Solved [Control Panel missing/inaccessible]

[Resolved] [Control Panel missing/inaccessible]

thanks Dave;
I think I agree with you on remnant of spyware. here's the main.txt:


Deckard's System Scanner v20070905.67
Run by Ray on 2007-09-15 22:02:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2007-09-16 05:02:20 UTC - RP23 - Deckard's System Scanner Restore Point
7: 2007-09-15 15:46:05 UTC - RP22 - System Checkpoint
6: 2007-09-14 15:07:54 UTC - RP21 - System Checkpoint
5: 2007-09-13 14:40:23 UTC - RP20 - Installed Symantec AntiVirus Client
4: 2007-09-13 14:39:30 UTC - RP19 - Installed Symantec AntiVirus Client


-- First Restore Point --
1: 2007-09-13 13:27:36 UTC - RP16 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-15 22:03:38
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\Bigdog.exe
C:\WINDOWS\LenovoTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ray\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TpShocks] TpShocks.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKEY_LOCAL_MACHINE\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TP4EX] tp4ex.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKEY_LOCAL_MACHINE\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKEY_LOCAL_MACHINE\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe "
O4 - HKEY_LOCAL_MACHINE\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
O4 - HKEY_LOCAL_MACHINE\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKEY_LOCAL_MACHINE\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKEY_LOCAL_MACHINE\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [BigDogPath323] Bigdog.exe Lenovo USB WebCam(Video)
O4 - HKEY_LOCAL_MACHINE\..\Run: [LenovoTray] LenovoTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKEY_LOCAL_MACHINE\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189318869671
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O20 - Winlogon Notify: ACNotify - C:\WINDOWS\system32\ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\system32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\system32\tphklock.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe "
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - "C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe "
O23 - Service: TVT Scheduler - Lenovo Group Limited - "C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe "
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe


-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL %1,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 EGATHDRV (IBM eGatherer) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 PrivateDisk - c:\program files\lenovo\safeguard privatedisk\privatediskm.sys <Not Verified; Utimaco Safeware AG; SafeGuard PrivateDisk>
R2 PROCDD (IPS Helper Driver) - c:\windows\system32\drivers\procdd.sys <Not Verified; Lenovo Group Limited; Away Manager>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smi2 - c:\program files\smi2\smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>
R2 tvtfilter - c:\windows\system32\drivers\tvtfilter.sys <Not Verified; Lenovo; Rescue and Recovery>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - c:\windows\system32\drivers\bvrpmpr5.sys <Not Verified; BVRP Software; BVRPNDIS Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
R2 IPSSVC (IPS Core Service) - c:\windows\system32\ipssvc.exe <Not Verified; Lenovo Group Limited; Away Manager>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe

S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

 

I had to post the log in multiple replies since it's too long. here's the rest of it:

-- Scheduled Tasks -------------------------------------------------------------

2007-09-15 21:27:00 250 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-09-15 07:15:35 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2007-08-28 06:00:52 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-08-15 and 2007-09-15 -----------------------------

