Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

warning:spyware threat has been detected..>This is killing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

warning:spyware threat has been detected..>This is killing

Unread postby rag » June 5th, 2008, 2:19 am

Hey guys...
I got a spyware on my system and tried all sort of things. It even wouldnt allow me my taskmanger to run or iam even unable to restore...pls give me a solution..any help would be appreciated

My logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17, on 2008-06-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
E:\SOFTWA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\hcheck\hjack.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=1369
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: BrowsingEnhancer - {5ABBD91B-0215-2FE1-7A7E-753F05B40CB8} - C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-2.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\SOFTWA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\SOFTWA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {E0E4EB2F-ADEB-4166-B331-77AFCC827A9E} - C:\WINDOWS\system32\efcCUOfC.dll (file missing)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Free Download Manager\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Spyware Doctor] E:\SOFTWA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\SOFTWA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 16336 bytes
rag
Active Member
 
Posts: 6
Joined: June 5th, 2008, 2:09 am
Advertisement
Register to Remove

Re: warning:spyware threat has been detected..>This is killing

Unread postby flashh4 » June 5th, 2008, 10:16 am

Hello and welcome to the forums

My name is flashh4 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
4. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
5. Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

If you can do those things, everything should go smoothly

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Note: I am still in training at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

I will be back as soon as possible with a fix !!
In the mean time can you give me an Uninstall list please !!

  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.


Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: warning:spyware threat has been detected..>This is killing

Unread postby rag » June 5th, 2008, 11:40 pm

This virus is really bad ... it is changing my desktop,, showing me permanent drives as removable disks ... and doing all sorts of weird stufff...
please help me with this dude...I dont want to change my os as lot of my work is on the notebook

...I couldnt even do a restore


Access Help
Adobe Flash Player ActiveX
Adobe Reader 8
Ask Toolbar
Azureus Vuze
Client Security Solution
Diskeeper Lite
DivX Web Player
Free Download Manager 2.5
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Help Center
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator 3
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 6
Java(TM) SE Runtime Environment 6 Update 1
Lenovo Registration
LiveUpdate 1.6 (Symantec Corporation)
Maintenance Manager
Malwarebytes' Anti-Malware
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007





Hey i deleted coolwebsearch from the list above....


Thanks
Rag
rag
Active Member
 
Posts: 6
Joined: June 5th, 2008, 2:09 am

Re: warning:spyware threat has been detected..>This is killing

Unread postby flashh4 » June 6th, 2008, 7:14 pm

Howdy rag, Your system may have to be reformatted but i will try my best to rid you of the Malware in your system,
but just in case you need to back up your data since you stated it is used for your work. This should be done at least once a month anyway.

NEXT

P2P PROGRAMS

IMPORTANT I notice there are signs of one or moreP2P (Person to Person) File Sharing Programs on your computer.

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs.

If you wish to keep them, please do not use them until your computer is cleaned.

NEXT

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.



Thanks
Chuck

Please do not delete/remove anything unless told to do so !!
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: warning:spyware threat has been detected..>This is killing

Unread postby rag » June 6th, 2008, 10:10 pm

Hey ,

I could not run combofix but i had it run cpl of days earlier when i first had this problem...
here is the log
ComboFix 08-06-04.3 - Raghu 2008-06-04 22:13:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1395 [GMT -7:00]
Running from: C:\Downloads\Software\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\laxu.dll
C:\Program Files\Common Files\laxu284.dll
C:\Program Files\Common Files\prohdy.html
C:\Program Files\outlook
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\default.htm
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\CfOUCcfe.ini
C:\WINDOWS\system32\CfOUCcfe.ini2
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\MSKSSRVV.sys
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvnvowak.ini
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\x.exe
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_MSKSSRVV
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Service_MSKSSRVV


