Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have Some Type Of Spyware/keylogger On Laptop


  • This topic is locked This topic is locked
9 replies to this topic

#1 Ken71

Ken71

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 30 June 2008 - 12:42 AM

My MMO account was compromised last week. I ran and reran many different versions of spyware / antivirus removers, Spybot Search & Destory, Windows Defender, Symantec Antivirus and installed COMODO Firewall and ran their sanner. I also installed Snoopfree privacy shield, Nothing beyond cookie related items were found and removed... So though maybe it was just bruteforced. Then a week later (yesterday) the same MMO account was compromised again so I know for sure I must have something on this machine stealing my passwords... Today, I installed ccleaner and ran that. I reran spybot S&D, Symantec, Windows defender full scans in safe mode, nothing found.

I then tried Doctor Alex spyware remover in safe mode and it seemed to find a Trojan and adware (there was no log file but here is what it said:
Problem Name: Trojan/Adware/BHO/IstBar.e Category: Adware, BHO, Downloader, Hijacker Location:HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\contentmatch.net
Problem Name: Adware/BHO/Toolbar/Mirar Category: Adware, BHO, Toolbar Location: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com
Problem Name: Adware/BHO/Toolbar/Mirar Category: Adware, BHO, Toolbar Location: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mirarsearch.com
Problem Name: Adware/BHO/Toolbar/Mirar Category: Adware, BHO, Toolbar Location: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\getmirar.com

So had it remove and delete the above issues, restarted the computer, ran two more additional scannes one with Doctor Alex again and one with Spyware Terminator, both of which found nothing.

Anyway I hope someone can help confirm if that was the problem and if it is now gone off the computer. Here are both reports generated by DSS along with a report from the last Spyware Terminator scan... THANK YOU FOR YOUR HELP!!!

Deckard's System Scanner v20071014.68
Run by Ken on 2008-06-29 19:05:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Ken.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:12 PM, on 6/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Lotus7\Notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ken\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ken.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: Fly - C:\WINDOWS\SYSTEM32\smart.dll
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus7\Notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 10311 bytes

-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 18:58:43 0 d-------- C:\Program Files\Trend Micro
2008-06-29 16:02:18 0 d-------- C:\Program Files\Crawler
2008-06-29 16:01:56 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-29 16:01:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-29 16:01:55 0 d-------- C:\Documents and Settings\Ken\Application Data\Spyware Terminator
2008-06-29 16:01:53 0 d-------- C:\Program Files\Spyware Terminator
2008-06-29 15:53:23 0 d-------- C:\Program Files\Doctor Alex
2008-06-29 15:50:31 0 dr-h----- C:\Documents and Settings\Ken\Recent
2008-06-29 15:14:20 0 d-------- C:\Program Files\CCleaner
2008-06-28 08:32:27 0 d-------- C:\Program Files\Ventrilo
2008-06-28 08:32:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 15:20:51 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-24 20:00:50 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-24 20:00:46 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-06-24 17:07:44 0 d-------- C:\Documents and Settings\Ken\Application Data\Comodo
2008-06-24 17:07:42 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-24 17:07:41 0 d-------- C:\Program Files\COMODO
2008-06-24 15:10:17 2080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-24 15:10:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-24 15:10:14 288 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-24 12:36:26 0 d-------- C:\Program Files\Lavasoft
2008-06-24 12:36:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 07:33:54 0 d-------- C:\Program Files\KeyScrambler
2008-06-24 07:00:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-24 07:00:23 0 d-------- C:\Documents and Settings\Ken\Application Data\Mozilla
2008-06-23 21:52:01 90112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2008-06-23 21:52:01 9472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2008-06-23 21:52:01 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe <Not Verified; SnoopFree Software; SnoopFree Privacy Shield>
2008-06-23 21:52:01 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2008-06-23 18:06:29 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 18:03:52 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-23 18:03:52 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-06-23 18:03:52 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-23 18:03:51 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-23 17:20:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-21 18:20:10 0 d-------- C:\WINDOWS\Logs
2008-06-21 10:52:57 36864 --a------ C:\WINDOWS\system32\smart.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-06-21 10:52:57 38912 --a------ C:\WINDOWS\system32\LoveFly.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-06-21 01:37:53 0 d-------- C:\Logs
2008-06-20 21:58:05 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-20 21:57:47 0 d-------- C:\Program Files\World of Warcraft
2008-06-19 17:09:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-18 14:06:14 0 d-------- C:\Program Files\jZip
2008-06-17 15:29:57 0 d-------- C:\Program Files\dl_Cats
2008-06-12 07:31:34 0 d-------- C:\Program Files\7-Zip
2008-06-12 07:10:38 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZipSE
2008-06-11 11:02:52 0 d-------- C:\Program Files\Citrix