2007-09-13 07:40:26 0 d-------- C:\Program Files\Symantec_Client_Security
2007-09-13 07:30:50 0 d-------- C:\WINDOWS\system32\appmgmt
2007-09-13 07:14:03 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-12 06:16:36 0 d-------- C:\Program Files\Lavasoft
2007-09-12 06:16:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-12 06:15:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-11 10:26:06 356 --a------ C:\regis.reg
2007-09-11 07:52:47 0 d-------- C:\Documents and Settings\Ray\Application Data\U3
2007-09-08 08:10:55 7680 --a------ C:\WINDOWS\system32\winavxx.exe
2007-09-08 08:10:55 7680 --a------ C:\WINDOWS\system32\printer.exe
2007-09-08 08:10:34 0 d-------- C:\WINDOWS\Sun
2007-09-03 23:11:41 0 d-------- C:\Documents and Settings\Ray\Application Data\Apple Computer
2007-09-03 23:11:30 0 d-------- C:\Program Files\iPod
2007-09-03 23:11:27 0 d-------- C:\Program Files\iTunes
2007-09-03 23:10:59 0 d-------- C:\Program Files\QuickTime
2007-09-03 23:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-03 23:10:48 0 d-------- C:\Program Files\Apple Software Update
2007-09-03 23:10:34 0 d-------- C:\Program Files\Common Files\Apple
2007-09-03 23:10:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-03 22:29:21 0 d-------- C:\Documents and Settings\Ray\Application Data\AdobeUM
2007-09-03 22:28:36 0 d-------- C:\Documents and Settings\Ray\Application Data\Adobe
2007-09-03 22:25:53 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-03 22:25:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-03 22:18:41 0 d-------- C:\WINDOWS\EffectResources
2007-09-03 22:13:22 0 d-------- C:\Program Files\Vimicro Corporation
2007-09-03 22:13:09 226944 -r------- C:\WINDOWS\system32\drivers\vmaudioflt_spkout.sys <Not Verified; Vimicro Corporation; Filter for Audio>
2007-09-03 22:13:09 257280 -r------- C:\WINDOWS\system32\drivers\vmaudioflt.sys <Not Verified; Vimicro Corporation; USB Microphone In>
2007-09-03 22:13:09 45056 -r------- C:\WINDOWS\system32\drivers\UnInstFlt.exe
2007-09-03 22:13:09 40960 -r------- C:\WINDOWS\system32\drivers\SetupVmAduFlt.exe
2007-09-03 22:13:09 49152 -r------- C:\WINDOWS\system32\drivers\InstFlt.exe
2007-09-03 22:13:06 81920 -r------- C:\WINDOWS\VMCap325.exe
2007-09-03 22:13:06 393216 -r------- C:\WINDOWS\LenovoTray.exe <Not Verified; Lenovo; System tray icon Application>
2007-09-03 22:13:06 86016 -r------- C:\WINDOWS\Bigdog.exe
2007-09-03 22:12:34 0 d-------- C:\Documents and Settings\Ray\Application Data\InstallShield
2007-09-03 02:51:20 0 d-------- C:\Documents and Settings\Ray\Application Data\Yahoo!
2007-09-03 02:51:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-09-03 02:49:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-03 02:47:52 0 d-------- C:\Program Files\Yahoo!
2007-09-02 05:55:22 0 d-------- C:\Documents and Settings\Ray\Application Data\InterVideo
2007-09-01 23:55:48 0 d-------- C:\Documents and Settings\Ray\Application Data\Sun
2007-08-31 06:21:48 0 d-------- C:\Program Files\MSXML 6.0
2007-08-29 11:21:11 0 d-------- C:\WINDOWS\system32\PreInstall
2007-08-29 07:38:05 0 d-------- C:\WINDOWS\pss
2007-08-29 07:27:03 0 d-------- C:\WINDOWS\system32\LogFiles
2007-08-29 06:32:05 44224 -ra------ C:\WINDOWS\system32\drivers\BVRPMPR5.SYS <Not Verified; BVRP Software; BVRPNDIS Rawether for Windows>
2007-08-29 06:30:28 0 d-------- C:\Netgear
2007-08-29 06:17:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-29 06:17:48 0 d-------- C:\Documents and Settings\Ray\Application Data\Macromedia
2007-08-28 06:03:24 0 d-------- C:\Program Files\Windows Live Toolbar
2007-08-28 06:03:16 0 d--h----- C:\Documents and Settings\Ray\Templates
2007-08-28 06:03:16 0 dr------- C:\Documents and Settings\Ray\Start Menu
2007-08-28 06:03:16 0 dr-h----- C:\Documents and Settings\Ray\SendTo
2007-08-28 06:03:16 0 dr-h----- C:\Documents and Settings\Ray\Recent
2007-08-28 06:03:16 0 d--h----- C:\Documents and Settings\Ray\PrintHood
2007-08-28 06:03:16 2359296 --ah----- C:\Documents and Settings\Ray\NTUSER.DAT
2007-08-28 06:03:16 0 d--h----- C:\Documents and Settings\Ray\NetHood
2007-08-28 06:03:16 0 dr------- C:\Documents and Settings\Ray\My Documents
2007-08-28 06:03:16 0 d--h----- C:\Documents and Settings\Ray\Local Settings
2007-08-28 06:03:16 0 dr------- C:\Documents and Settings\Ray\Favorites
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Desktop
2007-08-28 06:03:16 0 d--hs---- C:\Documents and Settings\Ray\Cookies
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Bluetooth Software
2007-08-28 06:03:16 0 dr-h----- C:\Documents and Settings\Ray\Application Data
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Application Data\ThinkVantage
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Application Data\Symantec
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Application Data\Lenovo
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Application Data\Identities
2007-08-28 06:03:00 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Bluetooth Software
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Application Data\ThinkVantage
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Application Data\Lenovo
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2007-08-23 14:50:54 0 d-------- C:\Program Files\Microsoft Small Business
2007-08-23 14:48:27 0 d-------- C:\Program Files\Microsoft SQL Server
2007-08-23 14:46:00 0 d-------- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2007-08-23 14:45:57 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-08-23 14:44:56 0 d-------- C:\Program Files\Microsoft Works
2007-08-23 14:44:21 0 d-------- C:\Program Files\Microsoft.NET
2007-08-23 14:42:52 0 d-------- C:\WINDOWS\SHELLNEW
2007-08-23 14:42:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-08-23 14:42:20 0 dr-h----- C:\MSOCache
2007-08-23 14:41:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
2007-08-23 14:41:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lenovo
2007-08-23 14:38:02 0 dr-hs---- C:\RRbackups
2007-08-23 14:35:14 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
2007-08-23 14:35:08 0 d-------- C:\Program Files\SMI2
2007-08-23 14:35:06 0 d-------- C:\Program Files\TVT SMBus
2007-08-23 14:35:03 0 d-------- C:\SWSHARE
2007-08-23 14:35:00 23552 --a------ C:\WINDOWS\system32\drivers\psasrv.exe
2007-08-23 14:35:00 7012 --a------ C:\WINDOWS\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-08-23 14:34:38 0 d-------- C:\Program Files\Picasa2
2007-08-23 14:34:32 6016 --a------ C:\WINDOWS\system32\drivers\IBMBLDID.sys
2007-08-23 14:34:32 11520 --a------ C:\WINDOWS\system32\drivers\ANC.sys <Not Verified; IBM Corp.; IBM Access Connections>
2007-08-23 14:34:21 0 d-------- C:\Program Files\Diskeeper Corporation
2007-08-23 14:34:14 0 d-------- C:\WINDOWS\Downloaded Installations
2007-08-23 14:34:01 114688 --a------ C:\WINDOWS\desktopset.exe
2007-08-23 14:30:19 40 --a------ C:\WINDOWS\system32\profile.dat
2007-08-23 14:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-08-23 14:29:30 0 d-------- C:\Program Files\Symantec
2007-08-23 14:29:23 0 d-------- C:\Program Files\Symantec Client Security
2007-08-23 14:29:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-23 14:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-23 14:28:34 0 d-------- C:\Program Files\PCDR5
2007-08-23 14:27:59 0 d-------- C:\Program Files\Common Files\Lenovo
2007-08-23 14:27:45 0 d-------- C:\Program Files\Sonic Icons for Lenovo
2007-08-23 14:27:43 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-08-23 14:27:40 0 d-------- C:\Program Files\Sonic
2007-08-23 14:27:40 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-08-23 14:27:38 0 d-------- C:\WINDOWS\system32\DLA
2007-08-23 14:27:37 0 d-------- C:\Program Files\Multimedia Center for Think Offerings
2007-08-23 14:27:17 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-23 14:26:44 21060 --a------ C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2007-08-23 14:26:24 0 d-------- C:\Program Files\Common Files\InterVideo
2007-08-23 14:26:09 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-08-23 14:26:09 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-08-23 14:26:09 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-08-23 14:26:09 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-08-23 14:26:09 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-08-23 14:26:09 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-08-23 14:26:05 0 d-------- C:\Program Files\InterVideo
2007-08-23 14:25:43 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-08-23 14:25:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lenovo
2007-08-23 14:25:08 0 d-------- C:\Program Files\Java
2007-08-23 14:25:07 0 d-------- C:\Program Files\Common Files\Java
2007-08-23 14:24:50 917504 --a------ C:\WINDOWS\system32\ahlprun.exe <Not Verified; LENOVO; AHLPRUN>
2007-08-23 14:24:50 0 d-------- C:\Icons
2007-08-23 14:24:33 0 d-------- C:\Program Files\ThinkVantage
2007-08-23 14:22:38 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-08-23 14:21:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2007-08-23 14:20:53 0 d-------- C:\Program Files\Digital Line Detect
2007-08-23 14:20:52 0 d-------- C:\Program Files\NetWaiting
2007-08-23 14:20:47 0 d-------- C:\Program Files\CONEXANT
2007-08-23 14:20:28 53248 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-08-23 14:20:28 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-08-23 14:20:28 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-08-23 14:20:28 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-08-23 14:20:18 40960 --a------ C:\WINDOWS\system32\TP4HOOK.dll <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>
2007-08-23 14:20:18 65536 --a------ C:\WINDOWS\system32\TP4EX.exe <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>
2007-08-23 14:20:18 40960 --a------ C:\WINDOWS\system32\tp4cross.exe <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>
2007-08-23 14:20:18 45056 --a------ C:\WINDOWS\system32\FPCALL.dll
2007-08-23 14:20:10 0 d-------- C:\Documents and Settings\Administrator\Bluetooth Software
2007-08-23 14:19:27 7168 --a------ C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2007-08-23 14:19:23 0 d-------- C:\Program Files\Lenovo
2007-08-23 14:19:19 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
2007-08-23 14:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-08-23 14:18:52 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-23 14:18:51 0 d-------- C:\Program Files\Intel
2007-08-23 14:18:37 106496 --a------ C:\WINDOWS\system32\TpShocks.exe <Not Verified; Lenovo, Ltd. and IBM Corporation.; n/a TpShocks>
2007-08-23 14:18:37 479232 --a------ C:\WINDOWS\system32\TpShCPL.dll <Not Verified; IBM Corp.; n/a TpShCPL>
2007-08-23 14:18:37 24576 --a------ C:\WINDOWS\system32\TpPenMon.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System - Pen Activity Monitor>
2007-08-23 14:18:37 24576 --a------ C:\WINDOWS\system32\TpPenMon.dll <Not Verified; Lenovo.; ThinkVantage Active Protection System - Pen Monitor Module>
2007-08-23 14:18:37 77824 --a------ C:\WINDOWS\system32\TPHDEXLG.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
2007-08-23 14:18:37 61440 --a------ C:\WINDOWS\system32\Sensor.dll <Not Verified; Lenovo.; ThinkVantage Active Protection System>
2007-08-23 14:18:37 88576 --a------ C:\WINDOWS\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
2007-08-23 14:18:37 4736 --a------ C:\WINDOWS\system32\drivers\ShockMgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
2007-08-23 14:18:36 32768 --a------ C:\WINDOWS\system32\TpKmpSvc.exe
2007-08-23 14:18:27 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-08-23 14:18:25 0 d-------- C:\Program Files\Synaptics
2007-08-23 14:18:18 4442 --a------ C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-08-23 14:18:18 16384 --a------ C:\WINDOWS\PWMBTHLP.EXE
2007-08-23 14:18:09 9343 --a------ C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2007-08-23 14:18:09 14848 --a------ C:\WINDOWS\system32\drivers\SMAPINT.SYS <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-08-23 14:18:09 0 d-------- C:\Program Files\ThinkPad
2007-08-23 14:18:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 14:18:06 0 d-------- C:\Program Files\MSXML 4.0
2007-08-23 14:16:27 0 d-------- C:\Program Files\Common Files\Installshield
2007-08-23 14:15:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-08-23 14:14:43 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-23 14:12:27 0 d-------- C:\WINDOWS\RegisteredPackages
2007-08-23 14:11:28 0 d-------- C:\Program Files\Analog Devices
2007-08-23 14:09:32 0 d-a------ C:\drivers
2007-08-23 14:03:38 0 d-------- C:\SWTOOLS
2007-08-23 14:03:25 0 d-------- C:\WINDOWS\WinSxS
2007-08-23 14:03:25 0 dr------- C:\WINDOWS\Web
2007-08-23 14:03:25 0 d-------- C:\WINDOWS\twain_32
2007-08-23 14:03:25 0 d---s---- C:\WINDOWS\Tasks
2007-08-23 14:03:24 0 d-------- C:\WINDOWS\system32\xircom
2007-08-23 14:03:21 0 d-------- C:\WINDOWS\system32\wins
2007-08-23 14:03:17 0 d-------- C:\WINDOWS\system32\wbem
2007-08-23 14:03:15 0 d-------- C:\WINDOWS\system32\usmt
2007-08-23 14:03:15 0 d-------- C:\WINDOWS\system32\URTTemp
2007-08-23 14:03:13 0 d-------- C:\WINDOWS\system32\spool
2007-08-23 14:03:12 0 d-------- C:\WINDOWS\system32\ShellExt
2007-08-23 14:03:12 0 d-------- C:\WINDOWS\system32\Setup
2007-08-23 14:03:10 0 d-------- C:\WINDOWS\system32\Restore
2007-08-23 14:03:09 0 d-------- C:\WINDOWS\system32\ras
2007-08-23 14:03:04 0 d-a------ C:\WINDOWS\system32\oobe
2007-08-23 14:03:01 0 d-------- C:\WINDOWS\system32\npp
2007-08-23 14:02:57 0 d-------- C:\WINDOWS\system32\mui
2007-08-23 14:02:54 0 d-------- C:\WINDOWS\system32\MsDtc
2007-08-23 14:02:53 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-08-23 14:02:53 0 d-------- C:\WINDOWS\system32\Macromed
2007-08-23 14:02:51 0 d-------- C:\WINDOWS\system32\inetsrv
2007-08-23 14:02:50 0 d-------- C:\WINDOWS\system32\IME
2007-08-23 14:02:50 0 d-------- C:\WINDOWS\system32\icsxml
2007-08-23 14:02:50 0 d-------- C:\WINDOWS\system32\ias
2007-08-23 14:02:49 0 d-------- C:\WINDOWS\system32\export
2007-08-23 14:02:46 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-08-23 14:02:45 0 d-------- C:\WINDOWS\system32\drivers
2007-08-23 14:02:45 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-08-23 14:02:44 0 d-ahs---- C:\WINDOWS\system32\dllcache
2007-08-23 14:02:42 0 d-------- C:\WINDOWS\system32\DirectX
2007-08-23 14:02:41 0 d-------- C:\WINDOWS\system32\dhcp
2007-08-23 14:02:38 0 d-------- C:\WINDOWS\system32\config
2007-08-23 14:02:37 0 d-------- C:\WINDOWS\system32\Com
2007-08-23 14:02:36 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-08-23 14:02:35 0 d-------- C:\WINDOWS\system32\CatRoot
2007-08-23 14:02:34 0 d-a------ C:\WINDOWS\system32
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\3076
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\2052
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1054
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1042
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1041
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1037
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1033
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1031
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1028
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1025
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system
2007-08-23 14:02:33 0 d-------- C:\WINDOWS\srchasst
2007-08-23 14:02:32 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-08-23 14:02:32 0 d-------- C:\WINDOWS\security
2007-08-23 14:02:32 0 d-------- C:\WINDOWS\Resources
2007-08-23 14:02:31 0 d-------- C:\WINDOWS\repair
2007-08-23 14:02:31 0 d-------- C:\WINDOWS\Registration
2007-08-23 14:02:31 0 d-------- C:\WINDOWS\Provisioning
2007-08-23 14:02:30 0 d-------- C:\WINDOWS\Prefetch
2007-08-23 14:02:30 0 d-------- C:\WINDOWS\PeerNet
2007-08-23 14:02:12 0 d-------- C:\WINDOWS\pchealth
2007-08-23 14:02:12 0 dr------- C:\WINDOWS\Offline Web Pages
2007-08-23 14:02:12 0 d-------- C:\WINDOWS\mui
2007-08-23 14:02:12 0 d-------- C:\WINDOWS\msapps
2007-08-23 14:02:12 0 d-------- C:\WINDOWS\msagent
2007-08-23 14:02:07 0 d-------- C:\WINDOWS\Media
2007-08-23 14:02:04 0 d-------- C:\WINDOWS\java
2007-08-23 14:02:01 0 d--hs---- C:\WINDOWS\Installer
2007-08-23 14:01:56 0 d--h----- C:\WINDOWS\inf
2007-08-23 14:01:56 0 d-------- C:\WINDOWS\ime
2007-08-23 14:01:34 0 d-------- C:\WINDOWS\Help
2007-08-23 14:01:32 0 dr--s---- C:\WINDOWS\Fonts
2007-08-23 14:01:32 0 d-------- C:\WINDOWS\ehome
2007-08-23 14:01:23 0 d-------- C:\WINDOWS\Driver Cache
2007-08-23 14:01:23 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-08-23 14:01:23 0 d-------- C:\WINDOWS\Debug
2007-08-23 14:01:22 0 d-------- C:\WINDOWS\Cursors
2007-08-23 14:01:22 0 d-------- C:\WINDOWS\Connection Wizard
2007-08-23 14:01:22 0 d-------- C:\WINDOWS\Config
2007-08-23 14:01:18 0 d-------- C:\WINDOWS\AppPatch
2007-08-23 14:01:18 0 d-------- C:\WINDOWS\addins
2007-08-23 14:01:04 0 d-a------ C:\WINDOWS
2007-08-23 14:01:04 0 d--h----- C:\WINDOWS\$hf_mig$
2007-08-23 14:01:03 0 d-a------ C:\VALUEADD
2007-08-23 14:01:03 0 d--hs---- C:\System Volume Information
2007-08-23 14:01:02 0 d-a------ C:\SUPPORT
2007-08-23 14:01:02 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-23 14:01:00 0 d-------- C:\Program Files\Windows NT
2007-08-23 14:01:00 0 d-------- C:\Program Files\Online Services
2007-08-23 14:00:59 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-23 14:00:55 0 d-------- C:\Program Files\Movie Maker
2007-08-23 14:00:55 0 d-------- C:\Program Files\microsoft frontpage
2007-08-23 14:00:55 0 d-------- C:\Program Files\Messenger
2007-08-23 14:00:53 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-08-23 14:00:53 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-23 14:00:53 0 d-------- C:\Program Files\Common Files\MSSoap
2007-08-23 14:00:52 0 dr------- C:\Program Files
2007-08-23 14:00:52 0 d-------- C:\Program Files\Common Files
2007-08-23 14:00:51 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-08-23 14:00:51 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-08-23 14:00:51 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-08-23 14:00:51 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-08-23 14:00:51 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-08-23 14:00:51 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-08-23 14:00:50 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-08-23 14:00:50 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-08-23 14:00:50 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-08-23 14:00:50 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-08-23 14:00:50 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-08-23 14:00:50 0 dr-h----- C:\Documents and Settings\Default User\Recent
2007-08-23 14:00:50 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-08-23 14:00:50 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-08-23 14:00:50 0 dr------- C:\Documents and Settings\Default User\My Documents
2007-08-23 14:00:49 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2007-08-23 14:00:49 0 dr------- C:\Documents and Settings\Default User\Favorites
2007-08-23 14:00:49 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-08-23 14:00:49 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2007-08-23 14:00:49 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-08-23 14:00:49 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-08-23 14:00:49 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-08-23 14:00:48 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-08-23 14:00:48 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-08-23 14:00:48 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-08-23 14:00:47 0 dr------- C:\Documents and Settings\All Users\Documents
2007-08-23 14:00:47 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-08-23 14:00:47 0 d-------- C:\Documents and Settings\All Users\Application Data\SBSI
2007-08-23 14:00:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-08-23 14:00:46 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-08-23 14:00:46 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-23 14:00:46 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-23 14:00:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-23 14:00:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-23 14:00:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-23 14:00:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-23 14:00:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-08-23 14:00:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-23 14:00:44 0 d-------- C:\Documents and Settings
2007-08-23 14:00:44 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-08-23 14:00:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-23 14:00:44 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-23 14:00:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-23 14:00:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-23 14:00:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-08-23 13:59:32 0 d-------- C:\I386


