|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-12-2008, 06:24 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 8
OS: Windows XP
|
Command Helper
Hello, my computer has been running slowly, and every time I go online, Internet Explorer starts spawning pop-ups.
I've run Spybot and the only program it can't remove is command.exe. I was unable to get Panda Active Scan to work, but have installed the other programs you recommended. Here is my main.txt log from DSS: Deckard's System Scanner v20071014.68 Run by Frank Palmer on 2008-06-12 21:21:59 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Frank Palmer.exe) ---------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:22:32 PM, on 6/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe c:\windows\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\RnJhbmsgUGFsbWVy\command.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Documents and Settings\Frank Palmer\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\FRANKP~1.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: (no name) - {10A81DA3-0157-4161-957E-D91E132DD9BC} - (no file) O2 - BHO: (no name) - {38CE7DD8-6482-4DC7-9999-BD3B239311C1} - C:\WINDOWS\system32\xxywXOeB.dll (file missing) O2 - BHO: (no name) - {3D431631-2D76-48B3-BE72-EB709EABB0BC} - C:\WINDOWS\system32\yayvTjkh.dll (file missing) O2 - BHO: (no name) - {3EAA70DB-34E5-439B-AAF6-54D812AC3D59} - (no file) O2 - BHO: (no name) - {5AB66710-B910-401C-B911-19E31275BD86} - C:\WINDOWS\system32\ddcBSMeF.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {83B6EDCC-A4C1-4BC1-87E0-8C332695D458} - (no file) O2 - BHO: (no name) - {922A7169-1C54-4F7F-BFDF-BD0C11824B49} - C:\WINDOWS\system32\geBqRkJC.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - c:\windows\system32\xxyyvuvv.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{96-69-9F-F7-DW}] C:\WINDOWS\system32\trcTMP\kmdmns2.exe DWram O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\trcTMP\kmdmns2.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: xxyyvuvv - xxyyvuvv.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJhbmsgUGFsbWVy\command.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 13528 bytes -- Files created between 2008-05-12 and 2008-06-12 ----------------------------- 2008-06-12 20:24:11 0 d-------- C:\ie-spyad_zo 2008-06-12 20:18:16 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-12 20:18:08 0 d-------- C:\Program Files\SpywareBlaster 2008-06-12 20:07:16 0 d-------- C:\Program Files\Panda Security 2008-06-12 19:42:31 93760 --a------ C:\WINDOWS\system32\ricsyxme.dll 2008-06-12 19:39:31 104000 --a------ C:\WINDOWS\system32\bngfltfw.dll 2008-06-12 19:37:40 0 d-------- C:\Program Files\Trend Micro 2008-06-12 19:36:31 101440 --a------ C:\WINDOWS\system32\ltlsdunj.dll 2008-06-07 17:03:29 104512 --a------ C:\WINDOWS\system32\quddsseu.dll 2008-06-07 17:00:29 2624 --a------ C:\WINDOWS\system32\gmbkfjwd.exe 2008-06-07 16:55:29 103488 --a------ C:\WINDOWS\system32\xlftustb.dll 2008-05-27 19:26:57 102976 --a------ C:\WINDOWS\system32\ogfpamlg.dll 2008-05-24 03:10:27 687592 --a------ C:\WINDOWS\system32\atmtd.dll 2008-05-23 12:58:12 104512 --a------ C:\WINDOWS\system32\svfjtifg.dll 2008-05-23 12:55:15 2624 --a------ C:\WINDOWS\system32\uacvtpwo.exe 2008-05-23 12:49:52 103488 --a------ C:\WINDOWS\system32\luvoiund.dll 2008-05-23 12:49:11 692737 --ahs---- C:\WINDOWS\system32\CJkRqBeg.ini2 -- Find3M Report --------------------------------------------------------------- 2008-05-15 18:40:48 519590 --ahs---- C:\WINDOWS\system32\hkjTvyay.ini2 2008-05-02 15:10:08 0 d-------- C:\Program Files\Enigma Software Group 2008-04-29 01:04:03 515494 --ahs---- C:\WINDOWS\system32\BeOXwyxx.ini2 2008-04-29 00:07:12 15202 --ahs---- C:\WINDOWS\system32\FeMSBcdd.ini2 2008-04-15 12:49:39 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-15 12:47:46 0 d-------- C:\Program Files\Symantec 2008-04-15 12:47:40 0 d-------- C:\Program Files\Common Files -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10A81DA3-0157-4161-957E-D91E132DD9BC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38CE7DD8-6482-4DC7-9999-BD3B239311C1}] C:\WINDOWS\system32\xxywXOeB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D431631-2D76-48B3-BE72-EB709EABB0BC}] C:\WINDOWS\system32\yayvTjkh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EAA70DB-34E5-439B-AAF6-54D812AC3D59}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AB66710-B910-401C-B911-19E31275BD86}] C:\WINDOWS\system32\ddcBSMeF.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83B6EDCC-A4C1-4BC1-87E0-8C332695D458}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{922A7169-1C54-4F7F-BFDF-BD0C11824B49}] C:\WINDOWS\system32\geBqRkJC.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}] c:\windows\system32\xxyyvuvv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2006 01:17 AM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2006 01:16 AM] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [06/17/2007 12:16 PM] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [06/17/2007 12:16 PM] "TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [04/09/2007 02:03 PM] "TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [03/09/2007 01:49 AM] "@"="" [] "TpShocks"="TpShocks.exe" [03/29/2007 09:40 PM c:\WINDOWS\system32\TpShocks.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [03/28/2007 01:32 PM] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/09/2007 03:23 AM] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/03/2007 10:55 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/17/2007 11:53 AM] "nwiz"="nwiz.exe" [05/17/2007 11:53 AM c:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/17/2007 11:53 AM] "TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [02/08/2007 04:19 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 04:03 PM] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 08:20 AM] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 07:50 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 07:50 PM] "AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [11/07/2006 06:51 AM] "LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [03/22/2007 01:02 PM] "AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [02/01/2007 02:00 PM] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 07:24 PM] "ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [06/29/2007 12:10 AM] "ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [06/29/2007 12:02 AM] "cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [01/30/2007 10:01 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 09:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 05:42 PM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "{96-69-9F-F7-DW}"="C:\WINDOWS\system32\trcTMP\kmdmns2.exe" [02/14/2008 10:42 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 09:16 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\ DW_Start.lnk - C:\WINDOWS\system32\trcTMP\kmdmns2.exe [2/14/2008 10:42:16 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/8/2008 12:15:44 PM] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/13/2007 7:51:11 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= c:\windows\system32\xxyyvuvv.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll 06/29/2007 12:03 AM 32768 c:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 03:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/13/2006 10:06 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvuvv] xxyyvuvv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBqRkJC "Notification Packages"= scecli ACGina [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55027c30-feb7-11dc-b461-0013e852cb47}] Auto\command- E:\Start.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b20d50d4-da6c-11dc-b436-001a6b383cf9}] Auto\command- E:\Start.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe -- End of Deckard's System Scanner: finished at 2008-06-12 21:22:50 ------------ Any help would be greatly appreciated. Frank |
|
     |
| Sponsored Links |
|
06-16-2008, 12:11 PM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home
|
Re: Command Helper
Hello -
Deckard's System Scanner should have produced another log, extra.txt It should be located at C:\Deckard\System Scanner\extra.txt Please post it. If it's not there, please do this: Please run Deckard's System Scanner once again, this time using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "%userprofile%\desktop\dss.exe" /configClick on "Check All" Click Scan! When finished, it shall produce two logs for you. Post those logs in your next reply.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
06-17-2008, 08:31 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 8
OS: Windows XP
|
Re: Command Helper
Here is my new main.txt:
Deckard's System Scanner v20071014.68 Run by Frank Palmer on 2008-06-17 23:24:44 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 5 Restore Point(s) -- 37: 2008-06-13 01:01:02 UTC - RP115 - Deckard's System Scanner Restore Point 36: 2008-06-13 00:50:34 UTC - RP114 - Software Distribution Service 3.0 35: 2008-06-12 23:33:57 UTC - RP113 - Software Distribution Service 3.0 34: 2008-06-07 21:22:58 UTC - RP112 - System Checkpoint 33: 2008-05-24 07:00:22 UTC - RP111 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-04-18 08:21:07 UTC - RP79 - System Checkpoint Performed disk cleanup. -- HijackThis (run as Frank Palmer.exe) ---------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:20 PM, on 6/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe c:\windows\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\RnJhbmsgUGFsbWVy\command.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\iPod\bin\iPodService.exe c:\progra~1\common~1\instal~1\update~1\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Frank Palmer\desktop\dss.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\FRANKP~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: (no name) - {10A81DA3-0157-4161-957E-D91E132DD9BC} - (no file) O2 - BHO: (no name) - {38CE7DD8-6482-4DC7-9999-BD3B239311C1} - C:\WINDOWS\system32\xxywXOeB.dll (file missing) O2 - BHO: (no name) - {3D431631-2D76-48B3-BE72-EB709EABB0BC} - C:\WINDOWS\system32\yayvTjkh.dll (file missing) O2 - BHO: (no name) - {3EAA70DB-34E5-439B-AAF6-54D812AC3D59} - (no file) O2 - BHO: (no name) - {5AB66710-B910-401C-B911-19E31275BD86} - C:\WINDOWS\system32\ddcBSMeF.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {83B6EDCC-A4C1-4BC1-87E0-8C332695D458} - (no file) O2 - BHO: (no name) - {922A7169-1C54-4F7F-BFDF-BD0C11824B49} - C:\WINDOWS\system32\geBqRkJC.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - c:\windows\system32\xxyyvuvv.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{96-69-9F-F7-DW}] C:\WINDOWS\system32\trcTMP\kmdmns2.exe DWram O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\trcTMP\kmdmns2.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: xxyyvuvv - xxyyvuvv.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJhbmsgUGFsbWVy\command.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 13583 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections> R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys R1 kmixerr - c:\windows\system32\drivers\kmixerr.sys R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 cmdService (Command Service) - c:\windows\rnjhbmsgugfsbwvy\command.exe R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter> R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service> R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module> R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module> R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 1364) 2007-06-29 00:03:50 32768 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll <Not Verified; Lenovo; Access Connections> 2007-06-28 23:49:16 143360 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll <Not Verified; Lenovo; Access Connections> 2007-06-28 23:46:00 176128 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll <Not Verified; Lenovo; Access Connections> 2007-06-28 23:45:26 86016 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll <Not Verified; Lenovo; Access Connections> 2006-12-13 22  42 28672 -----n--- C:\Program Files\Lenovo\HOTKEY\tphklock.dllC:\WINDOWS\explorer.exe (pid 4008) 2005-08-02 16:46:54 187904 -r-hs---- C:\WINDOWS\RnJhbmsgUGFsbWVy\asappsrv.dll 2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-17 12:16:00 200704 -----n--- C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL <Not Verified; Lenovo Group Limited; ThinkPad Power Manager> 2007-06-17 12:16:00 40960 -----n--- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL 2007-06-17 12:16:00 73728 -----n--- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL 2007-01-25 02:25:52 69720 -----n--- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll C:\WINDOWS\system32\rundll32.exe (pid 3344) 2005-08-02 16:46:54 187904 -r-hs---- C:\WINDOWS\RnJhbmsgUGFsbWVy\asappsrv.dll 2007-06-17 12:16:00 200704 -----n--- C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL <Not Verified; Lenovo Group Limited; ThinkPad Power Manager> 2007-06-17 12:16:00 40960 -----n--- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL 2007-06-17 12:16:00 73728 -----n--- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL 2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll C:\WINDOWS\system32\rundll32.exe (pid 3600) 2005-08-02 16:46:54 187904 -r-hs---- C:\WINDOWS\RnJhbmsgUGFsbWVy\asappsrv.dll 2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll C:\WINDOWS\system32\rundll32.exe (pid 3692) 2005-08-02 16:46:54 187904 -r-hs---- C:\WINDOWS\RnJhbmsgUGFsbWVy\asappsrv.dll 2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-05-17 11:53:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll -- Scheduled Tasks ------------------------------------------------------------- 2008-06-17 23:15:53 316 --a------ C:\WINDOWS\Tasks\PMTask.job 2008-06-13 14:30:00 268 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-01-09 12:56:00 284 -----n--- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-05-17 and 2008-06-17 ----------------------------- 2008-06-12 20:24:11 0 d-------- C:\ie-spyad_zo 2008-06-12 20:18:16 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-12 20:18:08 0 d-------- C:\Program Files\SpywareBlaster 2008-06-12 20:07:16 0 d-------- C:\Program Files\Panda Security 2008-06-12 19:42:31 93760 --a------ C:\WINDOWS\system32\ricsyxme.dll 2008-06-12 19:39:31 104000 --a------ C:\WINDOWS\system32\bngfltfw.dll 2008-06-12 19:37:40 0 d-------- C:\Program Files\Trend Micro 2008-06-12 19:36:31 101440 --a------ C:\WINDOWS\system32\ltlsdunj.dll 2008-06-07 17:03:29 104512 --a------ C:\WINDOWS\system32\quddsseu.dll 2008-06-07 17:00:29 2624 --a------ C:\WINDOWS\system32\gmbkfjwd.exe 2008-06-07 16:55:29 103488 --a------ C:\WINDOWS\system32\xlftustb.dll 2008-05-27 19:26:57 102976 --a------ C:\WINDOWS\system32\ogfpamlg.dll 2008-05-24 03:10:27 687592 --a------ C:\WINDOWS\system32\atmtd.dll 2008-05-23 12:58:12 104512 --a------ C:\WINDOWS\system32\svfjtifg.dll 2008-05-23 12:55:15 2624 --a------ C:\WINDOWS\system32\uacvtpwo.exe 2008-05-23 12:49:52 103488 --a------ C:\WINDOWS\system32\luvoiund.dll 2008-05-23 12:49:11 692737 --ahs---- C:\WINDOWS\system32\CJkRqBeg.ini2 -- Find3M Report --------------------------------------------------------------- 2008-05-15 18:40:48 519590 --ahs---- C:\WINDOWS\system32\hkjTvyay.ini2 2008-05-02 15:10:08 0 d-------- C:\Program Files\Enigma Software Group 2008-04-29 01:04:03 515494 --ahs---- C:\WINDOWS\system32\BeOXwyxx.ini2 2008-04-29 00:07:12 15202 --ahs---- C:\WINDOWS\system32\FeMSBcdd.ini2 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10A81DA3-0157-4161-957E-D91E132DD9BC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38CE7DD8-6482-4DC7-9999-BD3B239311C1}] C:\WINDOWS\system32\xxywXOeB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D431631-2D76-48B3-BE72-EB709EABB0BC}] C:\WINDOWS\system32\yayvTjkh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EAA70DB-34E5-439B-AAF6-54D812AC3D59}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AB66710-B910-401C-B911-19E31275BD86}] C:\WINDOWS\system32\ddcBSMeF.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83B6EDCC-A4C1-4BC1-87E0-8C332695D458}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{922A7169-1C54-4F7F-BFDF-BD0C11824B49}] C:\WINDOWS\system32\geBqRkJC.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}] c:\windows\system32\xxyyvuvv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2006 01:17 AM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2006 01:16 AM] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [06/17/2007 12:16 PM] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [06/17/2007 12:16 PM] "TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [04/09/2007 02:03 PM] "TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [03/09/2007 01:49 AM] "@"="" [] "TpShocks"="TpShocks.exe" [03/29/2007 09:40 PM c:\WINDOWS\system32\TpShocks.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [03/28/2007 01:32 PM] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/09/2007 03:23 AM] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [04/03/2007 10:55 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/17/2007 11:53 AM] "nwiz"="nwiz.exe" [05/17/2007 11:53 AM c:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/17/2007 11:53 AM] "TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [02/08/2007 04:19 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 04:03 PM] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 08:20 AM] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 07:50 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 07:50 PM] "AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [11/07/2006 06:51 AM] "LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [03/22/2007 01:02 PM] "AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [02/01/2007 02:00 PM] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 07:24 PM] "ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [06/29/2007 12:10 AM] "ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [06/29/2007 12:02 AM] "cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [01/30/2007 10:01 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 09:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 05:42 PM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "{96-69-9F-F7-DW}"="C:\WINDOWS\system32\trcTMP\kmdmns2.exe" [02/14/2008 10:42 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 09:16 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\ DW_Start.lnk - C:\WINDOWS\system32\trcTMP\kmdmns2.exe [2/14/2008 10:42:16 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/8/2008 12:15:44 PM] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/13/2007 7:51:11 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= c:\windows\system32\xxyyvuvv.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll 06/29/2007 12:03 AM 32768 c:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 03:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/13/2006 10:06 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvuvv] xxyyvuvv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBqRkJC "Notification Packages"= scecli ACGina [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55027c30-feb7-11dc-b461-0013e852cb47}] Auto\command- E:\Start.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b20d50d4-da6c-11dc-b436-001a6b383cf9}] Auto\command- E:\Start.