-- Find3M Report ---------------------------------------------------------------

2008-06-29 18:45:04 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-28 08:32:01 0 d-------- C:\Program Files\Common Files
2008-06-22 10:29:05 0 d-------- C:\Program Files\Steam
2008-06-15 11:33:30 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-05 09:58:10 0 d-------- C:\Program Files\Java
2008-05-27 07:39:12 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-27 07:38:30 0 d-------- C:\Program Files\Stardock
2008-05-22 11:55:26 0 d-------- C:\Documents and Settings\Ken\Application Data\Smith Micro
2008-05-22 08:15:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-22 08:05:27 0 d-------- C:\Documents and Settings\Ken\Application Data\Adobe
2008-05-22 06:18:52 0 d-------- C:\Program Files\Messenger
2008-05-22 06:18:14 0 d-------- C:\Program Files\Movie Maker
2008-05-22 06:14:47 0 d-------- C:\Program Files\Windows NT
2008-05-22 03:53:03 0 d-------- C:\Program Files\ThinkPad
2008-05-22 03:53:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-22 03:53:01 0 d-------- C:\Program Files\Digital Line Detect
2008-05-22 03:52:47 0 d-------- C:\Program Files\NetWaiting
2008-05-22 03:25:39 0 d-------- C:\Program Files\PCDR5
2008-05-22 03:13:13 0 d-------- C:\Program Files\Lenovo
2008-05-21 13:40:31 0 d-------- C:\Program Files\PANTECH
2008-05-21 13:40:18 0 d-------- C:\Program Files\Verizon Wireless
2008-05-21 13:16:03 0 d-------- C:\Program Files\msn gaming zone
2008-05-21 13:12:56 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-21 11:28:33 0 d-------- C:\Program Files\ThinkVantage
2008-05-21 11:10:01 188 --a------ C:\WINDOWS\x
2008-05-21 09:50:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-21 09:50:26 0 d-------- C:\Program Files\Symantec
2008-05-21 09:32:16 0 d-------- C:\Program Files\Common Files\Lenovo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 11:38 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 01:49 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2007 07:03 AM]
"nwiz"="nwiz.exe" [12/10/2007 07:03 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/10/2007 07:03 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 04:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/24/2008 10:28 PM]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [02/24/2006 04:12 PM]
"SnoopFreeUI"="SnoopFreeUI.exe" [06/23/2008 09:52 PM C:\WINDOWS\SnoopFreeUI.exe]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [06/24/2008 05:07 PM]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [06/29/2008 04:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 11:42 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Ken\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/23/2007 11:45:42 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 03/14/2008 12:54 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly]
smart.dll 06/21/2008 10:52 AM 36864 C:\WINDOWS\system32\smart.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
LoveFly.dll 06/21/2008 10:52 AM 38912 C:\WINDOWS\system32\LoveFly.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 08/14/2007 10:54 AM 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 10:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/14/2007 10:36 AM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
"C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-29 19:07:50 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1006.22 MiB / 476.04 MiB
Pagefile Memory (total/avail): 2447.7 MiB / 1994.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1800.66 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 17.26 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ken\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KHAY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ken
LOGONSERVER=\\KHAY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Lenovo;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\jZip
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ken\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ken\LOCALS~1\Temp
TPCCommon=C:\PROGRA~1\THINKV~2\PrdCtr
TVT=C:\Program Files\Lenovo
USERDOMAIN=KHAY
USERNAME=Ken
USERPROFILE=C:\Documents and Settings\Ken
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ken (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Call of Duty 4: Modern Warfare --> "C:\Program Files\Steam\steam.exe" steam://uninstall/7940
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Crawler Toolbar with Web Security Guard --> C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
Doctor Alex --> "C:\Program Files\Doctor Alex\uninstall.exe"
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
High Definition Audio Driver Package - KB888111 -->
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
jZip --> C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
KeyScrambler --> C:\Program Files\KeyScrambler\uninstall.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lotus Notes 7.0 --> MsiExec.exe /I{5A7970BE-2F8A-4004-ABE9-4CDB55A216E6}
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007 --> MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PANTECH PC Card Software --> C:\Program Files\PANTECH\PANTECH PC Card\PTDCUninstall.exe
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Peggle Extreme --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\SETUP.EXE" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SnoopFree Privacy Shield --> SnoopFreeUI.exe /U
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
Stardock Central --> C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
ThinkPad Bluetooth with Enhanced Data Rate Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Fingerprint Software 5.6 --> MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VZAccess Manager --> C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type1399 / Error
Event Submitted/Written: 06/29/2008 02:05:59 PM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Event Record #/Type1389 / Warning
Event Submitted/Written: 06/29/2008 01:44:19 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1387 / Warning
Event Submitted/Written: 06/29/2008 07:35:46 AM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\WINDOWS\SoftwareDistribution\Download\cf14c0dab22a74a398259106a6747192a585a709 due to extraction errors encountered by the Decomposer Engines.