((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-04 22:19 . 2008-06-04 22:19 2,019 --a------ C:\WINDOWS\default.htm
2008-06-04 22:01 . 2008-06-04 22:01 <DIR> d-------- C:\Program Files\hjt
2008-06-04 21:55 . 2008-06-04 21:55 28,160 --a------ C:\WINDOWS\mswsc20.dll
2008-06-04 21:55 . 2008-06-04 21:55 24,576 --a------ C:\WINDOWS\rundll32.vbe
2008-06-04 21:32 . 2008-06-04 21:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-04 21:09 . 2008-06-04 21:09 31,488 --a------ C:\WINDOWS\qttasks.exe
2008-06-04 21:09 . 2008-06-04 21:09 31,232 --a------ C:\WINDOWS\quicken.exe
2008-06-04 21:09 . 2008-06-04 21:09 25,600 --a------ C:\WINDOWS\msconfd.dll
2008-06-04 21:09 . 2008-06-04 21:09 16,384 --a------ C:\WINDOWS\searchword.dll
2008-06-04 21:09 . 2008-06-04 21:55 14,848 --a------ C:\WINDOWS\mswsc10.dll
2008-06-04 21:09 . 2008-06-04 21:55 11,264 --a------ C:\WINDOWS\explorer32.exe
2008-06-04 21:09 . 2008-06-04 21:09 8,704 --a------ C:\WINDOWS\mssys.exe
2008-06-04 20:03 . 2008-06-04 20:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-04 20:02 . 2008-06-04 20:02 29,696 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-04 20:02 . 2008-06-04 20:02 28,928 --a------ C:\WINDOWS\sistem.exe
2008-06-04 20:02 . 2008-06-04 20:02 21,760 --a------ C:\WINDOWS\avpcc.dll
2008-06-04 20:02 . 2008-06-04 20:02 20,736 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-04 20:02 . 2008-06-04 20:02 11,008 --a------ C:\WINDOWS\notepad32.exe
2008-06-04 19:38 . 2008-06-04 19:38 30,720 --a------ C:\WINDOWS\internet.exe
2008-06-04 19:38 . 2008-06-04 19:38 23,040 --a------ C:\WINDOWS\loader.exe
2008-06-04 19:38 . 2008-06-04 19:38 16,640 --a------ C:\WINDOWS\svchost32.exe
2008-06-04 19:38 . 2008-06-04 19:38 16,384 --a------ C:\WINDOWS\xxxvideo.hta
2008-06-04 17:01 . 2008-06-04 17:01 <DIR> d-------- C:\WINDOWS\system32\Client Security Solution
2008-06-04 16:59 . 2008-06-04 16:59 28,416 --a------ C:\WINDOWS\cpan.dll
2008-06-04 16:59 . 2008-06-04 16:59 27,136 --a------ C:\WINDOWS\astctl32.ocx
2008-06-04 16:59 . 2008-06-04 16:59 17,920 --a------ C:\WINDOWS\accesss.exe
2008-06-04 16:59 . 2008-06-04 16:59 17,152 --a------ C:\WINDOWS\clrssn.exe
2008-06-04 16:46 . 2008-06-04 22:07 <DIR> d-------- C:\Program Files\BrowsingEnhancer
2008-06-04 16:45 . 2008-06-04 16:45 <DIR> d-a------ C:\Documents and Settings\LocalService\Application Data\Lenovo
2008-06-04 16:45 . 2008-06-04 16:47 135,168 --a------ C:\WINDOWS\TEK76.exe
2008-06-02 20:59 . 2008-06-02 20:59 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 19:40 . 2008-06-03 17:22 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Azureus
2008-06-02 19:40 . 2008-06-02 19:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-02 19:39 . 2008-06-02 19:40 <DIR> d-------- C:\Program Files\Azureus
2008-06-02 19:36 . 2008-06-02 19:36 <DIR> d-------- C:\Program Files\Sun
2008-06-02 17:15 . 2008-06-02 17:15 0 --a------ C:\WINDOWS\VPC32.INI
2008-06-02 16:41 . 2008-06-02 16:41 <DIR> d-------- C:\WINDOWS\system32\CBA
2008-06-02 16:41 . 2008-06-02 17:26 <DIR> d-------- C:\Program Files\NavNT
2008-06-02 16:41 . 2008-06-02 16:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-02 16:41 . 2008-06-02 16:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-02 16:41 . 2001-09-24 07:59 120,379 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-06-02 16:41 . 2001-09-24 07:59 57,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-02 16:41 . 2001-09-24 07:59 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-02 16:41 . 2001-09-24 07:59 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL
2008-06-02 16:41 . 2008-06-02 16:41 244 --a------ C:\WINDOWS\ODBC.INI
2008-06-02 16:39 . 2008-06-02 16:39 <DIR> d-------- C:\Documents and Settings\Raghu\WINDOWS
2008-06-01 23:06 . 2008-06-01 23:06 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 23:06 . 2008-06-01 23:06 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\vlc
2008-06-01 21:51 . 2008-06-01 21:51 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Intel
2008-06-01 20:36 . 2008-06-02 16:41 <DIR> d-------- C:\Program Files\Symantec
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Malwarebytes
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 19:49 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 19:49 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 11:24 . 2008-06-01 11:42 0 --ahs---- C:\Documents and Settings\Raghu\Application Data\00484197a289b19cf781e78a15777f45740098fa2e2768b88f.dat
2008-05-29 22:40 . 2008-05-29 22:40 <DIR> d-------- C:\Program Files\DivX
2008-05-29 22:37 . 2008-05-29 22:37 <DIR> d-------- C:\Program Files\Cedelia
2008-05-28 20:52 . 2008-06-04 19:42 <DIR> d-------- C:\Downloads
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-------- C:\Program Files\Software Informer
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Software Informer
2008-05-27 15:27 . 2008-06-04 22:16 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Free Download Manager
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-27 15:26 . 2008-05-27 15:27 <DIR> d-------- C:\Program Files\Free Download Manager
2008-05-26 23:57 . 2008-05-26 23:57 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-26 14:57 . 2008-05-26 14:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-26 13:34 . 2008-05-26 13:34 <DIR> d-------- C:\Documents and Settings\Raghu\Incomplete
2008-05-26 13:34 . 2008-06-02 18:26 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\MP3Rocket
2008-05-26 13:34 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-26 13:32 . 2008-05-26 13:32 <DIR> d-------- C:\Program Files\AskSBar
2008-05-26 13:31 . 2008-05-26 13:31 <DIR> d-------- C:\softwares
2008-05-26 13:26 . 2008-05-26 13:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-26 13:22 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-26 13:21 . 2008-05-26 13:21 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-26 13:20 . 2008-05-26 13:20 <DIR> d-------- C:\Program Files\MSBuild
2008-05-26 13:19 . 2008-05-26 13:19 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 13:18 . 2008-05-26 13:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-26 13:17 . 2008-05-26 13:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-26 13:17 . 2008-05-26 13:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-26 13:16 . 2008-05-26 13:16 <DIR> dr-h----- C:\MSOCache
2008-05-26 13:15 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-25 22:48 . 2008-05-25 22:48 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\InterVideo
2008-05-25 22:11 . 2008-05-25 22:11 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-25 22:11 . 2008-05-25 21:20 <DIR> d-------- C:\Documents and Settings\Raghu\Bluetooth Software
2008-05-25 22:11 . 2008-05-25 21:42 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Lenovo
2008-05-25 22:11 . 2008-05-25 21:18 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\InstallShield
2008-05-25 22:11 . 2008-06-02 16:39 <DIR> d-------- C:\Documents and Settings\Raghu
2008-05-25 22:11 . 2004-08-04 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-25 22:11 . 2008-05-25 22:11 50 --a------ C:\WINDOWS\system32\drivers\LENOVO_7658_CTO.MRK
2008-05-25 22:11 . 2008-05-25 22:11 10 --a------ C:\WINDOWS\system32\firstboot.lgl
2008-05-25 22:10 . 2008-05-25 21:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Bluetooth Software
2008-05-25 22:10 . 2008-05-25 21:20 <DIR> d-a------ C:\Documents and Settings\Default User\Bluetooth Software
2008-05-25 21:45 . 2008-05-25 21:45 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-25 21:42 . 2008-05-25 21:42 <DIR> d-a------ C:\Documents and Settings\Administrator\Application Data\Lenovo
2008-05-25 21:42 . 2008-05-25 21:42 61 --a------ C:\WINDOWS\smscfg.ini
2008-05-25 21:41 . <DIR> C:\RRbackups
2008-05-25 21:38 . 2008-06-04 21:50 <DIR> d-------- C:\SWSHARE
2008-05-25 21:38 . 2008-05-25 21:37 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-05-25 21:38 . 2008-05-25 21:37 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-05-25 21:38 . 2008-05-25 21:37 115,960 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-05-25 21:38 . 2008-05-25 21:38 33,536 --a------ C:\WINDOWS\system32\drivers\tvtfilter.sys
2008-05-25 21:37 . 2008-05-25 21:37 7,012 --a------ C:\WINDOWS\system32\drivers\pmemnt.sys
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\Picasa2
2008-05-25 21:36 . 2008-05-26 13:39 <DIR> d-------- C:\Program Files\Google
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\PC-Doctor
2008-05-25 21:36 . 2007-02-05 17:45 583,232 --a------ C:\WINDOWS\system32\tvt_gina.dll
2008-05-25 21:36 . 2007-02-05 17:45 292,416 --a------ C:\WINDOWS\system32\tvt_gina_api.dll
2008-05-25 21:36 . 2005-11-08 09:27 11,520 --a------ C:\WINDOWS\system32\drivers\ANC.sys
2008-05-25 21:36 . 2007-04-02 11:24 4,224 --a------ C:\WINDOWS\system32\drivers\IBMBLDID.sys
2008-05-25 21:36 . 2008-05-25 21:36 0 --a------ C:\WINDOWS\system32\AccConnAdvanced.html
2008-05-25 21:35 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\PCDR5
2008-05-25 21:35 . 2005-07-06 20:23 7,680,056 --a------ C:\WINDOWS\1600_1200 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:24 5,880,056 --a------ C:\WINDOWS\1400_1050 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 5,292,056 --a------ C:\WINDOWS\1680_1050 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:25 5,242,936 --a------ C:\WINDOWS\1280_1024 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:26 3,145,784 --a------ C:\WINDOWS\1024_768 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 3,072,056 --a------ C:\WINDOWS\1280_800 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 2,949,176 --a------ C:\WINDOWS\1280_768 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:27 1,920,056 --a------ C:\WINDOWS\800_600 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-07 09:06 114,688 --a------ C:\WINDOWS\desktopset.exe
2008-05-25 21:32 . 2008-05-25 21:32 <DIR> d-------- C:\Program Files\Lenovo Registration

