Hey chuck, Here is the log for cmbofix, I removed those two files u mentioned in the previous posts
ComboFix 08-06-04.3 - Raghu 2008-06-08 18:12:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990 [GMT -7:00]
Running from: C:\Downloads\Software\ComboFix.exe
Command switches used :: C:\Documents and Settings\Raghu\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk
C:\Documents and Settings\Raghu\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk
C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\
000FD289
C:\Program Files\AskSBar\bar\Cache\
034AB9F9.bin
C:\Program Files\AskSBar\bar\Cache\
034ABB51.bin
C:\Program Files\AskSBar\bar\Cache\
034ABCF7.bin
C:\Program Files\AskSBar\bar\Cache\
034ABE9D.bin
C:\Program Files\AskSBar\bar\Cache\
034AC033.bin
C:\Program Files\AskSBar\bar\Cache\
034AC14C.bin
C:\Program Files\AskSBar\bar\Cache\
034AC43A.bin
C:\Program Files\AskSBar\bar\Cache\
034AC709.bin
C:\Program Files\AskSBar\bar\Cache\
034AC822.bin
C:\Program Files\AskSBar\bar\Cache\
034AC98A.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\dxva_sig.txt
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\adzgalore-remove.exe
C:\WINDOWS\system32\nsd97.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.
2008-06-07 21:42 . 2008-06-07 21:42 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Sonic
2008-06-07 21:41 . 2008-06-07 21:41 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Leadertech
2008-06-07 19:15 . 2008-06-08 18:18 <DIR> d-------- C:\Program Files\Prevx1
2008-06-07 19:15 . 2008-06-07 19:15 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Prevx
2008-06-07 19:15 . 2008-06-08 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-06-07 19:15 . 2006-12-08 13:36 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2008-06-07 19:15 . 2006-12-08 13:36 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2008-06-07 18:58 . 2008-06-07 18:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-07 18:35 . 2008-06-07 18:35 90,923 --a------ C:\WINDOWS\system32\nwjmuwqdoflobpy.dll-uninst.exe
2008-06-07 18:35 . 2008-06-07 18:35 63,916 --a------ C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll-uninst.exe
2008-06-07 17:40 . 2008-06-08 18:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-07 12:52 . 2008-06-07 12:56 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-07 00:53 . 2008-06-07 00:53 443,904 --a------ C:\WINDOWS\system32\nwjmuwqdoflobpy.dll
2008-06-05 19:41 . 2008-06-05 19:41 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-05 19:34 . 2008-06-05 19:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-04 22:01 . 2008-06-04 22:01 <DIR> d-------- C:\Program Files\hjt
2008-06-04 21:32 . 2008-06-04 21:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-04 17:01 . 2008-06-04 17:01 <DIR> d-------- C:\WINDOWS\system32\Client Security Solution
2008-06-04 16:45 . 2008-06-04 16:45 <DIR> d-a------ C:\Documents and Settings\LocalService\Application Data\Lenovo
2008-06-04 16:45 . 2008-06-04 16:47 135,168 --------- C:\WINDOWS\TEK76.exe
2008-06-02 20:59 . 2008-06-02 20:59 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 19:40 . 2008-06-08 18:15 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Azureus
2008-06-02 19:40 . 2008-06-02 19:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-02 19:39 . 2008-06-02 19:40 <DIR> d-------- C:\Program Files\Azureus
2008-06-02 19:36 . 2008-06-02 19:36 <DIR> d-------- C:\Program Files\Sun
2008-06-02 16:41 . 2008-06-07 17:26 <DIR> d-------- C:\WINDOWS\system32\CBA
2008-06-02 16:41 . 2008-06-07 17:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-02 16:41 . 2008-06-07 17:26 28 --a------ C:\WINDOWS\ODBC.INI
2008-06-02 16:39 . 2008-06-02 16:39 <DIR> d-------- C:\Documents and Settings\Raghu\WINDOWS
2008-06-01 23:06 . 2008-06-01 23:06 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-01 23:06 . 2008-06-01 23:06 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\vlc