Event Record #/Type1386 / Warning
Event Submitted/Written: 06/29/2008 07:34:45 AM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\WINDOWS\SoftwareDistribution\Download\81a10484afb24ba8e8672557df6cb4212a3a1973 due to extraction errors encountered by the Decomposer Engines.

Event Record #/Type1385 / Warning
Event Submitted/Written: 06/29/2008 07:34:34 AM
Event ID/Source: 6 / Symantec AntiVirus
Event Description:
Could not scan 1 files inside C:\WINDOWS\SoftwareDistribution\Download\5da66d8000d5b67b762675057bb30c7baa3a3218 due to extraction errors encountered by the Decomposer Engines.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3604 / Error
Event Submitted/Written: 06/29/2008 06:43:21 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type3603 / Error
Event Submitted/Written: 06/29/2008 06:09:56 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type3602 / Error
Event Submitted/Written: 06/29/2008 05:27:51 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
ANC
cmdGuard
cmdHlp
eeCtrl
Fips
IBMTPCHK
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
ohci1394
RasAcd
Rdbss
SAVRT
SAVRTPEL
SPBBCDrv
sp_rsdrv2
SYMTDI
Tcpip
TPHKDRV
TPPWRIF
TSMAPIP

Event Record #/Type3601 / Error
Event Submitted/Written: 06/29/2008 05:27:51 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type3600 / Error
Event Submitted/Written: 06/29/2008 05:27:51 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-06-29 19:01:51 ------------



And the Spyware terminator scan (Ran in safemode):



Logfile of Spyware Terminator v2.2.1.433 (db:2.006.027.000)
Scan Time: 6/29/2008 5:31:04 PM length: 1736 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Safe
Scan type: Full_Spyware_Scan
Scanned Objects: 93441 (Critical:0)
Filter: No System items, No Safe items, No Invalid items

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: CKeyScramblerBHO Object - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - [QFX Software Corporation] : C:\Program Files\KeyScrambler\KeyScramblerIE.dll
02 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe Reader Speed Launcher : [Adobe Systems Incorporated] : C:\Program Files\ADOBE\READER 8.0\READER\READER_SL.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, DLCDCATS : : C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLCDtime.dll
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SnoopFreeUI : [SnoopFree Software] : C:\WINDOWS\SnoopFreeUI.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, COMODO Firewall Pro : [COMODO] : C:\Program Files\COMODO\FIREWALL\CFP.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs : [COMODO] : C:\WINDOWS\system32\guard32.dll
04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, GinaDLL : [UPEK Inc.] : C:\WINDOWS\system32\vrlogon.dll
04 - Startup: %STARTUP%\OneNote 2007 Screen Clipper and Launcher.lnk [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