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACWLIcon "= "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [02/19/2007 04:02 PM]
"ACTray "= "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [02/19/2007 04:10 PM]
"TVT Scheduler Proxy "= "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [07/10/2007 04:16 PM]
"TpShocks "= "TpShocks.exe" [03/15/2006 07:04 PM C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPHELPER "= "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [06/02/2006 10:00 PM]
"TPHOTKEY "= "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [07/24/2006 06:19 PM]
"TP4EX "= "tp4ex.exe" [10/17/2005 01:11 AM C:\WINDOWS\system32\TP4EX.exe]
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/13/2006 10:17 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/13/2006 10:16 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/19/2005 05:11 PM]
"SoundMAX "= "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 03:06 PM]
"PWRMGRTR "= "C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [05/25/2006 09:13 AM]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [03/15/2006 04:07 PM]
"PDService.exe "= "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [03/13/2006 04:38 PM]
"LPManager "= "C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [07/04/2006 09:11 AM]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [07/24/2006 11:21 PM]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [07/24/2006 11:21 PM]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [07/24/2006 11:17 PM]
"EZEJMNAP "= "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [02/23/2006 10:22 AM]
"DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 05:20 AM]
"DiskeeperSystray "= "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 04:24 PM]
"cssauth "= "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [07/14/2006 06:13 PM]
"BLOG "= "C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [05/25/2006 09:13 AM]
"AwaySch "= "C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [08/16/2006 10:07 AM]
"AMSG "= "C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [11/13/2005 11:23 PM]
"BigDogPath323 "= "Bigdog.exe" [08/08/2006 12:02 AM C:\WINDOWS\Bigdog.exe]
"LenovoTray "= "LenovoTray.exe" [04/20/2007 03:32 AM C:\WINDOWS\LenovoTray.exe]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]
"WinAVX "= "C:\WINDOWS\system32\WinAvXX.exe" [09/08/2007 08:10 AM]
"DoNotDelete "= "C:\WINDOWS\system32\explore.exe" []
"vptray "= "C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [02/12/2004 12:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/27/2007 04:19 PM]
"WinAVX "= "C:\WINDOWS\system32\WinAvXX.exe" [09/08/2007 08:10 AM]
"DoNotDelete "= "C:\WINDOWS\system32\explore.exe" []
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]