2008-06-01 21:51 . 2008-06-01 21:51 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Intel
2008-06-01 20:36 . 2008-06-07 17:28 <DIR> d-------- C:\Program Files\Symantec
2008-06-01 19:49 . 2008-06-07 18:21 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Malwarebytes
2008-06-01 19:49 . 2008-06-01 19:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 19:49 . 2008-05-30 01:06 34,296 --------- C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 19:49 . 2008-05-30 01:06 15,864 --------- C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 11:24 . 2008-06-01 11:42 0 ---hs---- C:\Documents and Settings\Raghu\Application Data\
00484197a289b19cf781e78a15777f45740098fa2e2768b88f.dat
2008-05-29 22:40 . 2008-05-29 22:40 <DIR> d-------- C:\Program Files\DivX
2008-05-29 22:37 . 2008-05-29 22:37 <DIR> d-------- C:\Program Files\Cedelia
2008-05-28 20:52 . 2008-06-07 22:07 <DIR> d-------- C:\Downloads
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Software Informer
2008-05-27 15:27 . 2008-06-08 18:15 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Free Download Manager
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-27 15:26 . 2008-06-05 19:55 <DIR> d-------- C:\Program Files\Free Download Manager
2008-05-26 23:57 . 2008-05-26 23:57 1,160 --------- C:\WINDOWS\mozver.dat
2008-05-26 14:57 . 2008-05-26 14:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-26 13:34 . 2008-05-26 13:34 <DIR> d-------- C:\Documents and Settings\Raghu\Incomplete
2008-05-26 13:34 . 2008-06-02 18:26 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\MP3Rocket
2008-05-26 13:34 . 2008-03-25 02:37 69,632 --------- C:\WINDOWS\system32\javacpl.cpl
2008-05-26 13:31 . 2008-05-26 13:31 <DIR> d-------- C:\softwares
2008-05-26 13:26 . 2008-05-26 13:26 0 --------- C:\WINDOWS\nsreg.dat
2008-05-26 13:22 . 2006-10-26 19:56 32,592 --------- C:\WINDOWS\system32\msonpmon.dll
2008-05-26 13:21 . 2008-05-26 13:21 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-26 13:20 . 2008-05-26 13:20 <DIR> d-------- C:\Program Files\MSBuild
2008-05-26 13:19 . 2008-05-26 13:19 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-26 13:18 . 2008-05-26 13:18 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-26 13:17 . 2008-05-26 13:20 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-26 13:17 . 2008-05-26 13:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-26 13:16 . 2008-05-26 13:16 <DIR> dr-h----- C:\MSOCache
2008-05-26 13:15 . 2004-08-03 23:08 26,496 --------- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-25 22:48 . 2008-05-25 22:48 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\InterVideo
2008-05-25 22:11 . 2008-05-25 22:11 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-25 22:11 . 2008-05-25 21:20 <DIR> d-------- C:\Documents and Settings\Raghu\Bluetooth Software
2008-05-25 22:11 . 2008-05-25 21:42 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\Lenovo
2008-05-25 22:11 . 2008-05-25 21:18 <DIR> d-------- C:\Documents and Settings\Raghu\Application Data\InstallShield
2008-05-25 22:11 . 2008-06-06 20:41 <DIR> d-------- C:\Documents and Settings\Raghu
2008-05-25 22:11 . 2004-08-04 05:00 221,184 --------- C:\WINDOWS\system32\wmpns.dll
2008-05-25 22:11 . 2008-05-25 22:11 50 --------- C:\WINDOWS\system32\drivers\LENOVO_7658_CTO.MRK
2008-05-25 22:11 . 2008-05-25 22:11 10 --------- C:\WINDOWS\system32\firstboot.lgl
2008-05-25 22:10 . 2008-05-25 21:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Bluetooth Software
2008-05-25 22:10 . 2008-05-25 21:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Lenovo
2008-05-25 22:10 . 2008-05-25 21:18 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
2008-05-25 22:10 . 2008-05-25 21:20 <DIR> d-a------ C:\Documents and Settings\Default User\Bluetooth Software
2008-05-25 21:45 . 2008-05-25 21:45 8,192 --------- C:\WINDOWS\REGLOCS.OLD
2008-05-25 21:42 . 2008-05-25 21:42 <DIR> d-a------ C:\Documents and Settings\Administrator\Application Data\Lenovo