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe *Newly Created Service* - TVTDRV -- End of Deckard's System Scanner: finished at 2008-06-17 23:26:11 ------------ And here's the extra.txt that did not appear on my first iteration: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz CPU 1: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz Percentage of Memory in Use: 35% Physical Memory (total/avail): 2014.22 MiB / 1292.94 MiB Pagefile Memory (total/avail): 3906.3 MiB / 3312.64 MiB Virtual Memory (total/avail): 2047.88 MiB / 1895.16 MiB C: is Fixed (NTFS) - 143.55 GiB total, 120.32 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - HITACHI HTS541616J9SA00 - 149.05 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 143.55 GiB - C: \PARTITION1 - Unknown - 5.5 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Pidgin\\pidgin.exe"="C:\\Program Files\\Pidgin\\pidgin.exe:*:Enabled:Pidgin" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Frank Palmer\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=FRANKCOMPUTER ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO hlainc=C:\hla\include hlalib=C:\hla\hlalib\hlalib.lib HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Frank Palmer lib=;C:\hla\hlalib LOGONSERVER=\\FRANKCOMPUTER NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=c:\hla;c:\program files\miktex 2.6\miktex\bin;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\program files\intel\wireless\bin\;c:\program files\diskeeper corporation\diskeeper\;c:\program files\thinkpad\connectutilities;c:\program files\common files\lenovo;c:\program files\lenovo\client security solution;c:\program files\microsoft sql server\90\tools\binn\;c:\program files\quicktime\qtsystem\;C:\Program Files\MATLAB\R2007a Student\bin;C:\Program Files\MATLAB\R2007a Student\bin\win32 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0a ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip RR=C:\Program Files\Lenovo\Rescue and Recovery SESSIONNAME=Console SMA=C:\Program Files\ThinkVantage\SMA\ SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SWSHARE=C:\SWSHARE SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\FRANKP~1\LOCALS~1\Temp TMP=C:\DOCUME~1\FRANKP~1\LOCALS~1\Temp TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr TVT=C:\Program Files\Lenovo TVTCOMMON=C:\Program Files\Common Files\Lenovo TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24 USERDOMAIN=FRANKCOMPUTER USERNAME=Frank Palmer USERPROFILE=C:\Documents and Settings\Frank Palmer windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Frank Palmer (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly --> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL Activation Assistant for the 2007 Microsoft Office suites --> "C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Aspell 0.6 Dictionary (Language: en) --> "C:\Documents and Settings\All Users\Application Data\Aspell\Dictionaries\Uninstall-AspellDict-en.exe" Aspell Data --> "C:\Documents and Settings\All Users\Application Data\Aspell\Uninstall-AspellData.exe" Aspell English Dictionary-0.50-2 --> "C:\Program Files\Aspell\unins001.exe" Business Contact Manager for Outlook 2007 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923} Business Contact Manager for Outlook 2007 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923} Client Security Solution --> MsiExec.exe /I{F055E1B2-8A05-4D87-8039-1BE979BA4193} Diskeeper Lite --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A} Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6} GNU Aspell 0.50-3 --> "C:\Program Files\Aspell\unins000.exe" GPL Ghostscript 8.57 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.57\uninstal.txt" GPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt" GSview 4.8 --> C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt" GTK+ Runtime 2.10.13 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove High Definition Audio Driver Package - KB888111 --> HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall hla v1.98 --> C:\hla\unins000.exe Intel(R) PRO Network Connections Drivers --> Prounstl.exe Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Lenovo Registration --> C:\Program Files\Lenovo Registration\uninstall.exe Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} LyX 1.5.1-1 --> "C:\Program Files\LyX15\Uninstall-LyX.exe" Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF MATLAB Student R2007a --> C:\Program Files\MATLAB\R2007a Student\uninstall\uninstall.exe C:\Program Files\MATLAB\R2007a Student\ mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9} Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE} Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E} Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8} MiKTeX 2.6 --> "C:\Program Files\MiKTeX 2.6\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.6\miktex\config\uninstall.dat" mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove PSpice Student 9.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\OrCAD_Demo\DeIsL1.isu" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Remove Multimedia Center --> C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq Rescue and Recovery --> MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622} RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything Security Update for Step By Step Interactive Training (KB898458) --> Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic Icons for Lenovo --> MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE} System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297} ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x9 UNINSTALL ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED} ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x9 anything Update for Office 2007 (KB934528) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80} Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3} Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4} Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4} Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4} -- Application Event Log ------------------------------------------------------- Event Record #/Type17265 / Error Event Submitted/Written: 06/17/2008 11:16:32 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application tvtpwm_tray.exe, version 2.1.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001103c. Processing media-specific event for [tvtpwm_tray.exe!ws!] Event Record #/Type17165 / Error Event Submitted/Written: 06/12/2008 08:14:32 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application firefox.exe, version 1.8.20080.40413, faulting module gebqrkjc.dll, version 0.0.0.0, fault address 0x00054ebd. Processing media-specific event for [firefox.exe!ws!] Event Record #/Type17164 / Error Event Submitted/Written: 06/12/2008 08:13:45 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application firefox.exe, version 1.8.20080.40413, faulting module gebqrkjc.dll, version 0.0.0.0, fault address 0x00054ebd. Processing media-specific event for [firefox.exe!ws!] Event Record #/Type17160 / Error Event Submitted/Written: 06/12/2008 07:36:42 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x035c2951. Processing media-specific event for [firefox.exe!ws!] Event Record #/Type17110 / Error Event Submitted/Written: 05/23/2008 03:02:11 PM Event ID/Source: 1 / nview_info Event Description: NVIEW : IEXPLORE: Shared heap exhausted, process ID 994, total alloc:3a458... -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type21744 / Error Event Submitted/Written: 06/13/2008 02:26:03 PM Event ID/Source: 9 / atapi Event Description: The device, \Device\Ide\IdePort0, did not respond within the timeout period. Event Record #/Type21738 / Error Event Submitted/Written: 06/13/2008 02:25:58 PM Event ID/Source: 9 / atapi Event Description: The device, \Device\Ide\IdePort0, did not respond within the timeout period. Event Record #/Type21734 / Error Event Submitted/Written: 06/13/2008 02:25:50 PM Event ID/Source: 1000 / Dhcp Event Description: Your computer has lost the lease to its IP address 10.0.1.194 on the Network Card with network address 0013E852CB47. Event Record #/Type21733 / Warning Event Submitted/Written: 06/13/2008 02:25:50 PM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013E852CB47. The following error occurred: %%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Event Record #/Type21662 / Error Event Submitted/Written: 06/12/2008 07:33:23 PM Event ID/Source: 1000 / Dhcp Event Description: Your computer has lost the lease to its IP address 10.0.1.187 on the Network Card with network address 0013E852CB47. -- End of Deckard's System Scanner: finished at 2008-06-17 23:26:11 ------------ Thanks for your consideration. |
|
|
|
|
06-17-2008, 09:00 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home
|
Re: Command Helper
Hi -
I don't see an active Antivrus solution installed. I do see parts of Norton/Symantec, but they seem to be remnants. Is this the case? Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer. We will address this during the course of this fix. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return. Once the Recovery Console is installed using ComboFix, you should see a message that says: The Recovery Console was successfully installed.  Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. If you have any questions along the way, STOP and ask them before proceeding.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
06-17-2008, 10:43 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 8
OS: Windows XP
|
Re: Command Helper
Hello,