C:\Documents and Settings\Ray\Start Menu\Programs\Startup\
system.exe [9/8/2007 8:10:55 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
autorun.exe [9/8/2007 8:10:55 AM]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [5/31/2006 2:51:02 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/23/2007 2:20:53 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=1 (0x1)
"DisableTaskMgr "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell "= "Explorer.exe C:\WINDOWS\system32\printer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 02/19/2007 04:03 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 08/16/2006 10:07 AM 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/05/2005 07:45 AM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 11/30/2005 04:16 AM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\WINDOWS\system32\systems.txt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2634276-6076-11dc-b3d6-001a6b6b983b}]
AutoRun\command- E:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 ar.atwola.com
192.168.200.3 atdmt.com
192.168.200.3 avp.ch
192.168.200.3 avp.com
192.168.200.3 avp.ru
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net

92 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-09-15 22:04:21 ------------

 

Highlight and copy the bolded command below to start Deckards System Scanner file association repair tool.

"%userprofile%\desktop\dss.exe" /daft

Click Start>Run then paste the command and hit enter. Click OK on the popup then Scan. Check the box(es) for cpl then click Fix.

Quite a few nasties still hanging around. Download ComboFix by sUBs from here, saving the file to your Desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

dave;
I'm not able to download combofix. page is not available. Do you know if the website is up?
I did run the scan and checked cpl files though.

 

The ComboFix link was broken. Try again now.

 

Dear Dave;
Here's the log. My control panel has come back after I ran combofix.
I will post hijack this logs in my next post.


ComboFix 07-09-14.2 - "Ray" 2007-09-15 22:43:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1292 [GMT -7:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\autorun.exe
C:\DOCUME~1\Ray\STARTM~1\Programs\Startup\system.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))))
.

2007-09-15 22:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-15 22:01 <DIR> d-------- C:\Deckard
2007-09-13 07:40 <DIR> d-------- C:\Program Files\Symantec_Client_Security
2007-09-13 07:14 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-13 06:16 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-09-13 06:16 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-09-13 06:16 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-09-13 06:16 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-09-13 06:16 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-09-12 06:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-12 06:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-12 06:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-12 06:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-11 10:26 356 --a------ C:\regis.reg
2007-09-11 07:52 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\U3
2007-09-03 23:11 <DIR> d-------- C:\Program Files\iTunes
2007-09-03 23:11 <DIR> d-------- C:\Program Files\iPod
2007-09-03 23:11 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\Apple Computer
2007-09-03 23:10 <DIR> d-------- C:\Program Files\QuickTime
2007-09-03 23:10 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-03 23:10 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-03 23:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-03 23:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-03 22:29 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\AdobeUM
2007-09-03 22:13 86,016 -r------- C:\WINDOWS\Bigdog.exe
2007-09-03 22:13 81,920 -r------- C:\WINDOWS\VMCap325.exe
2007-09-03 22:13 49,152 -r------- C:\WINDOWS\system32\drivers\InstFlt.exe
2007-09-03 22:13 45,056 -r------- C:\WINDOWS\system32\drivers\UnInstFlt.exe
2007-09-03 22:13 40,960 -r------- C:\WINDOWS\system32\drivers\SetupVmAduFlt.exe
2007-09-03 22:13 393,216 -r------- C:\WINDOWS\LenovoTray.exe
2007-09-03 22:13 385,100 -r------- C:\WINDOWS\system32\MSVCRTD.DLL
2007-09-03 22:13 257,280 -r------- C:\WINDOWS\system32\drivers\vmaudioflt.sys
2007-09-03 22:13 226,944 -r------- C:\WINDOWS\system32\drivers\vmaudioflt_spkout.sys
2007-09-03 22:13 <DIR> d-------- C:\Program Files\Vimicro Corporation
2007-09-03 22:12 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\InstallShield
2007-09-03 22:11 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-09-03 22:11 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-09-03 22:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-03 22:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-09-03 02:51 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\Yahoo!
2007-09-03 02:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-03 02:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-09-03 02:47 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-02 05:55 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\InterVideo
2007-08-31 06:21 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-29 07:38 <DIR> d-------- C:\WINDOWS\pss
2007-08-29 07:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-29 06:32 44,224 -ra------ C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2007-08-29 06:30 <DIR> d-------- C:\Netgear
2007-08-28 06:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-28 06:03 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\Bluetooth Software
2007-08-28 06:03 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\ThinkVantage
2007-08-28 06:03 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Symantec
2007-08-28 06:03 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Lenovo
2007-08-28 06:03 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-08-28 06:03 <DIR> d-------- C:\DOCUME~1\Ray\Bluetooth Software
2007-08-28 06:03 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\ThinkVantage
2007-08-28 06:03 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\Symantec
2007-08-28 06:03 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\Lenovo
2007-08-28 06:02 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Bluetooth Software
2007-08-23 13:59 <DIR> d-------- C:\I386