2008-05-25 21:42 . 2008-05-25 21:42 61 --------- C:\WINDOWS\smscfg.ini
2008-05-25 21:41 . 2008-06-06 21:11 <DIR> dr-hs---- C:\RRbackups
2008-05-25 21:38 . 2008-06-08 00:00 <DIR> d-------- C:\SWSHARE
2008-05-25 21:38 . 2008-05-25 21:37 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-25 21:38 . 2008-05-25 21:37 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-25 21:38 . 2008-05-25 21:37 115,960 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-25 21:38 . 2008-05-25 21:38 33,536 --------- C:\WINDOWS\system32\drivers\tvtfilter.sys
2008-05-25 21:37 . 2008-05-25 21:37 7,012 --------- C:\WINDOWS\system32\drivers\pmemnt.sys
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\Picasa2
2008-05-25 21:36 . 2008-05-26 13:39 <DIR> d-------- C:\Program Files\Google
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-05-25 21:36 . 2008-05-25 21:36 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\PC-Doctor
2008-05-25 21:36 . 2007-02-05 17:45 583,232 --------- C:\WINDOWS\system32\tvt_gina.dll
2008-05-25 21:36 . 2007-02-05 17:45 292,416 --------- C:\WINDOWS\system32\tvt_gina_api.dll
2008-05-25 21:36 . 2005-11-08 09:27 11,520 --------- C:\WINDOWS\system32\drivers\ANC.sys
2008-05-25 21:36 . 2007-04-02 11:24 4,224 --------- C:\WINDOWS\system32\drivers\IBMBLDID.sys
2008-05-25 21:36 . 2008-05-25 21:36 0 --------- C:\WINDOWS\system32\AccConnAdvanced.html
2008-05-25 21:35 . 2008-05-25 21:36 <DIR> d-------- C:\Program Files\PCDR5
2008-05-25 21:35 . 2005-07-06 20:23 7,680,056 --------- C:\WINDOWS\1600_1200 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:24 5,880,056 --------- C:\WINDOWS\1400_1050 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 5,292,056 --------- C:\WINDOWS\1680_1050 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:25 5,242,936 --------- C:\WINDOWS\1280_1024 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:26 3,145,784 --------- C:\WINDOWS\1024_768 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 3,072,056 --------- C:\WINDOWS\1280_800 Think Americas Map.bmp
2008-05-25 21:35 . 2006-08-27 22:59 2,949,176 --------- C:\WINDOWS\1280_768 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-06 20:27 1,920,056 --------- C:\WINDOWS\800_600 Think Americas Map.bmp
2008-05-25 21:35 . 2005-07-07 09:06 114,688 --------- C:\WINDOWS\desktopset.exe
2008-05-25 21:32 . 2008-05-25 21:32 <DIR> d-------- C:\Program Files\Lenovo Registration
2008-05-25 21:31 . 2008-05-25 21:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-25 21:31 . 2008-05-25 21:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Lenovo
2008-05-25 21:31 . 2002-02-03 14:13 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2008-05-25 21:31 . 2002-02-07 02:43 9,679 --------- C:\WINDOWS\system32\msxml4r.cat
2008-05-25 21:31 . 2002-02-07 02:43 9,675 --------- C:\WINDOWS\system32\msxml4.cat
2008-05-25 21:31 . 2002-02-06 04:31 3,489 --------- C:\WINDOWS\system32\msxml4.Manifest
2008-05-25 21:31 . 2002-02-06 04:31 500 --------- C:\WINDOWS\system32\msxml4r.Manifest
2008-05-25 21:30 . 2008-06-05 19:55 <DIR> d-------- C:\WINDOWS\system32\DLA
2008-05-25 21:30 . 2008-05-25 21:32 <DIR> d-------- C:\Program Files\ThinkVantage
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Sonic Icons for Lenovo
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Sonic
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Multimedia Center for Think Offerings
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-------- C:\Icons
2008-05-25 21:30 . 2008-05-25 21:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-25 21:30 . 2007-01-08 13:00 923,184 --------- C:\WINDOWS\system32\ahlprun.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 05:09 269 ------w C:\Program Files\Common Files\laxu284
2008-05-26 04:37 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-26 04:18 21,393 ------w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-26 04:18 21,393 ------w C:\WINDOWS\AegisP.sys
2005-07-29 23:24 472 --sh--r C:\WINDOWS\UmFnaHU\oAIBuJo.vbs
.