Yes, I removed Norton/Symantec because it bugged me every time I started up about re-subscribing so I thought that I should just get rid of it. I thought Spybot would provide equivalent service. It seems that I was wrong. I downloaded the service pack before ComboFix and then dragged the icons as instructed. Things did not happen in quite the order described (I was informed of Service Pack's successful installation after agreeing to the ComboFix agreement/Warning) but I did reach the screen you posted saying Service Pack was installed. A few things happened afterwards that I thought I might tell you about. First, while ComboFix was running, a dialogue window appeared that read, "\WINDOW\system32\mrch.tmp is corruped and unreadable. Please run the Chkdsk utility." Second, ComboFix restarted my computer. It ran chdsk while starting, though I don't know if it fixed the file. Third, a program called Find3M spat out a log file, which I assume was ComboFix's. Spybot complained about a lot of registry changes occurring while the log file was being generated so I turned it off. Here are the contents of log.txt: Running from: C:\Documents and Settings\Frank Palmer\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Frank Palmer\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\BM1bfa5ac4.xml C:\WINDOWS\pskt.ini C:\WINDOWS\RnJhbmsgUGFsbWVy\ C:\WINDOWS\RnJhbmsgUGFsbWVy\\asappsrv.dll C:\WINDOWS\RnJhbmsgUGFsbWVy\\command.exe C:\WINDOWS\RnJhbmsgUGFsbWVy\\lBL1vAP0o3IPvqpV.vbs C:\WINDOWS\RnJhbmsgUGFsbWVy\command.exe C:\WINDOWS\system32\BeOXwyxx.ini C:\WINDOWS\system32\BeOXwyxx.ini2 C:\WINDOWS\system32\bngfltfw.dll C:\WINDOWS\system32\CJkRqBeg.ini C:\WINDOWS\system32\CJkRqBeg.ini2 C:\WINDOWS\system32\drivers\kmixerr.sys C:\WINDOWS\system32\emxyscir.ini C:\WINDOWS\system32\FeMSBcdd.ini C:\WINDOWS\system32\FeMSBcdd.ini2 C:\WINDOWS\system32\gmbkfjwd.exe C:\WINDOWS\system32\hkjTvyay.ini C:\WINDOWS\system32\hkjTvyay.ini2 C:\WINDOWS\system32\iqtkvuac.ini C:\WINDOWS\system32\ltlsdunj.dll C:\WINDOWS\system32\luvoiund.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\ogfpamlg.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\quddsseu.dll C:\WINDOWS\system32\ricsyxme.dll C:\WINDOWS\system32\svfjtifg.dll C:\WINDOWS\system32\uacvtpwo.exe C:\WINDOWS\system32\uekbmdke.ini C:\WINDOWS\system32\xlftustb.dll C:\WINDOWS\system32\yutwavys.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_KMIXERR -------\Legacy_NETWORK_MONITOR -------\Service_cmdService -------\Service_kmixerr ((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))) . 2008-06-18 01:06 . 2008-06-18 01:06 49,165 --a------ C:\WINDOWS\system32\rwwnw64d.exe 2008-06-18 01:06 . 2008-06-18 01:06 32 --a------ C:\WINDOWS\system32\msnav32.ax 2008-06-12 21:00 . 2008-06-12 21:00 <DIR> d-------- C:\Deckard 2008-06-12 20:24 . 2008-06-12 20:24 <DIR> d-------- C:\ie-spyad_zo 2008-06-12 20:18 . 2008-06-12 20:18 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-12 20:18 . 2008-06-12 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-12 20:07 . 2008-06-12 20:13 <DIR> d-------- C:\Program Files\Panda Security 2008-06-12 19:37 . 2008-06-12 19:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-12 19:34 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 19:34 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-24 03:10 . 2008-05-24 03:10 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._ 2008-05-24 03:10 . 2008-05-24 03:10 687,592 --a------ C:\WINDOWS\system32\atmtd.dll 2008-05-24 03:01 . 2008-06-12 20:52 215 --a------ C:\WINDOWS\system32\MRT.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-02 19:10 --------- d-----w C:\Program Files\Enigma Software Group 2008-04-18 08:16 223,805 ------w C:\WINDOWS\system32\drivers\core.cache.dsk 2007-07-13 23:56 32,768 --sh--w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2007-07-18 19:29 32,768 --sh--w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007071820070719\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10A81DA3-0157-4161-957E-D91E132DD9BC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38CE7DD8-6482-4DC7-9999-BD3B239311C1}] C:\WINDOWS\system32\xxywXOeB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D431631-2D76-48B3-BE72-EB709EABB0BC}] C:\WINDOWS\system32\yayvTjkh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EAA70DB-34E5-439B-AAF6-54D812AC3D59}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AB66710-B910-401C-B911-19E31275BD86}] C:\WINDOWS\system32\ddcBSMeF.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83B6EDCC-A4C1-4BC1-87E0-8C332695D458}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{922A7169-1C54-4F7F-BFDF-BD0C11824B49}] C:\WINDOWS\system32\geBqRkJC.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8977957-39fe-9e83-f162-56764104737c}] 2008-05-27 09:29 372224 --a------ C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 21:16 454784] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 01:17 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 01:16 512000] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-17 12:16 200704] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-17 12:16 208896] "TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 14:03 58416] "TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 01:49 66176] "TpShocks"="TpShocks.exe" [2007-03-29 21:40 181808 C:\WINDOWS\system32\TpShocks.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 13:32 243248] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 03:23 1015808] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-17 11:53 8433664] "nwiz"="nwiz.exe" [2007-05-17 11:53 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-17 11:53 81920] "TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 16:19 536576] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 16:03 36975] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 08:20 122940] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 19:50 81920] "AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 06:51 91688] "LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 13:02 120368] "AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 14:00 419376] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 19:24 196696] "ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-06-29 00:10 413696] "ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-06-29 00:02 126976] "cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 22:01 2618944] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 09:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 17:42 267064] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "{96-69-9F-F7-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-06-18 01:06 49165] "ExploreUpdSched"="C:\WINDOWS\system32\scntpkdm.exe" [2008-06-18 01:07 200768] "{dc91a275-6051-3973-35b5-37325f88980f}"="C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll" [2008-05-27 09:29 372224] C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\ Deewoo.lnk - C:\WINDOWS\system32\scntpkdm.exe [2008-06-18 01:07:11 200768] DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [2008-06-18 01 48 49165]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-08 12:15:44 113664] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-07-13 19:51:11 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll 2007-06-29 00:03 32768 c:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 03:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 22:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvuvv] xxyyvuvv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Pidgin\\pidgin.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\DNA\\btdna.exe"= R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-03-02 20:49] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-03-02 20:47] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 12:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 14:24] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-06-17 12:16] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [] R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 16:11] R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2006-09-13 15:42] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 08:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55027c30-feb7-11dc-b461-0013e852cb47}] \Shell\Auto\command - E:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b20d50d4-da6c-11dc-b436-001a6b383cf9}] \Shell\Auto\command - E:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe . Contents of the 'Scheduled Tasks' folder "2008-01-09 16:56:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-18 04:30:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-06-18 05:07:02 C:\WINDOWS\Tasks\PMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 01 28Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\rwwnw64d.exe 49165 bytes executable C:\WINDOWS\system32\scntpkdm.exe 200768 bytes executable C:\WINDOWS\system32\winpfz33.sys 861 bytes C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll 330752 bytes executable C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll-uninst.exe 63918 bytes executable scan completed successfully hidden files: 6 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\Lenovo\HOTKEY\tphklock.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ibmpmsvc.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\system32\TPHDEXLG.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\ZOOM\TpScrex.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Completion time: 2008-06-18 1:11:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-18 05:11:08 Pre-Run: 129,100,406,784 bytes free Post-Run: 129,114,820,608 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 252 --- E O F --- 2008-06-13 00:53:26 Deckard's System Scanner seems to contain HijackThis, so I thought I'd post the two files it regurgitates (main.txt and extra.txt) in response to your request for a HijackThis log file. The contents of main.txt: Deckard's System Scanner v20071014.68 Run by Frank Palmer on 2008-06-18 01:34:18 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 39: 2008-06-18 05:34:23 UTC - RP117 - Deckard's System Scanner Restore Point 38: 2008-06-18 04:52:40 UTC - RP116 - ComboFix created restore point 37: 2008-06-13 01:01:02 UTC - RP115 - Deckard's System Scanner Restore Point 36: 2008-06-13 00:50:34 UTC - RP114 - Software Distribution Service 3.0 35: 2008-06-12 23:33:57 UTC - RP113 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-04-18 08:21:07 UTC - RP79 - System Checkpoint Performed disk cleanup. -- HijackThis (run as Frank Palmer.exe) ---------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:34:57 AM, on 6/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Digital Line Detect\DLG.exe c:\windows\system32\rwwnw64d.