Shell Extensions
Monitor Class - {7842554E-6BED-11D2-8CDB-B05550C10000} - [Broadcom Corporation.] : C:\WINDOWS\system32\btncopy.dll
Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Folder Synchronization - {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Stub Icon Handler - {A449600E-1DC6-4232-B948-9BD794D62056} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove GFS Context Menu Handler - {6C467336-8281-4E60-8204-430CED96822D} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove XML Icon Handler - {387E725D-DC16-4D76-B310-2C93ED4752A0} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Microsoft Office OneNote Namespace Extension for Windows Desktop Search - {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL
Microsoft Office Metadata Handler - {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\OFFICE12\msoshext.dll
Microsoft Office Thumbnail Handler - {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\OFFICE12\msoshext.dll
VpshellEx Class - {BDA77241-42F6-11d0-85E2-00AA001FE28C} - [Symantec Corporation] : C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
My Bluetooth Places - {6af09ec9-b429-11d4-a1fb-0090960218cb} - [Broadcom Corporation.] : C:\WINDOWS\system32\BTNeighborhood.dll

Shell Extecute Hooks
Groove GFS Stub Execution Hook - {{B5A7F190-DDA6-4420-B3BA-52453494E6CD}} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

Protocol Handler
Local Groove Web Services Protocol - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

Services
23 - [Atmel, Inc.] : C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
23 - [Lenovo.] : C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
23 - [COMODO] : C:\WINDOWS\system32\DRIVERS\inspect.sys
23 - [QFX Software Corporation] : C:\WINDOWS\system32\drivers\keyscrambler.sys
23 - [Lenovo.] : C:\WINDOWS\system32\DRIVERS\Apsx86.sys
23 - : C:\WINDOWS\system32\Drivers\SnopFree.sys
23 - [Synaptics, Inc.] : C:\WINDOWS\system32\DRIVERS\SynTP.sys
23 - [Lenovo.] : C:\WINDOWS\system32\DRIVERS\ApsHM86.sys

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify, DLLName : [Lenovo] : C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Fly, DLLName : [Microsoft Corporation] : C:\WINDOWS\system32\smart.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [Intel Corporation] : C:\WINDOWS\system32\igfxdev.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Love, DLLName : [Microsoft Corporation] : C:\WINDOWS\system32\LoveFly.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon, DLLName : [Symantec Corporation] : C:\WINDOWS\system32\NavLogon.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus, DLLName : [UPEK Inc.] : C:\WINDOWS\system32\psqlpwd.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2, DLLName : : C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey, DLLName : [Lenovo Group Limited] : C:\Program Files\Lenovo\HOTKEY\tphklock.dll