((((((((((((((((((((((((((((( snapshot_2008-06-07_16.58.23.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-07 23:55:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-09 01:17:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 01:35:08 63,916 ----a-w C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll-uninst.exe
+ 2008-05-05 11:31:48 331,264 ----a-w C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll
- 2004-08-04 12:00:00 66,560 ------w C:\WINDOWS\system32\cdm.dll
+ 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2006-12-08 20:36:14 7,552 ----a-w C:\WINDOWS\system32\drivers\pxcom.sys
+ 2006-12-08 20:36:20 100,864 ----a-w C:\WINDOWS\system32\drivers\PxEmu.sys
+ 2006-12-08 20:36:14 274,688 ----a-w C:\WINDOWS\system32\drivers\pxfsf.sys
+ 2006-12-16 03:24:10 13,952 ----a-w C:\WINDOWS\system32\drivers\pxrd.sys
+ 2006-12-08 20:36:18 11,648 ----a-w C:\WINDOWS\system32\drivers\pxscrmbl.sys
+ 2006-12-08 20:36:16 18,560 ----a-w C:\WINDOWS\system32\drivers\pxtdi.sys
- 2008-06-07 18:09:57 62,746 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-07 23:59:59 62,746 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-07 18:09:57 401,632 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-07 23:59:59 401,632 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
- 2004-08-04 12:00:00 430,592 ------w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-04 12:00:00 111,104 ------w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-04 12:00:00 1,134,592 ------w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-04 12:00:00 112,640 ------w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-04 12:00:00 36,864 ------w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2004-08-04 12:00:00 120,320 ------w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-06-09 01:17:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1b0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad375087-e7d7-ddf4-e849-af36e6106378}]
2008-05-05 04:31 331264 --a------ C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d645275d-fa14-c6b8-5be5-d18519d184f2}]
2008-06-07 00:53 443904 --a------ C:\WINDOWS\system32\nwjmuwqdoflobpy.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [ ]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-30 13:15 68856]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
"fsm"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 03:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 03:07 512000]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 09:18 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 09:18 208896]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 11:03 58416]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-08 22:49 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 10:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 00:23 1015808]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-06 18:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-06 18:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-06 18:27 137752]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 03:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 10:10 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 11:00 419376]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 16:35 2630968]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"{ae91ca84-7e1d-0f19-7330-626f65ae67ed}"="C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll" [2008-05-05 04:31 331264]
"PrevxOne"="C:\Program Files\Prevx1\PXConsole.exe" [2007-01-12 18:52 1503232]
C:\Documents and Settings\Raghu\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-05-25 21:21:13 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 00:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-13 19:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 16:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-05 09:18]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ec2cd6-2b60-11dd-884d-001cbf64b05f}]
\Shell\AutoRun\command - F:\setupSNK.exe
*Newly Created Service* - PREVXDRIVER
*Newly Created Service* - PREVXTDI
*Newly Created Service* - PXRDDRIVER
.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 00:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-09 01:21:01 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-08 18:20:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lenovo\Client Security Solution\css_admin.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
.
**************************************************************************
.
Completion time: 2008-06-08 18:23:29 - machine was rebooted [Raghu]
ComboFix-quarantined-files.txt 2008-06-09 01:23:26
ComboFix2.txt 2008-06-07 23:58:49
ComboFix3.txt 2008-06-05 05:21:21
Pre-Run: 34,821,087,232 bytes free
Post-Run: 37,810,696,192 bytes free
367 --- E O F --- 2008-06-08 10:00:43
Following is the log for HIJACK ::::Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:17 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
E:\softwares\Trend Micro\hcheck\hjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ask.com/web?o=1369R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: cpmsky browser optimizer - {ad375087-e7d7-ddf4-e849-af36e6106378} - C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: mysidesearch search enhancer - {d645275d-fa14-c6b8-5be5-d18519d184f2} - C:\WINDOWS\system32\nwjmuwqdoflobpy.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{ae91ca84-7e1d-0f19-7330-626f65ae67ed}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{7b03fbc7-28d3-6770-52c8-af6b2f1fda79}.dll" DllInit
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 12670 bytes
Thanks
Rag