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\WINDOWS\system32\scntpkdm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Frank Palmer\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\FRANKP~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: (no name) - {38CE7DD8-6482-4DC7-9999-BD3B239311C1} - C:\WINDOWS\system32\xxywXOeB.dll (file missing) O2 - BHO: (no name) - {3D431631-2D76-48B3-BE72-EB709EABB0BC} - C:\WINDOWS\system32\yayvTjkh.dll (file missing) O2 - BHO: (no name) - {5AB66710-B910-401C-B911-19E31275BD86} - C:\WINDOWS\system32\ddcBSMeF.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {922A7169-1C54-4F7F-BFDF-BD0C11824B49} - C:\WINDOWS\system32\geBqRkJC.dll (file missing) O2 - BHO: gooochi browser optimizer - {a8977957-39fe-9e83-f162-56764104737c} - C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [{96-69-9F-F7-DW}] c:\windows\system32\rwwnw64d.exe DWram O4 - HKLM\..\Run: [{dc91a275-6051-3973-35b5-37325f88980f}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll" DllStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\scntpkdm.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: xxyyvuvv - xxyyvuvv.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 13183 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections> R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System> R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver> S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter> R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service> R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module> R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module> R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 1352) 2007-06-29 00:03:50 32768 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll <Not Verified; Lenovo; Access Connections> 2007-06-28 23:49:16 143360 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll <Not Verified; Lenovo; Access Connections> 2007-06-28 23:46:00 176128 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll <Not Verified; Lenovo; Access Connections> 2007-06-28 23:45:26 86016 -----n--- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll <Not Verified; Lenovo; Access Connections> 2006-12-13 22 42 28672 -----n--- C:\Program Files\Lenovo\HOTKEY\tphklock.dllC:\WINDOWS\system32\rundll32.exe (pid 3424) 2007-06-17 12:16:00 200704 -----n--- C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL <Not Verified; Lenovo Group Limited; ThinkPad Power Manager> 2007-06-17 12:16:00 40960 -----n--- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL 2007-06-17 12:16:00 73728 -----n--- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL 2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll C:\WINDOWS\system32\rundll32.exe (pid 3612) 2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll C:\WINDOWS\system32\rundll32.exe (pid 3256) 2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-05-17 11:53:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll C:\WINDOWS\system32\rundll32.exe (pid 2820) 2008-05-27 09:29:22 372224 --a------ C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll 2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll C:\WINDOWS\explorer.exe (pid 2828) 2007-05-17 11:53:00 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-01-25 02:25:52 69720 -----n--- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll -- Scheduled Tasks ------------------------------------------------------------- 2008-06-18 01:30:00 268 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-06-18 01:07:02 316 --a------ C:\WINDOWS\Tasks\PMTask.job 2008-01-09 12:56:00 284 -----n--- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-05-18 and 2008-06-18 ----------------------------- 2008-06-18 01:07:30 861 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-06-18 01:07:11 200768 --a------ C:\WINDOWS\system32\scntpkdm.exe 2008-06-18 01:07:10 401972 --a------ C:\WINDOWS\system32\g36.exe 2008-06-18 01 48 49165 --a------ C:\WINDOWS\system32\rwwnw64d.exe <Not Verified; ; Browser Driver>2008-06-18 00:53:19 0 d-------- C:\cmdcons 2008-06-18 00:48:03 68096 --a------ C:\WINDOWS\zip.exe 2008-06-18 00:48:03 49152 --a------ C:\WINDOWS\VFind.exe 2008-06-18 00:48:03 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-18 00:48:03 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-18 00:48:03 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-18 00:48:03 98816 --a------ C:\WINDOWS\sed.exe 2008-06-18 00:48:03 80412 --a------ C:\WINDOWS\grep.exe 2008-06-18 00:48:03 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-12 20:24:11 0 d-------- C:\ie-spyad_zo 2008-06-12 20:18:16 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-12 20:18:08 0 d-------- C:\Program Files\SpywareBlaster 2008-06-12 20:07:16 0 d-------- C:\Program Files\Panda Security 2008-06-12 19:37:40 0 d-------- C:\Program Files\Trend Micro 2008-05-27 09:29:22 372224 --a------ C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll 2008-05-24 03:10:27 687592 --a------ C:\WINDOWS\system32\atmtd.dll -- Find3M Report --------------------------------------------------------------- 2008-05-05 12:24:34 330752 --a------ C:\WINDOWS\system32\_{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll 2008-05-02 15:10:08 0 d-------- C:\Program Files\Enigma Software Group -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38CE7DD8-6482-4DC7-9999-BD3B239311C1}] C:\WINDOWS\system32\xxywXOeB.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D431631-2D76-48B3-BE72-EB709EABB0BC}] C:\WINDOWS\system32\yayvTjkh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AB66710-B910-401C-B911-19E31275BD86}] C:\WINDOWS\system32\ddcBSMeF.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{922A7169-1C54-4F7F-BFDF-BD0C11824B49}] C:\WINDOWS\system32\geBqRkJC.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8977957-39fe-9e83-f162-56764104737c}] 05/27/2008 09:29 AM 372224 --a------ C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2006 01:17 AM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2006 01:16 AM] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [06/17/2007 12:16 PM] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [06/17/2007 12:16 PM] "TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [04/09/2007 02:03 PM] "TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [03/09/2007 01:49 AM] "TpShocks"="TpShocks.exe" [03/29/2007 09:40 PM C:\WINDOWS\system32\TpShocks.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [03/28/2007 01:32 PM] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/09/2007 03:23 AM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/17/2007 11:53 AM] "nwiz"="nwiz.exe" [05/17/2007 11:53 AM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/17/2007 11:53 AM] "TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [02/08/2007 04:19 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 04:03 PM] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [02/02/2006 08:20 AM] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 07:50 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 07:50 PM] "AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [11/07/2006 06:51 AM] "LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [03/22/2007 01:02 PM] "AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [02/01/2007 02:00 PM] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [05/18/2006 07:24 PM] "ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [06/29/2007 12:10 AM] "ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [06/29/2007 12:02 AM] "cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [01/30/2007 10:01 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 09:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 05:42 PM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "{96-69-9F-F7-DW}"="c:\windows\system32\rwwnw64d.exe" [06/18/2008 01:06 AM] "{dc91a275-6051-3973-35b5-37325f88980f}"="C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll" [05/27/2008 09:29 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 09:16 PM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\ Deewoo.lnk - C:\WINDOWS\system32\scntpkdm.exe [6/18/2008 1:07:11 AM] DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [6/18/2008 1 48 AM]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/8/2008 12:15:44 PM] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [7/13/2007 7:51:11 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll 06/29/2007 12:03 AM 32768 c:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 03:37 AM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/13/2006 10:06 PM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyyvuvv] xxyyvuvv.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55027c30-feb7-11dc-b461-0013e852cb47}] Auto\command- E:\Start.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b20d50d4-da6c-11dc-b436-001a6b383cf9}] Auto\command- E:\Start.