Advanced Files Report
%PROGRAMFILES%\ThinkPad\ConnectUtilities\ACNotify.dll [Lenovo] [Access Connections] MD5=210DA66CA4D2579E9220B1A8E57F8681 SIZE=32768
%PROGRAMFILES%\ThinkPad\ConnectUtilities\AcSvcStub.dll [Lenovo] [Access Connections] MD5=33070BDCF6CA6FC8E2212056129EA5D5 SIZE=143360
%PROGRAMFILES%\ThinkPad\ConnectUtilities\AcLocSettings.dll [Lenovo] [Access Connections] MD5=284A35997F8541850AE34291A1CC441F SIZE=192512
%PROGRAMFILES%\ThinkPad\ConnectUtilities\ACHelper.dll [Lenovo] [Access Connections] MD5=AAC9B04F86987EA4F135958BA2B17C66 SIZE=90112
%SYSDIR%\psqlpwd.dll [UPEK Inc.] [ThinkVantage Fingerprint Software] MD5=4BF40C7EDC9EFD3C340426579A014FE0 SIZE=89600
%PROGRAMFILES%\ThinkVantage Fingerprint Software\homefus2.dll [UPEK Inc.] [ThinkVantage Fingerprint Software] MD5=CCDB7C3B946D1B80214EDDB45181D481 SIZE=1119744
%PROGRAMFILES%\ThinkVantage Fingerprint Software\infra.dll [UPEK Inc.] [ThinkVantage Fingerprint Software] MD5=528888DBD1135A977C7BE0CB725D17E3 SIZE=292352
%PROGRAMFILES%\ThinkVantage Fingerprint Software\homepass.dll [UPEK Inc.] [ThinkVantage Fingerprint Software] MD5=4AEA0C9D50DA518A80F85CE32F62FD49 SIZE=3193856
%PROGRAMFILES%\ThinkVantage Fingerprint Software\bio.dll [UPEK Inc.] [ThinkVantage Fingerprint Software] MD5=EF29E6383479C50B2C3A57E625EA865E SIZE=2330624
%PROGRAMFILES%\ThinkVantage Fingerprint Software\ps2css.dll [UPEK Inc.] [ThinkVantage Fingerprint Software] MD5=2FEDAC059545D28BBB276D58310DA048 SIZE=33792
%PROGRAMFILES%\ThinkVantage Fingerprint Software\remote.dll [UPEK Inc.] [ThinkVantage Fingerprint Software] MD5=2F2BE5036C44E28883812EDB4210201C SIZE=793088
%PROGRAMFILES%\Lenovo\HOTKEY\tphklock.dll [Lenovo Group Limited] [On screen display] MD5=451CD42B003AB6A04346DB4ABC624717 SIZE=28672
%SYSDIR%\NavLogon.dll [Symantec Corporation] [Symantec AntiVirus] MD5=3637EC6C50E02BB6FD80DD41CF47853E SIZE=43712
%PROGRAMFILES%\ThinkPad\ConnectUtilities\ACGina.dll [Lenovo] [Access Connections] MD5=996699AAA9554722A0395B8272925804 SIZE=237568
%PROGRAMFILES%\ThinkPad\ConnectUtilities\ACON.dll [Lenovo] [Access Connections] MD5=BDFAE9C132C9B49E99BB175ECEEB7705 SIZE=659456
%PROGRAMFILES%\ThinkPad\ConnectUtilities\AcPrfMgr.dll [Lenovo] [Access Connections] MD5=F231356B731C3E66747152BC01246748 SIZE=163840
%PROGRAMFILES%\ThinkPad\ConnectUtilities\AcCryptHlpr.dll [Lenovo] [Access Connections] MD5=C612879EC6CBCD7CE5C5BE6DD7E1635B SIZE=450560
%PROGRAMFILES%\ThinkPad\ConnectUtilities\ACTurinSupport.dll [Lenovo] [Access Connections] MD5=7B0DF5CD10BC4BC5ABEA220B3C291C63 SIZE=10240
%PROGRAMFILES%\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll [Lenovo] [ThinkVantage Access Connections] MD5=6E8D77FB4B1F63F8E8EB386E4F2A5D95 SIZE=86016
%PROGRAMFILES%\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll [Lenovo] [Access Connections] MD5=697BF30CF3E6F9F19E0FC416E92BCA0C SIZE=106496
%PROGRAMFILES%\Microsoft Office\Office12\ONENOTEM.EXE [Microsoft Corporation] [Microsoft Office OneNote] MD5=24F5015DEB7C744DDF34CD786B6FA03F SIZE=101784
deskpan.dll
%SYSDIR%\btncopy.dll [Broadcom Corporation.] [Bluetooth Software] MD5=34A9E4C2470F8493F477FF7B040D9CE2 SIZE=49152
%PROGRAMFILES%\Microsoft Office\Office12\ONFILTER.DLL [Microsoft Corporation] [Microsoft Office OneNote] MD5=DF8AADA641FE10C4748899F62A530A28 SIZE=75144
%COMMONFILES%\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Corporation] [Microsoft Office] MD5=0079E7EE294AC629D57FB8259F5A803E SIZE=935832
%COMMONFILES%\Symantec Shared\SSC\vpshell2.dll [Symantec Corporation] [Symantec AntiVirus] MD5=99AF34F5C84A1D38D55A0BAA51EEF59A SIZE=47296
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 111.33] MD5=A23C8FF3A57864545952FD6ADE7BB100 SIZE=466944
%SYSDIR%\BTNeighborhood.dll [Broadcom Corporation.] [Bluetooth Software] MD5=C540C47A8831E352ADA5BBD3C9CAB30A SIZE=979021
%SYSDIR%\smart.dll [Microsoft Corporation] [Microsoft? Windows? Operating System] MD5=59DF56DFA251E3B358816F7C30967EB6 SIZE=36864
%SYSDIR%\igfxdev.dll [Intel Corporation] [Intel® Common User Interface] MD5=CFF29149F6B458219AADB81A77BC5FB0 SIZE=204800
%SYSDIR%\LoveFly.dll [Microsoft Corporation] [Microsoft? Windows? Operating System] MD5=B27746E79B10511E1855AF65657E1A26 SIZE=38912
%PROGRAMFILES%\Lenovo\HOTKEY\notifyf2.dll MD5=0C3E484BF4AEC2749A9F4D0A91870780 SIZE=34344
%SYSDIR%\DRIVERS\atmeltpm.sys [Atmel, Inc.] [Atmel TPM Driver] MD5=DBF0D7E2DF33B469EB55406FEA759350 SIZE=15872
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\DRIVERS\ibmpmdrv.sys [Lenovo.] [ThinkPad] MD5=931AF21653DD91CD85270A2B31F87EEB SIZE=21808
%SYSDIR%\DRIVERS\inspect.sys [COMODO] [COMODO Firewall Pro Firewall Driver] MD5=D57D08E45BD8B794F2F15319CD228F38 SIZE=79760
%SYSDIR%\drivers\keyscrambler.sys [QFX Software Corporation] [KeyScrambler ®] MD5=2FCDFF8A230AE5E992239594CF0286A0 SIZE=113896
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\Apsx86.sys [Lenovo.] [ThinkVantage Active Protection System] MD5=A3AEE791DB8C73882F4503BFAACD8C9E SIZE=103472
%SYSDIR%\Drivers\SnopFree.sys MD5=21EA9DC8FBE1236051832ABB5254226F SIZE=9472
%SYSDIR%\DRIVERS\SynTP.sys [Synaptics, Inc.] [Synaptics Device Driver] MD5=A81E52DF43DC66493EAC8CE58FC9B658 SIZE=177664
%SYSDIR%\DRIVERS\ApsHM86.sys [Lenovo.] [ThinkVantage Active Protection System] MD5=639BA7B37F25054CF5E82604E736D250 SIZE=19504
%PROGRAMFILES%\Microsoft Office\Office12\GrooveSystemServices.dll [Microsoft Corporation] [GrooveSystemServices Module] MD5=C48CBBD38D7FBB0E86F4364062EBC66E SIZE=224128
%SYSDIR%\\Drivers\keyscrambler.sys [QFX Software Corporation] [KeyScrambler ®] MD5=2FCDFF8A230AE5E992239594CF0286A0 SIZE=113896
%SYSDIR%\igfxpers.exe [Intel Corporation] [Intel® Common User Interface] MD5=7ABF75BA95393A261271F5954678A613 SIZE=137752
%SYSDIR%\MACROMED\SHOCKWAVE 10\GTAPI.DLL MD5=AE5CDA196A69F583DD356E7487AF3B49 SIZE=52288