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 07:40 --------- d-------- C:\Program Files\Symantec
2007-09-13 07:40 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-13 07:32 --------- d-------- C:\Program Files\Symantec Client Security
2007-09-13 07:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-13 06:41 --------- d-------- C:\Program Files\Lenovo
2007-09-09 03:36 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS
2007-09-03 22:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-28 06:03 50 --a------ C:\WINDOWS\system32\drivers\LENOVO_1953_CTO.MRK
2007-08-23 14:50 --------- d-------- C:\Program Files\Microsoft Small Business
2007-08-23 14:49 --------- d-------- C:\Program Files\Microsoft SQL Server
2007-08-23 14:46 --------- d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-08-23 14:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2007-08-23 14:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-23 14:44 --------- d-------- C:\Program Files\Microsoft.NET
2007-08-23 14:44 --------- d-------- C:\Program Files\Microsoft Works
2007-08-23 14:41 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lenovo
2007-08-23 14:41 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ThinkVantage
2007-08-23 14:41 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lenovo
2007-08-23 14:36 --------- d-------- C:\Program Files\Common Files\Lenovo
2007-08-23 14:35 23552 --a------ C:\WINDOWS\system32\drivers\psasrv.exe
2007-08-23 14:35 --------- d-------- C:\Program Files\TVT SMBus
2007-08-23 14:35 --------- d-------- C:\Program Files\SMI2
2007-08-23 14:34 7012 --a------ C:\WINDOWS\system32\drivers\pmemnt.sys
2007-08-23 14:34 --------- d-------- C:\Program Files\ThinkPad
2007-08-23 14:34 --------- d-------- C:\Program Files\Picasa2
2007-08-23 14:34 --------- d-------- C:\Program Files\Diskeeper Corporation
2007-08-23 14:29 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-08-23 14:28 --------- d-------- C:\Program Files\PCDR5
2007-08-23 14:27 --------- d-------- C:\Program Files\Sonic Icons for Lenovo
2007-08-23 14:27 --------- d-------- C:\Program Files\Sonic
2007-08-23 14:27 --------- d-------- C:\Program Files\Multimedia Center for Think Offerings
2007-08-23 14:27 --------- d-------- C:\Program Files\Common Files\SureThing Shared
2007-08-23 14:27 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-23 14:27 --------- d-------- C:\Program Files\Common Files\Installshield
2007-08-23 14:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-08-23 14:26 --------- d-------- C:\Program Files\InterVideo
2007-08-23 14:26 --------- d-------- C:\Program Files\Common Files\InterVideo
2007-08-23 14:25 --------- d-------- C:\Program Files\ThinkVantage
2007-08-23 14:22 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Intel
2007-08-23 14:21 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Intel
2007-08-23 14:20 --------- d-------- C:\Program Files\NetWaiting
2007-08-23 14:20 --------- d-------- C:\Program Files\Digital Line Detect
2007-08-23 14:20 --------- d-------- C:\Program Files\CONEXANT
2007-08-23 14:20 --------- d-------- C:\Program Files\Analog Devices
2007-08-23 14:19 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-08-23 14:19 0 -rah----- C:\WINDOWS\system32\drivers\IBM_1953_CTO_TP.MRK
2007-08-23 14:19 --------- d-------- C:\WINDOWS\system32\config\SYSTEM~1\APPLIC~1\Intel
2007-08-23 14:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
2007-08-23 14:18 --------- d-------- C:\Program Files\Synaptics
2007-08-23 14:18 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-23 14:18 --------- d-------- C:\Program Files\Intel
2007-08-23 14:14 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-23 14:00 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-23 14:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 07:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 07:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 07:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 07:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 07:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 07:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 07:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 07:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 07:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 07:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 07:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 07:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 07:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 01:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 01:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 01:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 00:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACWLIcon "= "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-02-19 16:02]
"ACTray "= "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-02-19 16:10]
"TVT Scheduler Proxy "= "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-07-10 16:16]
"TpShocks "= "TpShocks.exe" [2006-03-15 19:04 C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPHELPER "= "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 22:00]
"TPHOTKEY "= "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-24 18:19]
"TP4EX "= "tp4ex.exe" [2005-10-17 01:11 C:\WINDOWS\system32\TP4EX.exe]
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-13 22:17]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-13 22:16]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 17:11]
"SoundMAX "= "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06]
"PWRMGRTR "= "C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 09:13]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 16:07]
"PDService.exe "= "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 16:38]
"LPManager "= "C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 09:11]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2006-07-24 23:21]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2006-07-24 23:21]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2006-07-24 23:17]
"EZEJMNAP "= "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 10:22]
"DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20]
"DiskeeperSystray "= "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24]
"cssauth "= "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 18:13]
"BLOG "= "C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 09:13]
"AwaySch "= "C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 10:07]
"AMSG "= "C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-13 23:23]
"BigDogPath323 "= "Bigdog.exe" [2006-08-08 00:02 C:\WINDOWS\Bigdog.exe]
"LenovoTray "= "LenovoTray.exe" [2007-04-20 03:32 C:\WINDOWS\LenovoTray.exe]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"vptray "= "C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [2004-02-12 12:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-27 16:19]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2006-05-31 14:51:02]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-23 14:20:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-08-16 10:07 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 07:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 04:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli ACGina

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R2 PrivateDisk;PrivateDisk;\??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
R2 smi2;smi2;\??\C:\Program Files\SMI2\smi2.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 atmeltpm;atmeltpm;C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
S3 SQLWriter;SQL Server VSS Writer; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "
S3 vmfilter323;325 Primax filter service name;C:\WINDOWS\system32\drivers\vmfilter323.sys
S3 ZSMC326;Lenovo USB Webcam;C:\WINDOWS\system32\Drivers\usbvm323.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2634276-6076-11dc-b3d6-001a6b6b983b}]
AutoRun\command- E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-09-16 05:27:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-09-16 05:46:25 C:\WINDOWS\Tasks\PMTask.job "
"2007-08-28 13:00:52 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 22:46:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-15 22:47:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-15 22:47
.
--- E O F ---

 

Dave;
Here's Main.txt log after running combofix:

Deckard's System Scanner v20070905.67
Run by Ray on 2007-09-15 22:56:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-15 22:57:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\Bigdog.exe
C:\WINDOWS\LenovoTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ray\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TpShocks] TpShocks.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKEY_LOCAL_MACHINE\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TP4EX] tp4ex.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKEY_LOCAL_MACHINE\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKEY_LOCAL_MACHINE\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe "
O4 - HKEY_LOCAL_MACHINE\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
O4 - HKEY_LOCAL_MACHINE\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKEY_LOCAL_MACHINE\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKEY_LOCAL_MACHINE\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [BigDogPath323] Bigdog.exe Lenovo USB WebCam(Video)
O4 - HKEY_LOCAL_MACHINE\..\Run: [LenovoTray] LenovoTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKEY_LOCAL_MACHINE\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1189318869671
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ACNotify - C:\WINDOWS\system32\ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\system32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\system32\tphklock.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe "
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - "C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe "
O23 - Service: TVT Scheduler - Lenovo Group Limited - "C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe "
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

 

Dave:
Here's the rest of the main.txt file:


-- Files created between 2007-08-15 and 2007-09-15 -----------------------------

2007-09-13 07:40:26 0 d-------- C:\Program Files\Symantec_Client_Security
2007-09-13 07:30:50 0 d-------- C:\WINDOWS\system32\appmgmt
2007-09-13 07:14:03 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-09-12 06:16:36 0 d-------- C:\Program Files\Lavasoft
2007-09-12 06:16:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-12 06:15:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-11 10:26:06 356 --a------ C:\regis.reg
2007-09-11 07:52:47 0 d-------- C:\Documents and Settings\Ray\Application Data\U3
2007-09-08 08:10:34 0 d-------- C:\WINDOWS\Sun
2007-09-03 23:11:41 0 d-------- C:\Documents and Settings\Ray\Application Data\Apple Computer
2007-09-03 23:11:30 0 d-------- C:\Program Files\iPod
2007-09-03 23:11:27 0 d-------- C:\Program Files\iTunes
2007-09-03 23:10:59 0 d-------- C:\Program Files\QuickTime
2007-09-03 23:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-03 23:10:48 0 d-------- C:\Program Files\Apple Software Update
2007-09-03 23:10:34 0 d-------- C:\Program Files\Common Files\Apple
2007-09-03 23:10:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-03 22:29:21 0 d-------- C:\Documents and Settings\Ray\Application Data\AdobeUM
2007-09-03 22:28:36 0 d-------- C:\Documents and Settings\Ray\Application Data\Adobe
2007-09-03 22:25:53 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-03 22:25:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-03 22:18:41 0 d-------- C:\WINDOWS\EffectResources
2007-09-03 22:13:22 0 d-------- C:\Program Files\Vimicro Corporation
2007-09-03 22:13:09 226944 -r------- C:\WINDOWS\system32\drivers\vmaudioflt_spkout.sys <Not Verified; Vimicro Corporation; Filter for Audio>
2007-09-03 22:13:09 257280 -r------- C:\WINDOWS\system32\drivers\vmaudioflt.sys <Not Verified; Vimicro Corporation; USB Microphone In>
2007-09-03 22:13:09 45056 -r------- C:\WINDOWS\system32\drivers\UnInstFlt.exe
2007-09-03 22:13:09 40960 -r------- C:\WINDOWS\system32\drivers\SetupVmAduFlt.exe
2007-09-03 22:13:09 49152 -r------- C:\WINDOWS\system32\drivers\InstFlt.exe
2007-09-03 22:13:06 81920 -r------- C:\WINDOWS\VMCap325.exe
2007-09-03 22:13:06 393216 -r------- C:\WINDOWS\LenovoTray.exe <Not Verified; Lenovo; System tray icon Application>
2007-09-03 22:13:06 86016 -r------- C:\WINDOWS\Bigdog.exe
2007-09-03 22:12:34 0 d-------- C:\Documents and Settings\Ray\Application Data\InstallShield
2007-09-03 02:51:20 0 d-------- C:\Documents and Settings\Ray\Application Data\Yahoo!
2007-09-03 02:51:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-09-03 02:49:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-03 02:47:52 0 d-------- C:\Program Files\Yahoo!
2007-09-02 05:55:22 0 d-------- C:\Documents and Settings\Ray\Application Data\InterVideo
2007-09-01 23:55:48 0 d-------- C:\Documents and Settings\Ray\Application Data\Sun
2007-08-31 06:21:48 0 d-------- C:\Program Files\MSXML 6.0
2007-08-29 11:21:11 0 d-------- C:\WINDOWS\system32\PreInstall
2007-08-29 07:38:05 0 d-------- C:\WINDOWS\pss
2007-08-29 07:27:03 0 d-------- C:\WINDOWS\system32\LogFiles
2007-08-29 06:32:05 44224 -ra------ C:\WINDOWS\system32\drivers\BVRPMPR5.SYS <Not Verified; BVRP Software; BVRPNDIS Rawether for Windows>
2007-08-29 06:30:28 0 d-------- C:\Netgear
2007-08-29 06:17:48 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-29 06:17:48 0 d-------- C:\Documents and Settings\Ray\Application Data\Macromedia
2007-08-28 06:03:24 0 d-------- C:\Program Files\Windows Live Toolbar
2007-08-28 06:03:16 0 d--h----- C:\Documents and Settings\Ray\Templates
2007-08-28 06:03:16 0 dr------- C:\Documents and Settings\Ray\Start Menu
2007-08-28 06:03:16 0 dr-h----- C:\Documents and Settings\Ray\SendTo
2007-08-28 06:03:16 0 dr-h----- C:\Documents and Settings\Ray\Recent
2007-08-28 06:03:16 0 d--h----- C:\Documents and Settings\Ray\PrintHood
2007-08-28 06:03:16 2359296 --ah----- C:\Documents and Settings\Ray\NTUSER.DAT
2007-08-28 06:03:16 0 d--h----- C:\Documents and Settings\Ray\NetHood
2007-08-28 06:03:16 0 dr------- C:\Documents and Settings\Ray\My Documents
2007-08-28 06:03:16 0 d--h----- C:\Documents and Settings\Ray\Local Settings
2007-08-28 06:03:16 0 dr------- C:\Documents and Settings\Ray\Favorites
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Desktop
2007-08-28 06:03:16 0 d--hs---- C:\Documents and Settings\Ray\Cookies
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Bluetooth Software
2007-08-28 06:03:16 0 dr-h----- C:\Documents and Settings\Ray\Application Data
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Application Data\ThinkVantage
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Application Data\Symantec
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Application Data\Lenovo
2007-08-28 06:03:16 0 d-------- C:\Documents and Settings\Ray\Application Data\Identities
2007-08-28 06:03:00 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Bluetooth Software
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Application Data\ThinkVantage
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Application Data\Lenovo
2007-08-28 06:02:53 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2007-08-23 14:50:54 0 d-------- C:\Program Files\Microsoft Small Business
2007-08-23 14:48:27 0 d-------- C:\Program Files\Microsoft SQL Server
2007-08-23 14:46:00 0 d-------- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2007-08-23 14:45:57 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-08-23 14:44:56 0 d-------- C:\Program Files\Microsoft Works
2007-08-23 14:44:21 0 d-------- C:\Program Files\Microsoft.NET
2007-08-23 14:42:52 0 d-------- C:\WINDOWS\SHELLNEW
2007-08-23 14:42:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-08-23 14:42:20 0 dr-h----- C:\MSOCache
2007-08-23 14:41:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
2007-08-23 14:41:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lenovo
2007-08-23 14:38:02 0 dr-hs---- C:\RRbackups
2007-08-23 14:35:14 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
2007-08-23 14:35:08 0 d-------- C:\Program Files\SMI2
2007-08-23 14:35:06 0 d-------- C:\Program Files\TVT SMBus
2007-08-23 14:35:03 0 d-------- C:\SWSHARE
2007-08-23 14:35:00 23552 --a------ C:\WINDOWS\system32\drivers\psasrv.exe
2007-08-23 14:35:00 7012 --a------ C:\WINDOWS\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-08-23 14:34:38 0 d-------- C:\Program Files\Picasa2
2007-08-23 14:34:32 6016 --a------ C:\WINDOWS\system32\drivers\IBMBLDID.sys
2007-08-23 14:34:32 11520 --a------ C:\WINDOWS\system32\drivers\ANC.sys <Not Verified; IBM Corp.; IBM Access Connections>
2007-08-23 14:34:21 0 d-------- C:\Program Files\Diskeeper Corporation
2007-08-23 14:34:14 0 d-------- C:\WINDOWS\Downloaded Installations
2007-08-23 14:34:01 114688 --a------ C:\WINDOWS\desktopset.exe
2007-08-23 14:30:19 40 --a------ C:\WINDOWS\system32\profile.dat
2007-08-23 14:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-08-23 14:29:30 0 d-------- C:\Program Files\Symantec
2007-08-23 14:29:23 0 d-------- C:\Program Files\Symantec Client Security
2007-08-23 14:29:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-23 14:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-23 14:28:34 0 d-------- C:\Program Files\PCDR5
2007-08-23 14:27:59 0 d-------- C:\Program Files\Common Files\Lenovo
2007-08-23 14:27:45 0 d-------- C:\Program Files\Sonic Icons for Lenovo
2007-08-23 14:27:43 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-08-23 14:27:40 0 d-------- C:\Program Files\Sonic
2007-08-23 14:27:40 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-08-23 14:27:38 0 d-------- C:\WINDOWS\system32\DLA
2007-08-23 14:27:37 0 d-------- C:\Program Files\Multimedia Center for Think Offerings
2007-08-23 14:27:17 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-23 14:26:44 21060 --a------ C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2007-08-23 14:26:24 0 d-------- C:\Program Files\Common Files\InterVideo
2007-08-23 14:26:09 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-08-23 14:26:09 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-08-23 14:26:09 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-08-23 14:26:09 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-08-23 14:26:09 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-08-23 14:26:09 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-08-23 14:26:05 0 d-------- C:\Program Files\InterVideo
2007-08-23 14:25:43 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-08-23 14:25:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lenovo
2007-08-23 14:25:08 0 d-------- C:\Program Files\Java
2007-08-23 14:25:07 0 d-------- C:\Program Files\Common Files\Java
2007-08-23 14:24:50 917504 --a------ C:\WINDOWS\system32\ahlprun.exe <Not Verified; LENOVO; AHLPRUN>
2007-08-23 14:24:50 0 d-------- C:\Icons
2007-08-23 14:24:33 0 d-------- C:\Program Files\ThinkVantage
2007-08-23 14:22:38 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-08-23 14:21:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2007-08-23 14:20:53 0 d-------- C:\Program Files\Digital Line Detect
2007-08-23 14:20:52 0 d-------- C:\Program Files\NetWaiting
2007-08-23 14:20:47 0 d-------- C:\Program Files\CONEXANT
2007-08-23 14:20:28 53248 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-08-23 14:20:28 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-08-23 14:20:28 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-08-23 14:20:28 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-08-23 14:20:18 40960 --a------ C:\WINDOWS\system32\TP4HOOK.dll <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>
2007-08-23 14:20:18 65536 --a------ C:\WINDOWS\system32\TP4EX.exe <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>
2007-08-23 14:20:18 40960 --a------ C:\WINDOWS\system32\tp4cross.exe <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>
2007-08-23 14:20:18 45056 --a------ C:\WINDOWS\system32\FPCALL.dll
2007-08-23 14:20:10 0 d-------- C:\Documents and Settings\Administrator\Bluetooth Software
2007-08-23 14:19:27 7168 --a------ C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2007-08-23 14:19:23 0 d-------- C:\Program Files\Lenovo
2007-08-23 14:19:19 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
2007-08-23 14:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-08-23 14:18:52 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-08-23 14:18:51 0 d-------- C:\Program Files\Intel
2007-08-23 14:18:37 106496 --a------ C:\WINDOWS\system32\TpShocks.exe <Not Verified; Lenovo, Ltd. and IBM Corporation.; n/a TpShocks>