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe -- End of Deckard's System Scanner: finished at 2008-06-18 01:35:40 ------------ ... and the contents of extra.txt: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz CPU 1: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz Percentage of Memory in Use: 45% Physical Memory (total/avail): 2014.22 MiB / 1102.59 MiB Pagefile Memory (total/avail): 3906.25 MiB / 3103.95 MiB Virtual Memory (total/avail): 2047.88 MiB / 1885.49 MiB C: is Fixed (NTFS) - 143.55 GiB total, 120.25 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - HITACHI HTS541616J9SA00 - 149.05 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 143.55 GiB - C: \PARTITION1 - Unknown - 5.5 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Pidgin\\pidgin.exe"="C:\\Program Files\\Pidgin\\pidgin.exe:*:Enabled:Pidgin" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Frank Palmer\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=FRANKCOMPUTER ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO hlainc=C:\hla\include hlalib=C:\hla\hlalib\hlalib.lib HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Frank Palmer lib=;C:\hla\hlalib LOGONSERVER=\\FRANKCOMPUTER NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\hla;c:\program files\miktex 2.6\miktex\bin;c:\program files\intel\wireless\bin;c:\program files\diskeeper corporation\diskeeper;c:\program files\thinkpad\connectutilities;c:\program files\common files\lenovo;c:\program files\lenovo\client security solution;c:\program files\microsoft sql server\90\tools\binn;c:\program files\quicktime\qtsystem;C:\Program Files\MATLAB\R2007a Student\bin;C:\Program Files\MATLAB\R2007a Student\bin\win32 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0a ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip RR=C:\Program Files\Lenovo\Rescue and Recovery SESSIONNAME=Console SMA=C:\Program Files\ThinkVantage\SMA\ SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SWSHARE=C:\SWSHARE SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\FRANKP~1\LOCALS~1\Temp TMP=C:\DOCUME~1\FRANKP~1\LOCALS~1\Temp TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr TVT=C:\Program Files\Lenovo TVTCOMMON=C:\Program Files\Common Files\Lenovo TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24 USERDOMAIN=FRANKCOMPUTER USERNAME=Frank Palmer USERPROFILE=C:\Documents and Settings\Frank Palmer windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Frank Palmer (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly --> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL Activation Assistant for the 2007 Microsoft Office suites --> "C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Aspell 0.6 Dictionary (Language: en) --> "C:\Documents and Settings\All Users\Application Data\Aspell\Dictionaries\Uninstall-AspellDict-en.exe" Aspell Data --> "C:\Documents and Settings\All Users\Application Data\Aspell\Uninstall-AspellData.exe" Aspell English Dictionary-0.50-2 --> "C:\Program Files\Aspell\unins001.exe" Business Contact Manager for Outlook 2007 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923} Business Contact Manager for Outlook 2007 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923} Client Security Solution --> MsiExec.exe /I{F055E1B2-8A05-4D87-8039-1BE979BA4193} Diskeeper Lite --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A} Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6} GNU Aspell 0.50-3 --> "C:\Program Files\Aspell\unins000.exe" GPL Ghostscript 8.57 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.57\uninstal.txt" GPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt" GSview 4.8 --> C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt" GTK+ Runtime 2.10.13 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove High Definition Audio Driver Package - KB888111 --> HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall hla v1.98 --> C:\hla\unins000.exe Intel(R) PRO Network Connections Drivers --> Prounstl.exe Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Lenovo Registration --> C:\Program Files\Lenovo Registration\uninstall.exe Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} LyX 1.5.1-1 --> "C:\Program Files\LyX15\Uninstall-LyX.exe" Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46} Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF MATLAB Student R2007a --> C:\Program Files\MATLAB\R2007a Student\uninstall\uninstall.exe C:\Program Files\MATLAB\R2007a Student\ mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9} Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE} Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E} Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8} MiKTeX 2.6 --> "C:\Program Files\MiKTeX 2.6\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.6\miktex\config\uninstall.dat" mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove PSpice Student 9.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\OrCAD_Demo\DeIsL1.isu" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Remove Multimedia Center --> C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq Rescue and Recovery --> MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622} RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything Security Update for Step By Step Interactive Training (KB898458) --> Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic Icons for Lenovo --> MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE} System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297} ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf ThinkPad PC Card Power Policy --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x9 UNINSTALL ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x9 anything ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED} ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x9 anything Update for Office 2007 (KB934528) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80} Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3} Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4} Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4} Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" XP Themes --> MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4} -- Application Event Log ------------------------------------------------------- Event Record #/Type17265 / Error Event Submitted/Written: 06/17/2008 11:16:32 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application tvtpwm_tray.exe, version 2.1.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0001103c. Processing media-specific event for [tvtpwm_tray.exe!ws!] Event Record #/Type17165 / Error Event Submitted/Written: 06/12/2008 08:14:32 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application firefox.exe, version 1.8.20080.40413, faulting module gebqrkjc.dll, version 0.0.0.0, fault address 0x00054ebd. Processing media-specific event for [firefox.exe!ws!] Event Record #/Type17164 / Error Event Submitted/Written: 06/12/2008 08:13:45 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application firefox.exe, version 1.8.20080.40413, faulting module gebqrkjc.dll, version 0.0.0.0, fault address 0x00054ebd. Processing media-specific event for [firefox.exe!ws!] Event Record #/Type17160 / Error Event Submitted/Written: 06/12/2008 07:36:42 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application firefox.exe, version 1.8.20080.40413, faulting module unknown, version 0.0.0.0, fault address 0x035c2951. Processing media-specific event for [firefox.exe!ws!] Event Record #/Type17110 / Error Event Submitted/Written: 05/23/2008 03:02:11 PM Event ID/Source: 1 / nview_info Event Description: NVIEW : IEXPLORE: Shared heap exhausted, process ID 994, total alloc:3a458... -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type22023 / Error Event Submitted/Written: 06/18/2008 00:56:22 AM Event ID/Source: 7034 / Service Control Manager Event Description: The Command Service service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type21744 / Error Event Submitted/Written: 06/13/2008 02:26:03 PM Event ID/Source: 9 / atapi Event Description: The device, \Device\Ide\IdePort0, did not respond within the timeout period. Event Record #/Type21738 / Error Event Submitted/Written: 06/13/2008 02:25:58 PM Event ID/Source: 9 / atapi Event Description: The device, \Device\Ide\IdePort0, did not respond within the timeout period. Event Record #/Type21734 / Error Event Submitted/Written: 06/13/2008 02:25:50 PM Event ID/Source: 1000 / Dhcp Event Description: Your computer has lost the lease to its IP address 10.0.1.194 on the Network Card with network address 0013E852CB47. Event Record #/Type21733 / Warning Event Submitted/Written: 06/13/2008 02:25:50 PM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013E852CB47. The following error occurred: %%121. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. -- End of Deckard's System Scanner: finished at 2008-06-18 01:35:40 ------------ |
|
|
|
|
06-17-2008, 11:07 PM
|
#6 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home
|
Re: Command Helper
Hi again -
A couple things to mention... Spybot is not an AntiVirus. It is a very good AntiMalware application, but they are not the same. I will have you install an excellent free antivirus after this next run of ComboFix. Spybot's TeaTimer must be disabled when running tools, as indicated in the ComboFix user's guide, for the very reason you encountered. I'll look into the comments you had about the process, thanks. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- S& D Spybot's Tea Timer While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent our tools from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
Download ResetTeaTimer.bat by right-clicking on the link, and choosing Save As. Save it to your desktop, or somewhere you can find it easily. Double click ResetTeaTimer.bat to remove all entries set by TeaTimer. Since you've removed Norton... Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add or Remove Programs) if they exist: LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) --------------------------------------------------------------------------------------------- It's a good idea to run this tool, also: Please use the instructions on this page to completely uninstall your Norton Products. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
|
06-20-2008, 06:02 PM
|
#7 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 8
OS: Windows XP
|
Re: Command Helper
Hello, and sorry for the long delay.