End of Report

BC AdBot (Login to Remove)

 


#2 Ken71

Ken71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 06 July 2008 - 02:03 PM

Hi, I found some additional information. Last night, since I haven't yet had a reply here I decided to try the Kaspersky online scanner and it turned up the following "Trojan-PSW.Win32.WOW.arz" which is located in c:\windows\system\LoveFly.dll. After some googling this is also linked to c:\windows\system\smart.dll.

Including the Kaspersky log here for reference:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 06, 2008 06:42:31
Records in database: 917719
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 62455
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:46:14


File name / Threat name / Threats count
C:\WINDOWS\system32\LoveFly.dll/C:\WINDOWS\system32\LoveFly.dll Infected: Trojan-PSW.Win32.WOW.arz 1
C:\WINDOWS\system32\LoveFly.dll Infected: Trojan-PSW.Win32.WOW.arz 1

The selected area was scanned.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------


2nd UPDATE:
After some research I found in this form post over at malwareremoval.com (http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=31899&st=0&sk=t&sd=a) in which someone with the same issue who was helped. So I followed those steps down to the end and remove the lovefly and smart.dll files. So I am including my latest Hijackthis Log. Please review to double check and let me know if you suggest any other steps need to be taken:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:07 PM, on 7/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Lotus7\Notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus7\Notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 9481 bytes

Edited by Ken71, 06 July 2008 - 07:45 PM.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:28 PM

Posted 07 July 2008 - 01:36 PM

Hi,

Welcome to Bleeping Computer HijackThis forum. I am farbar. I am going to assist you with your problem.
Our apology for the delay in response we get overwhelmed at times but we are trying our best to keep up.
Please give me some time to look it over and I will get back to you as soon as possible. If it took some time to get back to you please be patient as taking a quick look at your log shows no need to be alarmed any more.