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 05:15 32,256 ----a-w C:\WINDOWS\iexplorer.exe
2008-06-05 05:15 14,080 ----a-w C:\WINDOWS\explore.exe
2008-06-05 05:15 12,288 ----a-w C:\WINDOWS\y.exe
2008-06-05 05:15 10,240 ----a-w C:\WINDOWS\x.exe
2008-06-05 05:09 269 ----a-w C:\Program Files\Common Files\laxu284
2008-06-04 23:44 87,513 ----a-w C:\WINDOWS\system32\iftuyszv.exe
2008-05-26 04:37 36,624 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-26 04:18 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-26 04:18 21,393 ----a-w C:\WINDOWS\AegisP.sys
2005-07-29 23:24 472 --sha-r C:\WINDOWS\UmFnaHU\oAIBuJo.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}]
2007-12-26 16:32 1019904 --a------ C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0E4EB2F-ADEB-4166-B331-77AFCC827A9E}]
C:\WINDOWS\system32\efcCUOfC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-26 13:32 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-26 13:32 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-30 13:15 68856]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
"Software Informer"="C:\Program Files\Free Download Manager\softinfo.exe" [ ]
"fsm"="" []
"Spyware Doctor"="E:\SOFTWA~1\SPYWAR~1\swdoctor.exe" [2005-03-18 17:18 1469680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 03:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 03:07 512000]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 09:18 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 09:18 208896]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 11:03 58416]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-08 22:49 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 10:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 00:23 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-06 18:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-06 18:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-06 18:27 137752]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 03:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 10:10 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 11:00 419376]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 16:35 2630968]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 07:59 73728]

C:\Documents and Settings\Raghu\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-05-25 21:21:13 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 00:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 19:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 16:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-05 09:18]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ec2cd6-2b60-11dd-884d-001cbf64b05f}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-05 04:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-05 05:18:44 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 22:18:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Raghu\LOCALS~1\Temp\mc29.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
-> C:\WINDOWS\system32\NavLogon.dll
-> E:\SOFTWA~1\SPYWAR~1\Tools\swpg.dat

PROCESS: C:\WINDOWS\system32\lsass.exe
-> E:\SOFTWA~1\SPYWAR~1\Tools\swpg.dat

PROCESS: C:\WINDOWS\explorer.exe
-> E:\SOFTWA~1\SPYWAR~1\Tools\swpg.dat

PROCESS: C:\WINDOWS\system32\csrss.exe
-> E:\SOFTWA~1\SPYWAR~1\Tools\swpg.dat
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
.
**************************************************************************
.
Completion time: 2008-06-04 22:21:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 05:21:13

Pre-Run: 49,257,218,048 bytes free
Post-Run: 49,750,650,880 bytes free

366

Here is my latest log file for hijack



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07, on 2008-06-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\hcheck\hjack.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=1369
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\SOFTWA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Spyware Doctor] E:\SOFTWA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\SOFTWA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 14766 bytes
rag
Active Member
 
Posts: 6
Joined: June 5th, 2008, 2:09 am

Re: warning:spyware threat has been detected..>This is killing

Unread postby flashh4 » June 7th, 2008, 3:04 pm

Howdy rag, we need to uninstall Combofix and download and run a new scan so i have an up to date log. Also you need to delete/remove any other tools that you have downloaded to remove Malware because these tools sometimes expire or become outdated, or will have new updates !!!

UNINSTALL COMBOFIX

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.

NEXT

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: warning:spyware threat has been detected..>This is killing

Unread postby rag » June 7th, 2008, 8:06 pm

hey ..