2007-08-23 14:18:37 479232 --a------ C:\WINDOWS\system32\TpShCPL.dll <Not Verified; IBM Corp.; n/a TpShCPL>
2007-08-23 14:18:37 24576 --a------ C:\WINDOWS\system32\TpPenMon.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System - Pen Activity Monitor>
2007-08-23 14:18:37 24576 --a------ C:\WINDOWS\system32\TpPenMon.dll <Not Verified; Lenovo.; ThinkVantage Active Protection System - Pen Monitor Module>
2007-08-23 14:18:37 77824 --a------ C:\WINDOWS\system32\TPHDEXLG.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
2007-08-23 14:18:37 61440 --a------ C:\WINDOWS\system32\Sensor.dll <Not Verified; Lenovo.; ThinkVantage Active Protection System>
2007-08-23 14:18:37 88576 --a------ C:\WINDOWS\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
2007-08-23 14:18:37 4736 --a------ C:\WINDOWS\system32\drivers\ShockMgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
2007-08-23 14:18:36 32768 --a------ C:\WINDOWS\system32\TpKmpSvc.exe
2007-08-23 14:18:27 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-08-23 14:18:25 0 d-------- C:\Program Files\Synaptics
2007-08-23 14:18:18 4442 --a------ C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-08-23 14:18:18 16384 --a------ C:\WINDOWS\PWMBTHLP.EXE
2007-08-23 14:18:09 9343 --a------ C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2007-08-23 14:18:09 14848 --a------ C:\WINDOWS\system32\drivers\SMAPINT.SYS <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-08-23 14:18:09 0 d-------- C:\Program Files\ThinkPad
2007-08-23 14:18:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 14:18:06 0 d-------- C:\Program Files\MSXML 4.0
2007-08-23 14:16:27 0 d-------- C:\Program Files\Common Files\Installshield
2007-08-23 14:15:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-08-23 14:14:43 0 d-------- C:\Program Files\Windows Media Connect 2
2007-08-23 14:12:27 0 d-------- C:\WINDOWS\RegisteredPackages
2007-08-23 14:11:28 0 d-------- C:\Program Files\Analog Devices
2007-08-23 14:09:32 0 d-a------ C:\drivers
2007-08-23 14:03:38 0 d-------- C:\SWTOOLS
2007-08-23 14:03:25 0 d-------- C:\WINDOWS\WinSxS
2007-08-23 14:03:25 0 dr------- C:\WINDOWS\Web
2007-08-23 14:03:25 0 d-------- C:\WINDOWS\twain_32
2007-08-23 14:03:25 0 d---s---- C:\WINDOWS\Tasks
2007-08-23 14:03:24 0 d-------- C:\WINDOWS\system32\xircom
2007-08-23 14:03:21 0 d-------- C:\WINDOWS\system32\wins
2007-08-23 14:03:17 0 d-------- C:\WINDOWS\system32\wbem
2007-08-23 14:03:15 0 d-------- C:\WINDOWS\system32\usmt
2007-08-23 14:03:15 0 d-------- C:\WINDOWS\system32\URTTemp
2007-08-23 14:03:13 0 d-------- C:\WINDOWS\system32\spool
2007-08-23 14:03:12 0 d-------- C:\WINDOWS\system32\ShellExt
2007-08-23 14:03:12 0 d-------- C:\WINDOWS\system32\Setup
2007-08-23 14:03:10 0 d-------- C:\WINDOWS\system32\Restore
2007-08-23 14:03:09 0 d-------- C:\WINDOWS\system32\ras
2007-08-23 14:03:04 0 d-a------ C:\WINDOWS\system32\oobe
2007-08-23 14:03:01 0 d-------- C:\WINDOWS\system32\npp
2007-08-23 14:02:57 0 d-------- C:\WINDOWS\system32\mui
2007-08-23 14:02:54 0 d-------- C:\WINDOWS\system32\MsDtc
2007-08-23 14:02:53 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-08-23 14:02:53 0 d-------- C:\WINDOWS\system32\Macromed
2007-08-23 14:02:51 0 d-------- C:\WINDOWS\system32\inetsrv
2007-08-23 14:02:50 0 d-------- C:\WINDOWS\system32\IME
2007-08-23 14:02:50 0 d-------- C:\WINDOWS\system32\icsxml
2007-08-23 14:02:50 0 d-------- C:\WINDOWS\system32\ias
2007-08-23 14:02:49 0 d-------- C:\WINDOWS\system32\export
2007-08-23 14:02:46 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-08-23 14:02:45 0 d-------- C:\WINDOWS\system32\drivers
2007-08-23 14:02:45 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-08-23 14:02:44 0 d-ahs---- C:\WINDOWS\system32\dllcache
2007-08-23 14:02:42 0 d-------- C:\WINDOWS\system32\DirectX
2007-08-23 14:02:41 0 d-------- C:\WINDOWS\system32\dhcp
2007-08-23 14:02:38 0 d-------- C:\WINDOWS\system32\config
2007-08-23 14:02:37 0 d-------- C:\WINDOWS\system32\Com
2007-08-23 14:02:36 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-08-23 14:02:35 0 d-------- C:\WINDOWS\system32\CatRoot
2007-08-23 14:02:34 0 d-a------ C:\WINDOWS\system32
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\3076
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\2052
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1054
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1042
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1041
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1037
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1033
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1031
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1028
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system32\1025
2007-08-23 14:02:34 0 d-------- C:\WINDOWS\system
2007-08-23 14:02:33 0 d-------- C:\WINDOWS\srchasst
2007-08-23 14:02:32 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-08-23 14:02:32 0 d-------- C:\WINDOWS\security
2007-08-23 14:02:32 0 d-------- C:\WINDOWS\Resources
2007-08-23 14:02:31 0 d-------- C:\WINDOWS\repair
2007-08-23 14:02:31 0 d-------- C:\WINDOWS\Registration
2007-08-23 14:02:31 0 d-------- C:\WINDOWS\Provisioning
2007-08-23 14:02:30 0 d-------- C:\WINDOWS\Prefetch
2007-08-23 14:02:30 0 d-------- C:\WINDOWS\PeerNet
2007-08-23 14:02:12 0 d-------- C:\WINDOWS\pchealth
2007-08-23 14:02:12 0 dr------- C:\WINDOWS\Offline Web Pages
2007-08-23 14:02:12 0 d-------- C:\WINDOWS\mui
2007-08-23 14:02:12 0 d-------- C:\WINDOWS\msapps
2007-08-23 14:02:12 0 d-------- C:\WINDOWS\msagent
2007-08-23 14:02:07 0 d-------- C:\WINDOWS\Media
2007-08-23 14:02:04 0 d-------- C:\WINDOWS\java
2007-08-23 14:02:01 0 d--hs---- C:\WINDOWS\Installer
2007-08-23 14:01:56 0 d--h----- C:\WINDOWS\inf
2007-08-23 14:01:56 0 d-------- C:\WINDOWS\ime
2007-08-23 14:01:34 0 d-------- C:\WINDOWS\Help
2007-08-23 14:01:32 0 dr--s---- C:\WINDOWS\Fonts
2007-08-23 14:01:32 0 d-------- C:\WINDOWS\ehome
2007-08-23 14:01:23 0 d-------- C:\WINDOWS\Driver Cache
2007-08-23 14:01:23 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-08-23 14:01:23 0 d-------- C:\WINDOWS\Debug
2007-08-23 14:01:22 0 d-------- C:\WINDOWS\Cursors
2007-08-23 14:01:22 0 d-------- C:\WINDOWS\Connection Wizard
2007-08-23 14:01:22 0 d-------- C:\WINDOWS\Config
2007-08-23 14:01:18 0 d-------- C:\WINDOWS\AppPatch
2007-08-23 14:01:18 0 d-------- C:\WINDOWS\addins
2007-08-23 14:01:04 0 d-a------ C:\WINDOWS
2007-08-23 14:01:04 0 d--h----- C:\WINDOWS\$hf_mig$
2007-08-23 14:01:03 0 d-a------ C:\VALUEADD
2007-08-23 14:01:03 0 d--hs---- C:\System Volume Information
2007-08-23 14:01:02 0 d-a------ C:\SUPPORT
2007-08-23 14:01:02 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-23 14:01:00 0 d-------- C:\Program Files\Windows NT
2007-08-23 14:01:00 0 d-------- C:\Program Files\Online Services
2007-08-23 14:00:59 0 d-------- C:\Program Files\MSN Gaming Zone
2007-08-23 14:00:55 0 d-------- C:\Program Files\Movie Maker
2007-08-23 14:00:55 0 d-------- C:\Program Files\microsoft frontpage
2007-08-23 14:00:55 0 d-------- C:\Program Files\Messenger
2007-08-23 14:00:53 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-08-23 14:00:53 0 d-------- C:\Program Files\Common Files\ODBC
2007-08-23 14:00:53 0 d-------- C:\Program Files\Common Files\MSSoap
2007-08-23 14:00:52 0 dr------- C:\Program Files
2007-08-23 14:00:52 0 d-------- C:\Program Files\Common Files
2007-08-23 14:00:51 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-08-23 14:00:51 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-08-23 14:00:51 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-08-23 14:00:51 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-08-23 14:00:51 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-08-23 14:00:51 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-08-23 14:00:50 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-08-23 14:00:50 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-08-23 14:00:50 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-08-23 14:00:50 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-08-23 14:00:50 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-08-23 14:00:50 0 dr-h----- C:\Documents and Settings\Default User\Recent
2007-08-23 14:00:50 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-08-23 14:00:50 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-08-23 14:00:50 0 dr------- C:\Documents and Settings\Default User\My Documents
2007-08-23 14:00:49 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2007-08-23 14:00:49 0 dr------- C:\Documents and Settings\Default User\Favorites
2007-08-23 14:00:49 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-08-23 14:00:49 0 d--hs---- C:\Documents and Settings\Default User\Cookies
2007-08-23 14:00:49 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-08-23 14:00:49 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-08-23 14:00:49 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-08-23 14:00:48 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-08-23 14:00:48 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-08-23 14:00:48 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-08-23 14:00:47 0 dr------- C:\Documents and Settings\All Users\Documents
2007-08-23 14:00:47 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-08-23 14:00:47 0 d-------- C:\Documents and Settings\All Users\Application Data\SBSI
2007-08-23 14:00:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-08-23 14:00:46 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-08-23 14:00:46 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-23 14:00:46 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-23 14:00:45 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-23 14:00:45 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-23 14:00:45 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-23 14:00:45 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-23 14:00:45 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-08-23 14:00:45 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-23 14:00:44 0 d-------- C:\Documents and Settings
2007-08-23 14:00:44 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-08-23 14:00:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-23 14:00:44 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-23 14:00:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-23 14:00:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-23 14:00:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-08-23 13:59:32 0 d-------- C:\I386