#4 Ken71

Ken71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 07 July 2008 - 10:50 PM

I got no problem waiting, I understand. Thanks for taking a look.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:28 PM

Posted 08 July 2008 - 07:15 AM

Hello again,


Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.
  • You have the latest version of Java and it is good. Please remove the older versions:
    Click "start" and then "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ 6 Update 3
    Java™ 6 Update 5


    Additional instructions can be found here if needed.

  • Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

    Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with DrWeb-CureIt as follows:
    • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
    • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
    • Once the short scan has finished, Click Options > Change settings
    • Choose the "Scan tab" and UNcheck "Heuristic analysis"
    • Back at the main window, click "Custom Scan", then Select drives (a red dot will show which drives have been chosen).
    • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
    • When done, a message will be displayed at the bottom advising if any viruses were found.
    • Click "Yes to all" if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
      (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
    • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
    • Save the DrWeb.csv report to your desktop.
    • Exit Dr.Web Cureit when done.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  • Please copy and paste a fresh DSS log to your reply.


#6 Ken71

Ken71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 09 July 2008 - 02:51 AM

Hi,

I ran the DrWeb CureIt exactly as instructed in Safe Mode. 338061 files scanned, no viruses found. I would post a log but the Save report option was grayed out so was not able to save one.


Deckard's System Scanner v20071014.68
Run by Ken on 2008-07-08 21:54:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Ken.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:36 PM, on 7/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Lotus7\Notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ken\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ken.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus7\Notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 9557 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-08 15:48:58 0 d-------- C:\Documents and Settings\Ken\DoctorWeb
2008-07-06 17:29:18 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-06 17:29:00 0 d-------- C:\Program Files\World of Warcraft
2008-07-06 14:09:53 0 d-------- C:\Program Files\SpywareBlaster
2008-07-06 13:51:48 0 d-------- C:\Documents and Settings\Ken\Application Data\Malwarebytes
2008-07-06 13:51:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 13:51:44 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 13:00:29 0 d-------- C:\Program Files\Java
2008-07-06 13:00:27 0 d-------- C:\Program Files\Common Files\Java
2008-06-29 18:58:43 0 d-------- C:\Program Files\Trend Micro
2008-06-29 16:01:56 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-29 16:01:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-29 16:01:55 0 d-------- C:\Documents and Settings\Ken\Application Data\Spyware Terminator
2008-06-29 16:01:53 0 d-------- C:\Program Files\Spyware Terminator
2008-06-29 15:53:23 0 d-------- C:\Program Files\Doctor Alex
2008-06-29 15:50:31 0 dr-h----- C:\Documents and Settings\Ken\Recent
2008-06-29 15:14:20 0 d-------- C:\Program Files\CCleaner
2008-06-28 08:32:27 0 d-------- C:\Program Files\Ventrilo
2008-06-28 08:32:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 15:20:51 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-24 20:00:50 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-06-24 20:00:46 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-06-24 17:07:44 0 d-------- C:\Documents and Settings\Ken\Application Data\Comodo
2008-06-24 17:07:42 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-24 17:07:41 0 d-------- C:\Program Files\COMODO
2008-06-24 15:10:17 2080 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-24 15:10:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-24 15:10:14 288 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-24 12:36:26 0 d-------- C:\Program Files\Lavasoft
2008-06-24 12:36:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-24 07:33:54 0 d-------- C:\Program Files\KeyScrambler
2008-06-24 07:00:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-24 07:00:23 0 d-------- C:\Documents and Settings\Ken\Application Data\Mozilla
2008-06-23 21:52:01 90112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2008-06-23 21:52:01 9472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2008-06-23 21:52:01 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe <Not Verified; SnoopFree Software; SnoopFree Privacy Shield>
2008-06-23 21:52:01 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2008-06-23 18:06:29 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 18:03:52 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-23 18:03:52 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-06-23 18:03:52 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-23 18:03:51 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-23 17:20:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-21 18:20:10 0 d-------- C:\WINDOWS\Logs
2008-06-21 01:37:53 0 d-------- C:\Logs
2008-06-19 17:09:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-06-18 14:06:14 0 d-------- C:\Program Files\jZip
2008-06-17 15:29:57 0 d-------- C:\Program Files\dl_Cats
2008-06-12 07:10:38 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZipSE
2008-06-11 11:02:52 0 d-------- C:\Program Files\Citrix