Thx for all the efforts.. combofix is running here is the latest log

C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-07 12:53 . 2008-06-07 12:53 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-06-07 12:52 . 2008-06-07 12:56 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-05 19:41 . 2008-06-05 19:41 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-05 19:34 . 2008-06-05 19:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-04 22:30 . 2008-06-04 22:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:01 . 2008-06-04 22:01 <DIR> d-------- C:\Program Files\hjt
2008-06-04 21:32 . 2008-06-04 21:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-04 20:03 . 2008-06-04 20:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-04 17:01 . 2008-06-04 17:01 <DIR> d-------- C:\WINDOWS\system32\Client Security Solution
2008-06-04 16:46 . 2008-06-05 19:44 <DIR> d-------- C:\Program Files\BrowsingEnhancer
2008-06-04 16:45 . 2008-06-04 16:45 <DIR> d-a------ C:\Documents and Settings\LocalService\Application Data\Lenovo
2008-06-04 16:45 . 2008-06-04 16:47 135,168 --------- C:\WINDOWS\TEK76.exe
2008-06-02 20:59 . 2008-06-02 20:59 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 19:40 . 2008-06-03 17:22 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Azureus
2008-06-02 19:40 . 2008-06-02 19:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-02 19:39 . 2008-06-02 19:40 <DIR> d-------- C:\Program Files\Azureus
2008-06-02 19:36 . 2008-06-02 19:36 <DIR> d-------- C:\Program Files\Sun
2008-06-02 17:15 . 2008-06-02 17:15 0 --------- C:\WINDOWS\VPC32.INI
2008-06-02 16:41 . 2008-06-02 16:41 <DIR> d-------- C:\WINDOWS\system32\CBA
2008-06-02 16:41 . 2008-06-02 17:26 <DIR> d-------- C:\Program Files\NavNT
2008-06-02 16:41 . 2008-06-02 16:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-02 16:41 . 2008-06-02 16:41 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-02 16:41 . 2001-09-24 07:59 120,379 --------- C:\WINDOWS\system32\SYMEVNT.386
2008-06-02 16:41 . 2001-09-24 07:59 57,696 --------- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-02 16:41 . 2001-09-24 07:59 36,864 --------- C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-02 16:41 . 2001-09-24 07:59 4,032 --------- C:\WINDOWS\system32\SYMEVNT1.DLL
2008-06-02 16:41 . 2008-06-02 16:41 244 --------- C:\WINDOWS\ODBC.INI
2008-06-02 16:39 . 2008-06-02 16:39 <DIR> d-------- C:\Documents and Settings\Raghu\WINDOWS
2008-06-01 23:06 . 2008-06-01 23:06 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 23:06 . 2008-06-01 23:06 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\vlc
2008-06-01 21:51 . 2008-06-01 21:51 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Intel
2008-06-01 20:36 . 2008-06-02 16:41 <DIR> d-------- C:\Program Files\Symantec
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Malwarebytes
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 19:49 . 2008-05-30 01:06 34,296 --------- C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 19:49 . 2008-05-30 01:06 15,864 --------- C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 11:24 . 2008-06-01 11:42 0 ---hs---- C:\Documents and Settings\Raghu\Application Data\00484197a289b19cf781e78a15777f45740098fa2e2768b88f.dat
2008-05-29 22:40 . 2008-05-29 22:40 <DIR> d-------- C:\Program Files\DivX
2008-05-29 22:37 . 2008-05-29 22:37 <DIR> d-------- C:\Program Files\Cedelia
2008-05-28 20:52 . 2008-06-04 19:42 <DIR> d-------- C:\Downloads
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Software Informer
2008-05-27 15:27 . 2008-06-07 16:54 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Free Download Manager
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-27 15:26 . 2008-06-05 19:55 <DIR> d-------- C:\Program Files\Free Download Manager
2008-05-26 23:57 . 2008-05-26 23:57 1,160 --------- C:\WINDOWS\mozver.dat
2008-05-26 14:57 . 2008-05-26 14:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-26 13:34 . 2008-05-26 13:34 <DIR> d-------- C:\Documents and Settings\Raghu\Incomplete
2008-05-26 13:34 . 2008-06-02 18:26 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\MP3Rocket
2008-05-26 13:34 . 2008-03-25 02:37 69,632 --------- C:\WINDOWS\system32\javacpl.cpl
2008-05-26 13:32 . 2008-05-26 13:32 <DIR> d-------- C:\Program Files\AskSBar
2008-05-26 13:31 . 2008-05-26 13:31 <DIR> d-------- C:\softwares
2008-05-26 13:26 . 2008-05-26 13:26 0 --------- C:\WINDOWS\nsreg.dat
2008-05-26 13:22 . 2006-10-26 19:56 32,592 --------- C:\WINDOWS\system32\msonpmon.dll
2008-05-26 13:21 . 2008-05-26 13:21 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-26 13:20 . 2008-05-26 13:20 <DIR> d-------- C:\Program Files\MSBuild
2008-05-26 13:19 . 2008-05-26 13:19 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 13:18 . 2008-05-26 13:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-26 13:17 . 2008-05-26 13:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-26 13:17 . 2008-05-26 13:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-26 13:16 . 2008-05-26 13:16 <DIR> dr-h----- C:\MSOCache
2008-05-26 13:15 . 2004-08-03 23:08 26,496 --------- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-25 22:48 . 2008-05-25 22:48 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\InterVideo
2008-05-25 22:11 . 2008-05-25 22:11 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-25 22:11 . 2008-05-25 21:20 <DIR> d-------- C:\Documents and Settings\Raghu\Bluetooth Software
2008-05-25 22:11 . 2008-05-25 21:42 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Lenovo
2008-05-25 22:11 . 2008-05-25 21:18 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\InstallShield
2008-05-25 22:11 . 2008-06-06 20:41 <DIR> d-------- C:\Documents and Settings\Raghu
2008-05-25 22:11 . 2004-08-04 05:00 221,184 --------- C:\WINDOWS\system32\wmpns.dll
2008-05-25 22:11 . 2008-05-25 22:11 50 --------- C:\WINDOWS\system32\drivers\LENOVO_7658_CTO.MRK
2008-05-25 22:11 . 2008-05-25 22:11 10 --------- C:\WINDOWS\system32\firstboot.lgl
2008-05-25 22:10 . 2008-05-25 21:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Bluetooth Software
2008-05-25 22:10 . 2008-05-25 21:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Lenovo
2008-05-25 22:10 . 2008-05-25 21:18 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
2008-05-25 22:10 . 2008-05-25 21:20 <DIR> d-a------ C:\Documents and Settings\Default User\Bluetooth Software
2008-05-25 21:45 . 2008-05-25 21:45 8,192 --------- C:\WINDOWS\REGLOCS.OLD
2008-05-25 21:42 . 2008-05-25 21:42 <DIR> d-a------ C:\Documents and Settings\Administrator\Application Data\Lenovo
2008-05-25 21:42 . 2008-05-25 21:42 61 --------- C:\WINDOWS\smscfg.ini
2008-05-25 21:41 . <DIR> C:\RRbackups
2008-05-25 21:38 . 2008-06-06 20:33 <DIR> d-------- C:\SWSHARE
2008-05-25 21:38 . 2008-05-25 21:37 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-25 21:38 . 2008-05-25 21:37 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-25 21:38 . 2008-05-25 21:37 115,960 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-25 21:38 . 2008-05-25 21:38 33,536 --------- C:\WINDOWS\system32\drivers\tvtfilter.sys