I performed everything as instructed, except for a few mess ups. First, ComboFix was unable to send the file. Firefox opened and displayed a message something like "\\\file .... could not be located" and I didn't know what to do after there. Second, Avira Antivirus hung after it downloaded updates directly after installation. I ran the updates checker again when I opened it. Other than that, here are my logs: ComboFix log ComboFix.txt: ComboFix 08-06-16.5 - Frank Palmer 2008-06-20 13:48:11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1436 [GMT -4:00] Running from: C:\Documents and Settings\Frank Palmer\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Frank Palmer\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\Deewoo.lnk C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\DW_Start.lnk C:\WINDOWS\system32\drivers\core.cache.dsk . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\Deewoo.lnk C:\Documents and Settings\Frank Palmer\Start Menu\Programs\Startup\DW_Start.lnk C:\Program Files\Enigma Software Group C:\Program Files\Enigma Software Group\SpyHunter\AXList.txt C:\Program Files\Enigma Software Group\SpyHunter\key.dat C:\Program Files\Enigma Software Group\SpyHunter\scan.log C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterInstance.lock C:\Program Files\Enigma Software Group\SpyHunter\support.log C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\g36.exe C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\rwwnw64d.exe C:\WINDOWS\system32\scntpkdm.exe C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\system32\zxdnt3d.cfg . ((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))) . 2008-06-18 01:07 . 2008-06-18 01:09 63,918 --a------ C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll-uninst.exe 2008-06-12 21:00 . 2008-06-12 21:00 <DIR> d-------- C:\Deckard 2008-06-12 20:24 . 2008-06-12 20:24 <DIR> d-------- C:\ie-spyad_zo 2008-06-12 20:18 . 2008-06-12 20:18 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-12 20:18 . 2008-06-12 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-12 20:07 . 2008-06-12 20:13 <DIR> d-------- C:\Program Files\Panda Security 2008-06-12 19:37 . 2008-06-12 19:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-12 19:34 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-12 19:34 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-24 03:01 . 2008-06-12 20:52 215 --a------ C:\WINDOWS\system32\MRT.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-20 17:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2007-07-13 23:56 32,768 --sh--w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2007-07-18 19:29 32,768 --sh--w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007071820070719\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-06-18_ 1.10.57.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-18 05:03:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-20 17:01:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-06-18 05:07:21 63,902 ----a-w C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll-uninst.exe + 2008-06-18 05:09:11 63,918 ----a-w C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll-uninst.exe + 2008-06-20 17:01:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_398.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 21:16 454784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 01:17 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 01:16 512000] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-17 12:16 200704] "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-17 12:16 208896] "TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 14:03 58416] "TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 01:49 66176] "TpShocks"="TpShocks.exe" [2007-03-29 21:40 181808 C:\WINDOWS\system32\TpShocks.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 13:32 243248] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 03:23 1015808] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-17 11:53 8433664] "nwiz"="nwiz.exe" [2007-05-17 11:53 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-17 11:53 81920] "TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 16:19 536576] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 16:03 36975] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 08:20 122940] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 19:50 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 19:50 81920] "AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 06:51 91688] "LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 13:02 120368] "AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 14:00 419376] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 19:24 196696] "ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-06-29 00:10 413696] "ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-06-29 00:02 126976] "cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 22:01 2618944] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 09:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 17:42 267064] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-08 12:15:44 113664] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-07-13 19:51:11 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll 2007-06-29 00:03 32768 c:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 03:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 22:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Pidgin\\pidgin.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\DNA\\btdna.exe"= R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-03-02 20:49] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-03-02 20:47] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 12:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 14:24] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-06-17 12:16] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [] R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 16:11] R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2006-09-13 15:42] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 08:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55027c30-feb7-11dc-b461-0013e852cb47}] \Shell\Auto\command - E:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b20d50d4-da6c-11dc-b436-001a6b383cf9}] \Shell\Auto\command - E:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe *Newly Created Service* - APPMGMT *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-01-09 16:56:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-20 17:30:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-06-20 17:02:45 C:\WINDOWS\Tasks\PMTask.job" - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-20 13:51:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\Lenovo\HOTKEY\tphklock.dll . Completion time: 2008-06-20 13:51:39 ComboFix-quarantined-files.txt 2008-06-20 17:51:36 ComboFix2.txt 2008-06-18 05:11:12 Pre-Run: 129,055,952,896 bytes free Post-Run: 129,058,467,840 bytes free 173 --- E O F --- 2008-06-13 00:53:26 And here is my HijackThix log hijackthis.log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:41:07 PM, on 6/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 11285 bytes Much thanks, and again, my apologies for the delay (big test in circuit analysis). |
|
|
|
|
06-20-2008, 06:17 PM
|
#8 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home
|
Re: Command Helper
Hi Folo -
Testing is important, hope it went well.  There should be on your desktop a file named similar to this: [4]-Submit_2008-06-21@13.48.zip Please upload it here: http://www.bleepingcomputer.com/subm....php?channel=4 In the Link to topic where this file was requested: area, copy and paste this http://www.techsupportforum.com/security-center/hijackthis-log-help/258980-command-helper.html#post1547011 Let me know when that's done. Did you run a full system scan with Avira after the update? Did you happen to save a log? If so, I'd like to see it. How is the machine behaving now?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
06-20-2008, 10:32 PM
|
#9 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 8
OS: Windows XP
|
Re: Command Helper
Yes I think it was a good test.
Unfortunately I have been unable to locate the [4]-submit.... file you mentioned. It did not appeared on the desktop. I could not find it with the yellow windows search dog, nor could I find any files with the strings "submit" or ".zip" in the file name that resembled the one that was supposed to be output by ComboFix. I did run a system scan after Avira updated, though I didn't do much toggling with the drives it was supposed to scan. It took about 10 minutes. The HijackThis log I last posted was produced after the Avira scan. Here is the log file from Avira: Avira AntiVir Personal Report file date: Friday, June 20, 2008 14:51 Scanning for 1349608 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: FRANKCOMPUTER Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 15:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 14:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 14:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 14:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 19:08:58 ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 6/14/2008 18:24:48 ANTIVIR3.VDF : 7.0.4.232 250880 Bytes 6/20/2008 18:24:48 Engineversion : 8.1.0.59 AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21 AESCRIPT.DLL : 8.1.0.44 278907 Bytes 6/20/2008 18:25:23 AESCN.DLL : 8.1.0.22 119157 Bytes 6/20/2008 18:25:22 AERDL.DLL : 8.1.0.20 418165 Bytes 6/20/2008 18:25:19 AEPACK.DLL : 8.1.1.6 364918 Bytes 6/20/2008 18:25:15 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 6/20/2008 18:25:10 AEHEUR.DLL : 8.1.0.32 1274231 Bytes 6/20/2008 18:25:09 AEHELP.DLL : 8.1.0.15 115063 Bytes 6/20/2008 18:25:04 AEGEN.DLL : 8.1.0.29 307573 Bytes 6/20/2008 18:25:03 AEEMU.DLL : 8.1.0.6 430451 Bytes 6/20/2008 18:24:57 AECORE.DLL : 8.1.0.31 168310 Bytes 6/20/2008 18:24:50 AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 23:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 16:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 23:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 14:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 23:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 20:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 18:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Friday, June 20, 2008 14:51 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'tvtpwm_tray.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'DLG.exe' - '1' Module(s) have been scanned Scan process 'LinksysAgent.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'cssauth.exe' - '1' Module(s) have been scanned Scan process 'ACWLIcon.exe' - '1' Module(s) have been scanned Scan process 'ACTray.exe' - '1' Module(s) have been scanned Scan process 'Amsg.exe' - '1' Module(s) have been scanned Scan process 'LPMGR.EXE' - '1' Module(s) have been scanned Scan process 'AwaySch.EXE' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'TpScrex.exe' - '1' Module(s) have been scanned Scan process 'TPONSCR.exe' - '1' Module(s) have been scanned Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'scheduler_proxy.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned Scan process 'EZEJMNAP.EXE' - '1' Module(s) have been scanned Scan process 'TpShocks.exe' - '1' Module(s) have been scanned Scan process 'TPOSDSVC.exe' - '1' Module(s) have been scanned Scan process 'tpfnf7sp.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'DkIcon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'SvcGuiHlpr.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'logmon.exe' - '1' Module(s) have been scanned Scan process 'AcSvc.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'IUService.exe' - '1' Module(s) have been scanned Scan process 'tvtsched.exe' - '1' Module(s) have been scanned Scan process 'rrservice.exe' - '1' Module(s) have been scanned Scan process 'rrpservice.exe' - '1' Module(s) have been scanned Scan process 'tvttcsd.exe' - '1' Module(s) have been scanned Scan process 'TPHDEXLG.exe' - '1' Module(s) have been scanned Scan process 'tvt_reg_monitor_svc.exe' - '1' Module(s) have been scanned Scan process 'SUService.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'sqlservr.exe' - '1' Module(s) have been scanned Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'DkService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'AcPrfMgrSvc.exe' - '1' Module(s) have been scanned Scan process 'IPSSVC.EXE' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 73 processes with 73 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '53' files ). Starting the file scan: Begin scan in 'C:\' <Preload> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Deckard\System Scanner\20080612212159\backup\DOCUME~1\FRANKP~1\LOCALS~1\Temp\cvgmwfei.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.95232 [NOTE] The file was moved to '48c2fcce.qua'! C:\Deckard\System Scanner\20080612212159\backup\DOCUME~1\FRANKP~1\LOCALS~1\Temp\kuiojdvb.