-- Find3M Report ---------------------------------------------------------------

2008-07-08 21:13:42 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-06 17:29:18 0 d-------- C:\Program Files\Common Files
2008-06-22 10:29:05 0 d-------- C:\Program Files\Steam
2008-06-15 11:33:30 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-27 07:39:12 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-27 07:38:30 0 d-------- C:\Program Files\Stardock
2008-05-22 11:55:26 0 d-------- C:\Documents and Settings\Ken\Application Data\Smith Micro
2008-05-22 08:15:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-22 08:05:27 0 d-------- C:\Documents and Settings\Ken\Application Data\Adobe
2008-05-22 06:18:52 0 d-------- C:\Program Files\Messenger
2008-05-22 06:18:14 0 d-------- C:\Program Files\Movie Maker
2008-05-22 06:14:47 0 d-------- C:\Program Files\Windows NT
2008-05-22 03:53:03 0 d-------- C:\Program Files\ThinkPad
2008-05-22 03:53:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-22 03:53:01 0 d-------- C:\Program Files\Digital Line Detect
2008-05-22 03:52:47 0 d-------- C:\Program Files\NetWaiting
2008-05-22 03:25:39 0 d-------- C:\Program Files\PCDR5
2008-05-22 03:13:13 0 d-------- C:\Program Files\Lenovo
2008-05-21 13:40:31 0 d-------- C:\Program Files\PANTECH
2008-05-21 13:40:18 0 d-------- C:\Program Files\Verizon Wireless
2008-05-21 13:16:03 0 d-------- C:\Program Files\msn gaming zone
2008-05-21 13:12:56 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-21 11:28:33 0 d-------- C:\Program Files\ThinkVantage
2008-05-21 11:10:01 188 --a------ C:\WINDOWS\x
2008-05-21 09:50:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-21 09:50:26 0 d-------- C:\Program Files\Symantec
2008-05-21 09:32:16 0 d-------- C:\Program Files\Common Files\Lenovo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 11:38 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 01:49 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2007 07:03 AM]
"nwiz"="nwiz.exe" [12/10/2007 07:03 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/10/2007 07:03 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 04:16 PM]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [02/24/2006 04:12 PM]
"SnoopFreeUI"="SnoopFreeUI.exe" [06/23/2008 09:52 PM C:\WINDOWS\SnoopFreeUI.exe]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [06/24/2008 05:07 PM]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [06/29/2008 04:01 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 11:42 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Ken\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/23/2007 11:45:42 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 03/14/2008 12:54 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 08/14/2007 10:54 AM 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 10:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/14/2007 10:36 AM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
"C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-08 21:57:33 ------------

Edited by Ken71, 09 July 2008 - 02:58 AM.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:28 PM

Posted 10 July 2008 - 01:55 AM

Hello Ken71,


Everything looks good, I see no sign of infection on your logs.


I suggest you make a clean restore point if you have not done it after removing the Trojans:


First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

To set a new restore point:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
To remove the old restore points:
  • Go to Start > Run then type: Cleanmgr in the box and click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


#8 Ken71

Ken71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 10 July 2008 - 07:10 PM

Done!

Thank you for your help and giving me some peace of mind :thumbsup:

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:28 PM

Posted 11 July 2008 - 01:08 AM

You are welcome, glad I could help.

#10 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:12:28 PM

Posted 11 July 2008 - 01:37 PM

Hello,

Since this topic appears to have been resolved it is now closed.
Glad we could help.
If you need it re-opened please PM a member of the Moderating team with a link to your thread.

Thank you & surf safe!

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users