2008-05-25 21:37 . 2008-05-25 21:37 7,012 --------- C:\WINDOWS\system32\drivers\pmemnt.sys
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\Picasa2
2008-05-25 21:36 . 2008-05-26 13:39 <DIR> d-------- C:\Program Files\Google
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\PC-Doctor
2008-05-25 21:36 . 2007-02-05 17:45 583,232 --------- C:\WINDOWS\system32\tvt_gina.dll
2008-05-25 21:36 . 2007-02-05 17:45 292,416 --------- C:\WINDOWS\system32\tvt_gina_api.dll
2008-05-25 21:36 . 2005-11-08 09:27 11,520 --------- C:\WINDOWS\system32\drivers\ANC.sys
2008-05-25 21:36 . 2007-04-02 11:24 4,224 --------- C:\WINDOWS\system32\drivers\IBMBLDID.sys
2008-05-25 21:36 . 2008-05-25 21:36 0 --------- C:\WINDOWS\system32\AccConnAdvanced.html
2008-05-25 21:35 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\PCDR5
2008-05-25 21:35 . 2005-07-06 20:23 7,680,056 --------- C:\WINDOWS\1600_1200 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:24 5,880,056 --------- C:\WINDOWS\1400_1050 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 5,292,056 --------- C:\WINDOWS\1680_1050 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:25 5,242,936 --------- C:\WINDOWS\1280_1024 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:26 3,145,784 --------- C:\WINDOWS\1024_768 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 3,072,056 --------- C:\WINDOWS\1280_800 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 2,949,176 --------- C:\WINDOWS\1280_768 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:27 1,920,056 --------- C:\WINDOWS\800_600 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-07 09:06 114,688 --------- C:\WINDOWS\desktopset.exe
2008-05-25 21:32 . 2008-05-25 21:32 <DIR> d-------- C:\Program Files\Lenovo Registration
2008-05-25 21:31 . 2008-05-25 21:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-25 21:31 . 2008-05-25 21:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Lenovo
2008-05-25 21:31 . 2002-02-03 14:13 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2008-05-25 21:31 . 2002-02-07 02:43 9,679 --------- C:\WINDOWS\system32\msxml4r.cat
2008-05-25 21:31 . 2002-02-07 02:43 9,675 --------- C:\WINDOWS\system32\msxml4.cat
2008-05-25 21:31 . 2002-02-06 04:31 3,489 --------- C:\WINDOWS\system32\msxml4.Manifest
2008-05-25 21:31 . 2002-02-06 04:31 500 --------- C:\WINDOWS\system32\msxml4r.Manifest
2008-05-25 21:30 . 2008-06-05 19:55 <DIR> d-------- C:\WINDOWS\system32\DLA
2008-05-25 21:30 . 2008-05-25 21:32 <DIR> d-------- C:\Program Files\ThinkVantage
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Sonic Icons for Lenovo
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Sonic
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Multimedia Center for Think Offerings
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Icons
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-25 21:30 . 2007-01-08 13:00 923,184 --------- C:\WINDOWS\system32\ahlprun.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 05:09 269 ------w C:\Program Files\Common Files\laxu284
2008-05-26 04:37 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-26 04:18 21,393 ------w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-26 04:18 21,393 ------w C:\WINDOWS\AegisP.sys
2005-07-29 23:24 472 --sh--r C:\WINDOWS\UmFnaHU\oAIBuJo.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_22.20.56.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 05:18:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 23:55:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-07 19:53:08 55,296 ----a-r C:\WINDOWS\Installer\{48B82226-75E3-4E90-92CC-D30F79EA6380}\Icon6D246661.exe
+ 2008-03-20 02:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-03-20 02:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\swdir.dll
+ 2008-03-20 02:36:40 67,000 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDnld.exe
+ 2008-03-20 02:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-03-20 01:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-20 02:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-20 01:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-03-20 01:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-03-20 01:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-20 01:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-20 02:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-20 02:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-20 02:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-20 02:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-20 02:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-20 01:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 17:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
+ 2008-03-15 06:31:26 57,344 ----a-w C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
+ 2008-03-15 06:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 06:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
+ 2008-03-15 06:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 06:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
+ 2008-03-15 06:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-15 06:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-15 06:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-15 06:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 18:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
+ 2008-03-15 06:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
- 2008-06-05 05:01:15 62,746 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-07 18:09:57 62,746 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-05 05:01:15 401,632 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-07 18:09:57 401,632 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-07 23:55:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3d0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-30 13:15 68856]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
"fsm"="" []
"Spyware Doctor"="E:\SOFTWA~1\SPYWAR~1\swdoctor.exe" [2005-03-18 17:18 1469680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 03:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 03:07 512000]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 09:18 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 09:18 208896]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 11:03 58416]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-08 22:49 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 10:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 00:23 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-06 18:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-06 18:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-06 18:27 137752]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 03:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 10:10 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 11:00 419376]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 16:35 2630968]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