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.108544 [NOTE] The file was moved to '48c4fccf.qua'! C:\Deckard\System Scanner\20080612212159\backup\DOCUME~1\FRANKP~1\LOCALS~1\Temp\rcmfrfpj.dll [DETECTION] Is the Trojan horse TR/Monder.107008 [NOTE] The file was moved to '48c8fcc0.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c8fd07.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c9fd03.qua'! C:\Documents and Settings\Frank Palmer\Desktop\[4]-Submit_2008-06-20@13.47.zip [0] Archive type: ZIP --> {7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen --> scntpkdm.exe [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '48b8fcf4.qua'! C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738 [NOTE] The file was moved to '48c7014c.qua'! C:\QooBox\Quarantine\C\WINDOWS\RnJhbmsgUGFsbWVy\command.exe.vir [DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199 [NOTE] The file was moved to '48c901a9.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\bngfltfw.dll.vir [DETECTION] Is the Trojan horse TR/Monder.103936.1 [NOTE] The file was moved to '48c301a9.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\g36.exe.vir [DETECTION] Contains detection pattern of the dropper DR/Agent.byy [NOTE] The file was moved to '4892016f.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\gmbkfjwd.exe.vir [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '48be01a9.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ltlsdunj.dll.vir [DETECTION] Is the Trojan horse TR/Monder.101376.1 [NOTE] The file was moved to '48c801b0.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\luvoiund.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.EON [NOTE] The file was moved to '48d201b2.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\quddsseu.dll.vir [DETECTION] Is the Trojan horse TR/Monder.104448 [NOTE] The file was moved to '48c001b2.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ricsyxme.dll.vir [DETECTION] Is the Trojan horse TR/Monder.93696.4 [NOTE] The file was moved to '48bf01a7.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\svfjtifg.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48c201b4.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\uacvtpwo.exe.vir [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '48bf01a0.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\xlftustb.dll.vir [DETECTION] Is the Trojan horse TR/Monder.103424.1 [NOTE] The file was moved to '48c201ab.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\kmixerr.sys.zip [0] Archive type: ZIP --> kmixerr.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '48c501ad.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP109\A0020001.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [NOTE] The file was moved to '488c020f.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP109\A0020013.vbs [DETECTION] Is the Trojan horse TR/Small.WY [NOTE] The file was moved to '488c0210.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP109\A0020015.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [NOTE] The file was moved to '49087d39.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP109\A0020017.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '488c0212.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP109\A0021159.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.96256.1 [NOTE] The file was moved to '488c0217.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP109\A0021161.dll [DETECTION] Is the Trojan horse TR/Monder.107008 [NOTE] The file was moved to '49087d30.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP109\A0021162.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.107008 [NOTE] The file was moved to '488c0218.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP109\A0021163.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.105472 [NOTE] The file was moved to '49087d31.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP109\A0021175.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '488c0219.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP111\A0022244.dll [DETECTION] Is the Trojan horse TR/Agent.37888 [NOTE] The file was moved to '488c021d.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP114\A0022397.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '488c0224.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP114\A0022398.dll [DETECTION] Is the Trojan horse TR/Monder.95746 [NOTE] The file was moved to '49087d0d.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP114\A0022400.dll [DETECTION] Is the Trojan horse TR/Monder.93696.2 [NOTE] The file was moved to '488c0225.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023476.dll [DETECTION] Is the Trojan horse TR/Monder.103936.1 [NOTE] The file was moved to '488c022a.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023477.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '49087d03.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023478.dll [DETECTION] Is the Trojan horse TR/Monder.101376.1 [NOTE] The file was moved to '488c022c.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023479.dll [DETECTION] Is the Trojan horse TR/Vundo.EON [NOTE] The file was moved to '49087d05.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023481.dll [DETECTION] Is the Trojan horse TR/Monder.104448 [NOTE] The file was moved to '488c022b.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023482.dll [DETECTION] Is the Trojan horse TR/Monder.93696.4 [NOTE] The file was moved to '49087d04.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023483.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '488c022d.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023484.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '488c022e.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023485.dll [DETECTION] Is the Trojan horse TR/Monder.103424.1 [NOTE] The file was moved to '49087d07.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP116\A0023494.exe [DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199 [NOTE] The file was moved to '49087d06.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP117\A0024603.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '488c0230.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP119\A0024794.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '488c0238.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP119\A0024796.exe [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '49087d11.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP119\A0024800.exe [DETECTION] Contains detection pattern of the dropper DR/Agent.byy [NOTE] The file was moved to '488c0239.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP121\A0024853.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.95232 [NOTE] The file was moved to '488c023d.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP121\A0024854.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.108544 [NOTE] The file was moved to '49087d16.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP121\A0024855.dll [DETECTION] Is the Trojan horse TR/Monder.107008 [NOTE] The file was moved to '488c023e.qua'! C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP121\A0024856.dll [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738 [NOTE] The file was moved to '49087d17.qua'! C:\WINDOWS\system32\iTmp\vba35gui.exe [DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2 [NOTE] The file was moved to '48bd03d1.qua'! C:\WINDOWS\system32\slNew\gpedire1.exe [DETECTION] Is the Trojan horse TR/Agent.126976 [NOTE] The file was moved to '48c103e5.qua'! C:\WINDOWS\system32\xcsDd18\xcsDd182328.exe [DETECTION] Is the Trojan horse TR/Dldr.VB.dht.3 [NOTE] The file was moved to '48cf03dd.qua'! End of the scan: Friday, June 20, 2008 15:22 Used time: 31:35 min The scan has been done completely. 11797 Scanning directories 390853 Files were scanned 52 viruses and/or unwanted programs were found 2 Files were classified as suspicious: 0 files were deleted 0 files were repaired 53 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 390801 Files not concerned 9001 Archives were scanned 2 Warnings 53 Notes The computer seems to be a lot faster now. Starting it up doesn't take as long and Explorer is no longer spawning advertisements. It seems to be recovering. |
|
|
|
|
06-20-2008, 10:47 PM
|
#10 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home
|
Re: Command Helper
That's good to hear.
LOL, it's OK. Avira ate it. Quote:
Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"
for %%g in (
"C:\WINDOWS\system32\{7a345cd8-0458-ae6a-56ff-b7ea52710c6f}.dll-uninst.exe"
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)
for %%g in (
%systemdrive%\Deckard
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
pause
del %0
It should look like this:  Double click on fix.bat & allow it to run You should see a message saying: Deleted Successfully !! Press any key to continue... Please do press any key. If a logfile opens, please post the information. If a logfile does not open, that's great. Next..... Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
--------------------------------------------------------------------------------------------- Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions.
**Note** To optimize scanning time and produce a more sensible report for review:
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
|
06-22-2008, 09:17 PM
|
#11 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 8
OS: Windows XP
|
Re: Command Helper
Hey, I guess I should've sent it before I used Avira.
Updating the Java went okay. I let Kaspersky run all night, and when I came back, Avira said it had found a Trojan. I wasn't sure what to do, the default was "deny it" which I did. Here's what Kaspersky found: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, June 23, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, June 22, 2008 06:12:57 Records in database: 880082 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 112410 Threat name: 4 Infected objects: 5 Suspicious objects: 0 Duration of the scan: 01:10:20 File name / Threat name / Threats count C:\Documents and Settings\Frank Palmer\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-506e3890 Infected: Exploit.Java.Gimsh.a 1 C:\Documents and Settings\Frank Palmer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-2478142d.zip Infected: Exploit.Java.Gimsh.a 1 C:\QooBox\Quarantine\C\WINDOWS\RnJhbmsgUGFsbWVy\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a 1 C:\QooBox\Quarantine\C\WINDOWS\system32\ogfpamlg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.vln 1 C:\WINDOWS\system32\trcTMP\kmdmns2.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1 The selected area was scanned. And here's HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:23 AM, on 6/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 11314 bytes |
|
|
|
|
06-22-2008, 10:47 PM
|
#12 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home
|
Re: Command Helper
Open NOTEPAD.exe and copy/paste the text in the codebox below into it:
Code:
@echo off if exist "%temp%\log.txt" del "%temp%\log.txt" for %%g in ( "C:\Documents and Settings\Frank Palmer\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-506e3890" "C:\Documents and Settings\Frank Palmer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-2478142d.zip" ) do ( del /a/f %%g >nul 2>&1 if exist %%g echo.%%g>>"%temp%\log.txt" ) for %%g in ( C:\WINDOWS\system32\trcTMP ) do ( rd /s/q %%g >nul 2>&1 if exist %%g echo.%%g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.Deleted Successfully !! pause del %0 It should look like this: Double click on fix.bat & allow it to run Post back to tell me what it says
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
06-22-2008, 11:11 PM
|
#14 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,561
OS: 2000 Pro; XP Pro; XP Home
|
Re: Command Helper
Great, just what we want.
Your logs appear clean.You should be good to go. We still have a few items to address. Go to  -> Run -> copy/paste in the following single line command & click OKcombofix /u  This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:
Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety.
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
06-24-2008, 09:54 PM
|
#15 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 8
OS: Windows XP
|
Re: Command Helper
I did all you suggested except Trillian since I no longer IM, and Sun's Java since I think we already installed that (I was told by the installation program). I also didn't get a Firewall since I think the routers at home, dorm, and school all have firewalls.
I'm not sure what to do with HijackThis and DSS now that we're done. Should I remove them? I'm also unsure about Spybot, it wasn't on the list, are these programs you gave better? I happen to have another computer which was similarly infected (prior to the start of this thread, of course) with what appears to be a much worse program than command service (antispyware master). I was wondering whether you could help me with that in this thread or should I post another one on the queue. Finally, thanks a lot for your help. I was afraid I'd have to wipe windows. |
|
|
|
| Thread Tools | |
|
|