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACWLIcon "= "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [02/19/2007 04:02 PM]
"ACTray "= "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [02/19/2007 04:10 PM]
"TVT Scheduler Proxy "= "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [07/10/2007 04:16 PM]
"TpShocks "= "TpShocks.exe" [03/15/2006 07:04 PM C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPHELPER "= "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [06/02/2006 10:00 PM]
"TPHOTKEY "= "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [07/24/2006 06:19 PM]
"TP4EX "= "tp4ex.exe" [10/17/2005 01:11 AM C:\WINDOWS\system32\TP4EX.exe]
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/13/2006 10:17 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/13/2006 10:16 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/19/2005 05:11 PM]
"SoundMAX "= "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 03:06 PM]
"PWRMGRTR "= "C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [05/25/2006 09:13 AM]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [03/15/2006 04:07 PM]
"PDService.exe "= "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [03/13/2006 04:38 PM]
"LPManager "= "C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [07/04/2006 09:11 AM]
"ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [07/24/2006 11:21 PM]
"igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [07/24/2006 11:21 PM]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [07/24/2006 11:17 PM]
"EZEJMNAP "= "C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [02/23/2006 10:22 AM]
"DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 05:20 AM]
"DiskeeperSystray "= "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 04:24 PM]
"cssauth "= "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [07/14/2006 06:13 PM]
"BLOG "= "C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [05/25/2006 09:13 AM]
"AwaySch "= "C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [08/16/2006 10:07 AM]
"AMSG "= "C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [11/13/2005 11:23 PM]
"BigDogPath323 "= "Bigdog.exe" [08/08/2006 12:02 AM C:\WINDOWS\Bigdog.exe]
"LenovoTray "= "LenovoTray.exe" [04/20/2007 03:32 AM C:\WINDOWS\LenovoTray.exe]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [08/15/2007 08:15 PM]
"vptray "= "C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe" [02/12/2004 12:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/27/2007 04:19 PM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [5/31/2006 2:51:02 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/23/2007 2:20:53 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 02/19/2007 04:03 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 08/16/2006 10:07 AM 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/05/2005 07:45 AM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 11/30/2005 04:16 AM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2634276-6076-11dc-b3d6-001a6b6b983b}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-09-15 22:57:54 ------------

 

Dave;
Thank you very very much for your help. you are a life saver. I appreciate it.
I used to get popups telling me my system is infected and trying to sell me software. After running combofix, I'm not getting that any more. And as I said before control panel is back.
Is combofix a spyware remover program? and can I use it on a regular basis?
If not, what spyware remover would you rcommend. Currently I'm using free version of lavasoft (which really didn't clean my system that good). There is paid version too. Do you recomend getting that or do you recomend any other SW I can buy.

In any case, again thatnks for your help.....

 

Looks good.

Only concern is a registry file.

C:\regis.reg

Right click the file and select Edit to open it with notepad. Can you tell what it's doing? If in doubt, copy the contents and post it here.

 

here's the content:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command]
@= "\ "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome "

 

That reg file is a html file association fix. Safe enough.

ComboFix is a tool written by a fellow malware removal specialist. It's designed to target specific infections and is not intended to be used on a regular basis. It is also updated frequently, so it's not a keeper.

Lets do some cleanup.

Delete all of the following tools we have used, and the files/folders they created.

C:\Deckard
C:\ComboFix
C:\QOOBOX
C:\WINDOWS\nircmd.exe
combofix.exe
dss.exe
all combofix logs


Download ATF Cleaner by Atribune and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot.

Now, lets run an online scan to make sure we haven't overlooked anything.

Do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log here.

 

ok;
here is the log. it found one infection towards the end of the san .

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, September 16, 2007 3:44:06 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 15/09/2007
Kaspersky Anti-Virus database records: 419033
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 55739
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:53:35

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Lenovo\messages\logs\lf000.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_16c.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ray\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ray\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ray\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ray\Local Settings\Temp\~DFE6CA.tmp Object is locked skipped
C:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ray\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ray\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ray\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_38.trc Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP24\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AC8AF954-DCEE-431B-81B0-474F7F289962}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\1.hosts Infected: Trojan.Win32.Qhost.my skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Looks Great!

Delete the following file then empty the recycle bin.

C:\WINDOWS\system32\drivers\etc\1.hosts

If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showpost.php?p=356653&postcount=49

Ad-aware is a good product, and I also recommend using Spybot S&D along with it.

Surf safe!

 

Dave;
I don't know how to thank you. you simply rule.
I thank you for your all day support. appreciate it and take care.

 

You're most welcome. Glad I could help.

 

Just looking back through this topic and realized I forgot about addressing something.

Please download HostsXpert.

1. Unzip HostsXpert.zip to it's own folder.
2. Open the folder and double click on HostsXpert.exe
3. Click Editing in the left pane, then Copy to Clipboard>Copy Hosts File.
4. Open a new reply here and right click>Paste the contents of the clipboard.
5. Submit the reply

 

there you go. thanks....

127.0.0.1 localhost

 

Perfect!

There are many other useful features in the HostsXpert too. It's a keeper.

 

thank you