C:\Documents and Settings\Raghu\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-05-25 21:21:13 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 00:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 19:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 16:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-05 09:18]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ec2cd6-2b60-11dd-884d-001cbf64b05f}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 23:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-07 19:53:10 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-07 23:56:04 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 16:56:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Raghu\LOCALS~1\Temp\mc29.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
-> C:\WINDOWS\system32\NavLogon.dll
-> E:\SOFTWA~1\SPYWAR~1\Tools\swpg.dat

PROCESS: C:\WINDOWS\system32\lsass.exe
-> E:\SOFTWA~1\SPYWAR~1\Tools\swpg.dat

PROCESS: C:\WINDOWS\explorer.exe
-> E:\SOFTWA~1\SPYWAR~1\Tools\swpg.dat

PROCESS: C:\WINDOWS\system32\csrss.exe
-> E:\SOFTWA~1\SPYWAR~1\Tools\swpg.dat
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
.
**************************************************************************
.
Completion time: 2008-06-07 16:58:48 - machine was rebooted [Raghu]
ComboFix-quarantined-files.txt 2008-06-07 23:58:41
ComboFix2.txt 2008-06-05 05:21:21

Pre-Run: 36,796,526,592 bytes free
Post-Run: 37,492,686,848 bytes free

389


This is the log for hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:39 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
E:\SOFTWA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\hcheck\hjack.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=1369
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\SOFTWA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Spyware Doctor] E:\SOFTWA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\SOFTWA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 12965 bytes
rag
Active Member
 
Posts: 6
Joined: June 5th, 2008, 2:09 am

Re: warning:spyware threat has been detected..>This is killing

Unread postby rag » June 7th, 2008, 8:18 pm

Hey chuck..

I think my system is working fine .. I can open my task manager.. my desktop is restored frm tht weird virus message..
my partition drives are working good .. Thx for your time and good job in assisting me..I guess only few ppl in this world would
spend their time for doing good to others and definitely u guys(chuck) r one of them....

Kudos to all the team and everyone out there behind this useful mission :bounce:

God bless u guys!!!! ;)

Any recommendations would be much appreciated after looking at my logs...

from
rag(victim of spy ware)
rag
Active Member
 
Posts: 6
Joined: June 5th, 2008, 2:09 am

Re: warning:spyware threat has been detected..>This is killing

Unread postby flashh4 » June 8th, 2008, 12:23 pm

Howdy rag, we have some left to do, Please paste the full combofix log you cut off the top last time !!

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Folder::
    C:\Program Files\AskSBar
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Close all programs down, leaving only HijackThis running.
Open HJT ..... Place a check against the following items: If present.


O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Click fix with all browsers closed.

Please post these in next reply:
1. Combofix log/report
2. New HJT log

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: warning:spyware threat has been detected..>This is killing

Unread postby rag » June 8th, 2008, 10:05 pm

Hey chuck, Here is the log for cmbofix, I removed those two files u mentioned in the previous posts


