\Windows\system32\lphcltrj0e7fg.exe
HKLM-Run-inrhcgtrj0e7fg - C:\Users\Waterproof\AppData\Local\Temp\.ttF079.tmp.exe
HKLM-Run-e0f3b564 - C:\Windows\system32\fttfwnit.dll
HKLM-Run-BMe3c086f8 - C:\Windows\system32\wrdhqkct.dll
ShellExecuteHooks-{C85BD9F1-5B95-46DA-9F39-979DB6B58484} - C:\Windows\system32\jkkLCtTN.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Waterproof\AppData\Roaming\Mozilla\Firefox\Profiles\qwhnxym8.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - http://www.google.com
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 07:05:50
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Users\Waterproof\winlogon.exe
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\ibmpmsvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-29 7:11:52 - machine was rebooted [Waterproof]
ComboFix-quarantined-files.txt 2008-08-29 11:11:22
Pre-Run: 42,239,029,248 bytes free
Post-Run: 40,947,822,592 bytes free
360 --- E O F --- 2008-08-27 02:42:25
32 Bit HP CIO Components Installer
Access Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8
Adobe Shockwave Player 11
AltoMP3 Gold 5.20
AppCore
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AV
Bonjour
Camera Center
ccCommon
Client Security Solution
Compatibility Pack for the 2007 Office system
Diskeeper Home
DIY Writer
Drag-to-Disc
Full Tilt Poker
GoldWave v5.23
Help Center
HijackThis 2.0.2
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4340 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Lenovo Registration
Lenovo System Interface Driver
Lexmark X5100 Series
LiveUpdate 3.2 (Symantec Corporation)
Maintenance Manager
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office 2000 SR-1 Small Business
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.1)
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Multimedia Center For Think Offerings
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OCR Software by I.R.I.S. 10.0
On Screen Display
OpenOffice.org 2.4
PC-Doctor 5 for Windows
Picasa 2
PopCap Browser Plugin
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shop for HP Supplies
Sonic Icons for Lenovo
SoundMAX
SPBBC 32bit
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
SymNet
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Mobility Center Customization
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
Thinkpad Wireless LAN Adapters Software (11a/b/g/n)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Trillian
VitalSource Bookshelf
Wallpapers
Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)
Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
Windows Live Toolbar
Windows Live Toolbar
any help would be really really appreciated. Thanks!