ComboFix 08-06-04.3 - Raghu 2008-06-08 18:12:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990 [GMT -7:00]
Running from: C:\Downloads\Software\ComboFix.exe
Command switches used :: C:\Documents and Settings\Raghu\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\000FD289
C:\Program Files\AskSBar\bar\Cache\034AB9F9.bin
C:\Program Files\AskSBar\bar\Cache\034ABB51.bin
C:\Program Files\AskSBar\bar\Cache\034ABCF7.bin
C:\Program Files\AskSBar\bar\Cache\034ABE9D.bin
C:\Program Files\AskSBar\bar\Cache\034AC033.bin
C:\Program Files\AskSBar\bar\Cache\034AC14C.bin
C:\Program Files\AskSBar\bar\Cache\034AC43A.bin
C:\Program Files\AskSBar\bar\Cache\034AC709.bin
C:\Program Files\AskSBar\bar\Cache\034AC822.bin
C:\Program Files\AskSBar\bar\Cache\034AC98A.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\dxva_sig.txt
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\adzgalore-remove.exe
C:\WINDOWS\system32\nsd97.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-07 21:42 . 2008-06-07 21:42 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Sonic
2008-06-07 21:41 . 2008-06-07 21:41 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Leadertech
2008-06-07 19:15 . 2008-06-08 18:18 <DIR> d-------- C:\Program Files\Prevx1
2008-06-07 19:15 . 2008-06-07 19:15 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Prevx
2008-06-07 19:15 . 2008-06-08 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-06-07 19:15 . 2006-12-08 13:36 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2008-06-07 19:15 . 2006-12-08 13:36 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2008-06-07 18:58 . 2008-06-07 18:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-07 18:35 . 2008-06-07 18:35 90,923 --a------ C:\WINDOWS\system32\nwjmuwqdoflobpy.dll-uninst.exe
2008-06-07 18:35 . 2008-06-07 18:35 63,916 --a------ C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll-uninst.exe
2008-06-07 17:40 . 2008-06-08 18:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-07 12:52 . 2008-06-07 12:56 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-07 00:53 . 2008-06-07 00:53 443,904 --a------ C:\WINDOWS\system32\nwjmuwqdoflobpy.dll
2008-06-05 19:41 . 2008-06-05 19:41 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-05 19:34 . 2008-06-05 19:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-04 22:01 . 2008-06-04 22:01 <DIR> d-------- C:\Program Files\hjt
2008-06-04 21:32 . 2008-06-04 21:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-04 17:01 . 2008-06-04 17:01 <DIR> d-------- C:\WINDOWS\system32\Client Security Solution
2008-06-04 16:45 . 2008-06-04 16:45 <DIR> d-a------ C:\Documents and Settings\LocalService\Application Data\Lenovo
2008-06-04 16:45 . 2008-06-04 16:47 135,168 --------- C:\WINDOWS\TEK76.exe
2008-06-02 20:59 . 2008-06-02 20:59 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 19:40 . 2008-06-08 18:15 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Azureus
2008-06-02 19:40 . 2008-06-02 19:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-02 19:39 . 2008-06-02 19:40 <DIR> d-------- C:\Program Files\Azureus
2008-06-02 19:36 . 2008-06-02 19:36 <DIR> d-------- C:\Program Files\Sun
2008-06-02 16:41 . 2008-06-07 17:26 <DIR> d-------- C:\WINDOWS\system32\CBA
2008-06-02 16:41 . 2008-06-07 17:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-02 16:41 . 2008-06-07 17:26 28 --a------ C:\WINDOWS\ODBC.INI
2008-06-02 16:39 . 2008-06-02 16:39 <DIR> d-------- C:\Documents and Settings\Raghu\WINDOWS
2008-06-01 23:06 . 2008-06-01 23:06 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 23:06 . 2008-06-01 23:06 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\vlc
2008-06-01 21:51 . 2008-06-01 21:51 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Intel
2008-06-01 20:36 . 2008-06-07 17:28 <DIR> d-------- C:\Program Files\Symantec
2008-06-01 19:49 . 2008-06-07 18:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Malwarebytes
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 19:49 . 2008-05-30 01:06 34,296 --------- C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 19:49 . 2008-05-30 01:06 15,864 --------- C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 11:24 . 2008-06-01 11:42 0 ---hs---- C:\Documents and Settings\Raghu\Application Data\00484197a289b19cf781e78a15777f45740098fa2e2768b88f.dat
2008-05-29 22:40 . 2008-05-29 22:40 <DIR> d-------- C:\Program Files\DivX
2008-05-29 22:37 . 2008-05-29 22:37 <DIR> d-------- C:\Program Files\Cedelia
2008-05-28 20:52 . 2008-06-07 22:07 <DIR> d-------- C:\Downloads
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Software Informer
2008-05-27 15:27 . 2008-06-08 18:15 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Free Download Manager
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-27 15:26 . 2008-06-05 19:55 <DIR> d-------- C:\Program Files\Free Download Manager
2008-05-26 23:57 . 2008-05-26 23:57 1,160 --------- C:\WINDOWS\mozver.dat
2008-05-26 14:57 . 2008-05-26 14:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-26 13:34 . 2008-05-26 13:34 <DIR> d-------- C:\Documents and Settings\Raghu\Incomplete
2008-05-26 13:34 . 2008-06-02 18:26 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\MP3Rocket
2008-05-26 13:34 . 2008-03-25 02:37 69,632 --------- C:\WINDOWS\system32\javacpl.cpl
2008-05-26 13:31 . 2008-05-26 13:31 <DIR> d-------- C:\softwares
2008-05-26 13:26 . 2008-05-26 13:26 0 --------- C:\WINDOWS\nsreg.dat
2008-05-26 13:22 . 2006-10-26 19:56 32,592 --------- C:\WINDOWS\system32\msonpmon.dll
2008-05-26 13:21 . 2008-05-26 13:21 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-26 13:20 . 2008-05-26 13:20 <DIR> d-------- C:\Program Files\MSBuild
2008-05-26 13:19 . 2008-05-26 13:19 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 13:18 . 2008-05-26 13:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-26 13:17 . 2008-05-26 13:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-26 13:17 . 2008-05-26 13:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-26 13:16 . 2008-05-26 13:16 <DIR> dr-h----- C:\MSOCache
2008-05-26 13:15 . 2004-08-03 23:08 26,496 --------- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-25 22:48 . 2008-05-25 22:48 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\InterVideo
2008-05-25 22:11 . 2008-05-25 22:11 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-25 22:11 . 2008-05-25 21:20 <DIR> d-------- C:\Documents and Settings\Raghu\Bluetooth Software
2008-05-25 22:11 . 2008-05-25 21:42 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Lenovo
2008-05-25 22:11 . 2008-05-25 21:18 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\InstallShield
2008-05-25 22:11 . 2008-06-06 20:41 <DIR> d-------- C:\Documents and Settings\Raghu
2008-05-25 22:11 . 2004-08-04 05:00 221,184 --------- C:\WINDOWS\system32\wmpns.dll
2008-05-25 22:11 . 2008-05-25 22:11 50 --------- C:\WINDOWS\system32\drivers\LENOVO_7658_CTO.MRK
2008-05-25 22:11 . 2008-05-25 22:11 10 --------- C:\WINDOWS\system32\firstboot.lgl
2008-05-25 22:10 . 2008-05-25 21:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Bluetooth Software
2008-05-25 22:10 . 2008-05-25 21:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Lenovo
2008-05-25 22:10 . 2008-05-25 21:18 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
2008-05-25 22:10 . 2008-05-25 21:20 <DIR> d-a------ C:\Documents and Settings\Default User\Bluetooth Software
2008-05-25 21:45 . 2008-05-25 21:45 8,192 --------- C:\WINDOWS\REGLOCS.OLD
2008-05-25 21:42 . 2008-05-25 21:42 <DIR> d-a------ C:\Documents and Settings\Administrator\Application Data\Lenovo
2008-05-25 21:42 . 2008-05-25 21:42 61 --------- C:\WINDOWS\smscfg.ini
2008-05-25 21:41 . 2008-06-06 21:11 <DIR> dr-hs---- C:\RRbackups
2008-05-25 21:38 . 2008-06-08 00:00 <DIR> d-------- C:\SWSHARE
2008-05-25 21:38 . 2008-05-25 21:37 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-25 21:38 . 2008-05-25 21:37 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-25 21:38 . 2008-05-25 21:37 115,960 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-25 21:38 . 2008-05-25 21:38 33,536 --------- C:\WINDOWS\system32\drivers\tvtfilter.sys
2008-05-25 21:37 . 2008-05-25 21:37 7,012 --------- C:\WINDOWS\system32\drivers\pmemnt.sys
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\Picasa2
2008-05-25 21:36 . 2008-05-26 13:39 <DIR> d-------- C:\Program Files\Google
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\PC-Doctor
2008-05-25 21:36 . 2007-02-05 17:45 583,232 --------- C:\WINDOWS\system32\tvt_gina.dll
2008-05-25 21:36 . 2007-02-05 17:45 292,416 --------- C:\WINDOWS\system32\tvt_gina_api.dll
2008-05-25 21:36 . 2005-11-08 09:27 11,520 --------- C:\WINDOWS\system32\drivers\ANC.sys
2008-05-25 21:36 . 2007-04-02 11:24 4,224 --------- C:\WINDOWS\system32\drivers\IBMBLDID.sys
2008-05-25 21:36 . 2008-05-25 21:36 0 --------- C:\WINDOWS\system32\AccConnAdvanced.html
2008-05-25 21:35 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\PCDR5
2008-05-25 21:35 . 2005-07-06 20:23 7,680,056 --------- C:\WINDOWS\1600_1200 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:24 5,880,056 --------- C:\WINDOWS\1400_1050 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 5,292,056 --------- C:\WINDOWS\1680_1050 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:25 5,242,936 --------- C:\WINDOWS\1280_1024 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:26 3,145,784 --------- C:\WINDOWS\1024_768 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 3,072,056 --------- C:\WINDOWS\1280_800 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 2,949,176 --------- C:\WINDOWS\1280_768 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:27 1,920,056 --------- C:\WINDOWS\800_600 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-07 09:06 114,688 --------- C:\WINDOWS\desktopset.exe
2008-05-25 21:32 . 2008-05-25 21:32 <DIR> d-------- C:\Program Files\Lenovo Registration
2008-05-25 21:31 . 2008-05-25 21:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-25 21:31 . 2008-05-25 21:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Lenovo
2008-05-25 21:31 . 2002-02-03 14:13 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2008-05-25 21:31 . 2002-02-07 02:43 9,679 --------- C:\WINDOWS\system32\msxml4r.cat
2008-05-25 21:31 . 2002-02-07 02:43 9,675 --------- C:\WINDOWS\system32\msxml4.cat
2008-05-25 21:31 . 2002-02-06 04:31 3,489 --------- C:\WINDOWS\system32\msxml4.Manifest
2008-05-25 21:31 . 2002-02-06 04:31 500 --------- C:\WINDOWS\system32\msxml4r.Manifest
2008-05-25 21:30 . 2008-06-05 19:55 <DIR> d-------- C:\WINDOWS\system32\DLA
2008-05-25 21:30 . 2008-05-25 21:32 <DIR> d-------- C:\Program Files\ThinkVantage
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Sonic Icons for Lenovo
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Sonic
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Multimedia Center for Think Offerings
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Icons
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-25 21:30 . 2007-01-08 13:00 923,184 --------- C:\WINDOWS\system32\ahlprun.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 05:09 269 ------w C:\Program Files\Common Files\laxu284
2008-05-26 04:37 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-26 04:18 21,393 ------w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-26 04:18 21,393 ------w C:\WINDOWS\AegisP.sys
2005-07-29 23:24 472 --sh--r C:\WINDOWS\UmFnaHU\oAIBuJo.vbs
.

((((((((((((((((((((((((((((( snapshot_2008-06-07_16.58.23.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 23:55:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-09 01:17:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 01:35:08 63,916 ----a-w C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll-uninst.exe
+ 2008-05-05 11:31:48 331,264 ----a-w C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll
- 2004-08-04 12:00:00 66,560 ------w C:\WINDOWS\system32\cdm.dll
+ 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2006-12-08 20:36:14 7,552 ----a-w C:\WINDOWS\system32\drivers\pxcom.sys
+ 2006-12-08 20:36:20 100,864 ----a-w C:\WINDOWS\system32\drivers\PxEmu.sys
+ 2006-12-08 20:36:14 274,688 ----a-w C:\WINDOWS\system32\drivers\pxfsf.sys
+ 2006-12-16 03:24:10 13,952 ----a-w C:\WINDOWS\system32\drivers\pxrd.sys
+ 2006-12-08 20:36:18 11,648 ----a-w C:\WINDOWS\system32\drivers\pxscrmbl.sys
+ 2006-12-08 20:36:16 18,560 ----a-w C:\WINDOWS\system32\drivers\pxtdi.sys
- 2008-06-07 18:09:57 62,746 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-07 23:59:59 62,746 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-07 18:09:57 401,632 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-07 23:59:59 401,632 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
- 2004-08-04 12:00:00 430,592 ------w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-04 12:00:00 111,104 ------w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-04 12:00:00 1,134,592 ------w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-04 12:00:00 112,640 ------w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-04 12:00:00 36,864 ------w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2004-08-04 12:00:00 120,320 ------w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-06-09 01:17:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1b0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad375087-e7d7-ddf4-e849-af36e6106378}]
2008-05-05 04:31 331264 --a------ C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d645275d-fa14-c6b8-5be5-d18519d184f2}]
2008-06-07 00:53 443904 --a------ C:\WINDOWS\system32\nwjmuwqdoflobpy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-30 13:15 68856]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
"fsm"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 03:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 03:07 512000]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 09:18 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 09:18 208896]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 11:03 58416]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-08 22:49 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 10:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 00:23 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-06 18:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-06 18:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-06 18:27 137752]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 03:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 10:10 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 11:00 419376]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 16:35 2630968]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"{ae91ca84-7e1d-0f19-7330-626f65ae67ed}"="C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll" [2008-05-05 04:31 331264]
"PrevxOne"="C:\Program Files\Prevx1\PXConsole.exe" [2007-01-12 18:52 1503232]

C:\Documents and Settings\Raghu\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-05-25 21:21:13 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 00:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 19:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 16:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-05 09:18]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ec2cd6-2b60-11dd-884d-001cbf64b05f}]
\Shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - PREVXDRIVER
*Newly Created Service* - PREVXTDI
*Newly Created Service* - PXRDDRIVER
.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 00:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-09 01:21:01 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 18:20:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lenovo\Client Security Solution\css_admin.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
.
**************************************************************************
.
Completion time: 2008-06-08 18:23:29 - machine was rebooted [Raghu]
ComboFix-quarantined-files.txt 2008-06-09 01:23:26
ComboFix2.txt 2008-06-07 23:58:49
ComboFix3.txt 2008-06-05 05:21:21

Pre-Run: 34,821,087,232 bytes free
Post-Run: 37,810,696,192 bytes free

367 --- E O F --- 2008-06-08 10:00:43


Following is the log for HIJACK ::::




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:17 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\softwares\Trend Micro\hcheck\hjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/web?o=1369
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: cpmsky browser optimizer - {ad375087-e7d7-ddf4-e849-af36e6106378} - C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: mysidesearch search enhancer - {d645275d-fa14-c6b8-5be5-d18519d184f2} - C:\WINDOWS\system32\nwjmuwqdoflobpy.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{ae91ca84-7e1d-0f19-7330-626f65ae67ed}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll" DllInit
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 12670 bytes



Thanks
Rag
rag
Active Member
 
Posts: 6
Joined: June 5th, 2008, 2:09 am

Re: warning:spyware threat has been detected..>This is killing

Unread postby flashh4 » June 9th, 2008, 9:17 am

Howdy rag, we need to know how you keep picking up these infections, are you using the peer 2 peer
file shareing ???
We cannot continue cleaning your computer then you reinfecting it, your best bet
will be to reformat if you continue this. Your choice to make the call !!

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: warning:spyware threat has been detected..>This is killing

Unread postby NonSuch » June 16th, 2008, 3:36 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware