Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

NEED HELP PLEASE

Started by auring , Apr 10 2008 03:23 PM

  • This topic is locked This topic is locked
1 reply to this topic

#1 auring

auring

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 10 April 2008 - 03:23 PM

my computer is infected by conhook.D trojan, I downloaded Trend Micro HijackThis and Combofix and here are the log files, please help..thanks in advance..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:17 PM, on 4/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Users\eman\AppData\Local\djnnyp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\ProgramData\Stardock\XGF\XGFRuntimeServer.exe
C:\ProgramData\Stardock\XGF\XGFRuntimeServer.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - C:\Windows\system32\fcCrpqNG.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fcCrpqNG.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [djnnyp] c:\users\eman\appdata\local\djnnyp.exe djnnyp
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\eman\AppData\Local\Temp\urQgdBUN.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\eman\AppData\Local\Temp\yveqiokd.dll",run
O4 - HKCU\..\Run: [ec2f033e] rundll32.exe "C:\Users\eman\AppData\Local\Temp\wdccclkp.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\eman\AppData\Local\Temp\fccyvSLc.dll,#1
O4 - HKCU\..\Run: [BMef1c30a2] Rundll32.exe "C:\Users\eman\AppData\Local\Temp\crsdqfhf.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 18224 bytes



ComboFix 08-04-09.9 - eman 2008-04-10 13:06:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.739 [GMT -5:00]
Running from: C:\Users\eman\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
c:\Users\eman\AppData\Local\djnnyp.dat
c:\users\eman\appdata\local\djnnyp.exe
C:\Users\Public\Desktop\webmediaplayer.lnk
C:\Windows\system32\fcCrpqNG.dll
C:\Windows\system32\nvs2.inf
C:\Windows\system32\vtUkifCT.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-10 08:03 . 2008-04-10 08:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-09 18:32 . 2008-04-09 19:00 <DIR> d-------- C:\Program Files\RegistryMechanic
2008-04-09 17:29 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-04-09 10:33 . 2008-04-09 10:33 <DIR> d-------- C:\Users\All Users\Stardock
2008-04-09 10:33 . 2008-04-09 10:33 <DIR> d-------- C:\ProgramData\Stardock
2008-04-08 21:55 . 2008-02-14 18:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-08 21:55 . 2008-02-19 00:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-08 21:55 . 2008-02-29 01:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-08 21:55 . 2008-02-29 01:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 21:55 . 2008-02-29 01:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 21:55 . 2008-02-29 01:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 21:55 . 2008-02-29 01:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 21:55 . 2008-02-29 01:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-08 21:55 . 2008-02-29 01:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-07 23:24 . 2008-04-07 23:24 <DIR> d-------- C:\Users\eman\ChikkaDefault
2008-04-06 07:56 . 2008-04-06 07:56 <DIR> d-------- C:\Users\eman\AppData\Roaming\Ahead
2008-04-04 16:55 . 2008-04-04 17:01 <DIR> d-------- C:\Program Files\Windows Live
2008-04-04 16:55 . 2008-04-04 17:01 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 16:54 . 2008-04-04 16:54 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-04-04 16:54 . 2008-04-04 16:54 <DIR> d-------- C:\ProgramData\WLInstaller
2008-04-04 16:32 . 2008-04-04 16:32 <DIR> d-------- C:\Users\eman\AppData\Roaming\Roxio
2008-04-04 16:32 . 2008-04-04 16:32 <DIR> d-------- C:\Users\All Users\Roxio
2008-04-04 16:32 . 2008-04-04 16:32 <DIR> d-------- C:\ProgramData\Roxio
2008-04-04 11:21 . 2008-04-04 11:21 <DIR> d-------- C:\Users\All Users\Nero
2008-04-04 11:21 . 2008-04-04 11:21 <DIR> d-------- C:\ProgramData\Nero
2008-04-04 11:21 . 2008-04-04 11:21 <DIR> d-------- C:\Program Files\Nero
2008-04-04 11:21 . 2008-04-04 11:22 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-04 09:35 . 2008-04-04 09:48 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-04 09:35 . 2008-04-04 09:48 223,128 --------- C:\Windows\System32\drivers\vaxscsi.sys
2008-04-04 09:30 . 2008-04-04 09:30 643,072 --------- C:\Windows\System32\drivers\sptd.sys
2008-04-04 09:30 . 2008-04-09 14:00 140,392 --a------ C:\Windows\System32\drivers\sptd9965.sys
2008-04-02 13:41 . 2008-04-02 13:41 <DIR> d-------- C:\Users\All Users\InstallShield
2008-04-02 13:41 . 2008-04-02 13:41 <DIR> d-------- C:\ProgramData\InstallShield
2008-04-02 13:40 . 2008-04-03 09:57 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-02 13:40 . 2008-04-03 09:57 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-02 13:39 . 2008-04-02 13:39 <DIR> d-------- C:\Program Files\Polymath Software
2008-03-29 16:14 . 2008-04-09 17:33 <DIR> d-------- C:\Users\eman\File Transfer
2008-03-28 12:45 . 2008-03-28 12:46 <DIR> d-------- C:\Users\eman\AppData\Roaming\PDF reDirect
2008-03-28 12:45 . 2008-03-28 12:45 <DIR> d-------- C:\Program Files\PDF reDirect
2008-03-27 18:38 . 2008-03-27 21:03 <DIR> d-------- C:\Users\eman\AppData\Roaming\DivX
2008-03-27 18:35 . 2008-03-27 18:35 <DIR> d-------- C:\Program Files\DivX
2008-03-27 18:28 . 2008-03-27 18:28 <DIR> d-------- C:\Program Files\Foxit Software
2008-03-27 17:40 . 2008-03-27 17:40 <DIR> d-------- C:\Program Files\PC Inspector File Recovery
2008-03-27 17:40 . 2002-02-18 18:40 6,200 --------- C:\Windows\System32\INT13EXT.VXD
2008-03-27 17:16 . 2008-04-09 12:25 <DIR> d-------- C:\SFSCHLR
2008-03-27 17:06 . 2008-03-27 17:28 <DIR> d-------- C:\SFScholarToolbar
2008-03-27 17:04 . 2000-03-10 10:05 863,744 --------- C:\Windows\System32\Cw3245mt.dll
2008-03-27 17:04 . 2000-03-10 10:05 271,872 --------- C:\Windows\System32\Cxf0332b.dll
2008-03-27 17:04 . 2000-03-10 10:05 260,096 --------- C:\Windows\System32\Cxf0332a.dll
2008-03-27 17:04 . 2007-05-16 10:30 118,784 --------- C:\Windows\System32\SciFiSoft.dll
2008-03-27 17:04 . 2000-03-10 10:05 25,088 --------- C:\Windows\System32\Cxf0332c.dll
2008-03-27 13:29 . 2004-06-17 11:37 209,608 --------- C:\Windows\System32\TABCTL32.OCX
2008-03-26 10:01 . 2006-10-26 19:58 30,512 --------- C:\Windows\System32\mdimon.dll
2008-03-26 10:00 . 2006-10-26 19:56 32,592 --------- C:\Windows\System32\msonpmon.dll
2008-03-26 09:59 . 2008-03-26 09:59 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-26 09:55 . 2008-03-26 09:55 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-26 09:52 . 2008-03-26 09:52 <DIR> dr-h----- C:\MSOCache
2008-03-26 09:19 . 2008-03-26 09:19 <DIR> d-------- C:\Users\eman\AppData\Roaming\InterVideo
2008-03-26 01:45 . 2008-03-26 01:45 47 --------- C:\Windows\System32\drivers\IBM_7658_CTO.MRK
2008-03-25 23:17 . 2008-03-25 23:17 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-03-25 23:17 . 2008-03-25 23:17 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-03-25 12:37 . 2008-03-25 12:38 54,156 ---h----- C:\Windows\QTFont.qfn
2008-03-25 12:37 . 2008-03-25 12:38 1,409 --------- C:\Windows\QTFont.for
2008-03-25 08:49 . 2008-03-29 14:00 <DIR> d-------- C:\Users\eman\AppData\Roaming\Apple Computer
2008-03-25 08:49 . 2008-03-25 08:49 <DIR> d-------- C:\Program Files\iTunes
2008-03-25 08:49 . 2008-03-25 08:49 <DIR> d-------- C:\Program Files\iPod
2008-03-25 08:48 . 2008-03-25 08:48 <DIR> d-------- C:\Program Files\Bonjour
2008-03-25 08:47 . 2008-03-25 08:49 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-03-25 08:47 . 2008-03-25 08:49 <DIR> d-------- C:\ProgramData\Apple Computer
2008-03-25 08:47 . 2008-03-25 08:48 <DIR> d-------- C:\Program Files\QuickTime
2008-03-25 08:47 . 2008-03-25 08:47 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-25 08:46 . 2008-03-25 08:46 <DIR> d-------- C:\Users\All Users\Apple
2008-03-25 08:46 . 2008-03-25 08:46 <DIR> d-------- C:\ProgramData\Apple
2008-03-25 08:46 . 2008-03-25 08:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-25 00:55 . 2008-03-25 00:55 <DIR> d-------- C:\Users\eman\AppData\Roaming\Yahoo!
2008-03-25 00:55 . 2008-03-25 00:57 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-03-25 00:55 . 2008-03-25 00:57 <DIR> d-------- C:\ProgramData\Yahoo!
2008-03-25 00:55 . 2008-03-25 00:55 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-25 00:07 . 2008-03-06 21:32 23,904 --------- C:\Windows\System32\drivers\COH_Mon.sys
2008-03-25 00:07 . 2008-03-06 21:32 10,537 --------- C:\Windows\System32\drivers\COH_Mon.cat
2008-03-25 00:07 . 2008-03-06 21:32 706 --------- C:\Windows\System32\drivers\COH_Mon.inf
2008-03-24 23:57 . 2008-03-24 23:57 <DIR> d-------- C:\Users\eman\AppData\Roaming\Leadertech
2008-03-24 22:45 . 2008-03-24 22:45 194,560 --------- C:\Windows\System32\WebClnt.dll
2008-03-24 22:45 . 2008-03-24 22:45 110,080 --------- C:\Windows\System32\drivers\mrxdav.sys
2008-03-24 22:39 . 2008-03-24 22:39 3,505,720 --------- C:\Windows\System32\ntkrnlpa.exe
2008-03-24 22:39 . 2008-03-24 22:39 3,471,928 --------- C:\Windows\System32\ntoskrnl.exe
2008-03-24 22:39 . 2008-03-24 22:39 1,060,920 --------- C:\Windows\System32\drivers\ntfs.sys
2008-03-24 22:39 . 2008-03-24 22:39 154,624 --------- C:\Windows\System32\drivers\nwifi.sys
2008-03-24 22:39 . 2008-03-24 22:39 109,624 --------- C:\Windows\System32\drivers\ataport.sys
2008-03-24 22:39 . 2008-03-24 22:39 45,112 --------- C:\Windows\System32\drivers\pciidex.sys
2008-03-24 22:39 . 2008-03-24 22:39 21,560 --------- C:\Windows\System32\drivers\atapi.sys
2008-03-24 22:39 . 2008-03-24 22:39 17,464 --------- C:\Windows\System32\drivers\intelide.sys
2008-03-24 22:38 . 2008-03-24 22:38 4,247,552 --------- C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-24 22:38 . 2008-03-24 22:38 1,686,528 --------- C:\Windows\System32\gameux.dll
2008-03-24 22:38 . 2008-03-24 22:38 803,328 --------- C:\Windows\System32\drivers\tcpip.sys
2008-03-24 22:38 . 2008-03-24 22:38 216,632 --------- C:\Windows\System32\drivers\netio.sys
2008-03-24 22:38 . 2008-03-24 22:38 167,424 --------- C:\Windows\System32\tcpipcfg.dll
2008-03-24 22:38 . 2008-03-24 22:38 24,064 --------- C:\Windows\System32\netcfg.exe
2008-03-24 22:38 . 2008-03-24 22:38 22,016 --------- C:\Windows\System32\netiougc.exe
2008-03-24 22:37 . 2008-03-24 22:37 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 19:08 --------- d-----w C:\Program Files\Windows Mail
2008-04-04 21:30 --------- d-----w C:\Users\eman\AppData\Roaming\Lenovo
2008-03-27 00:21 --------- d-----w C:\Users\eman\AppData\Roaming\Skype
2008-03-26 14:59 --------- d-----w C:\Program Files\MSBuild
2008-03-26 05:05 --------- d-----w C:\Users\eman\AppData\Roaming\skypePM
2008-03-25 03:41 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-25 03:41 495,160 ------w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-25 03:41 35,384 ------w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-25 03:41 35,384 ------w C:\Windows\system32\drivers\kbdclass.sys
2008-03-25 03:41 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-25 03:41 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-25 03:41 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-25 03:41 15,872 ------w C:\Windows\system32\drivers\kbdhid.sys
2008-03-25 03:38 537,600 ------w C:\Windows\AppPatch\AcLayers.dll
2008-03-25 03:38 449,536 ------w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-25 03:38 2,144,256 ------w C:\Windows\AppPatch\AcGenral.dll
2008-03-25 03:38 173,056 ------w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-19 17:30 174 --sh--w C:\Program Files\desktop.ini
2008-03-19 17:16 29,184 ------w C:\Windows\system32\drivers\BTHUSB.SYS
2008-03-19 17:16 25,656 ------w C:\Windows\system32\drivers\msahci.sys
2008-03-19 17:16 220,160 ------w C:\Windows\system32\drivers\bthport.sys
2008-03-19 17:16 211,000 ------w C:\Windows\system32\drivers\volsnap.sys
2008-03-19 17:16 20,024 ------w C:\Windows\system32\drivers\viaide.sys
2008-03-19 17:16 19,456 ------w C:\Windows\system32\drivers\bthenum.sys
2008-03-19 17:16 19,000 ------w C:\Windows\system32\drivers\cmdide.sys
2008-03-19 17:16 17,976 ------w C:\Windows\system32\drivers\amdide.sys
2008-03-19 17:16 17,464 ------w C:\Windows\system32\drivers\aliide.sys
2008-03-19 17:16 15,928 ------w C:\Windows\system32\drivers\pciide.sys
2008-03-19 17:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-19 17:15 84,992 ------w C:\Windows\system32\drivers\srvnet.sys
2008-03-19 17:15 58,368 ------w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-19 17:15 130,048 ------w C:\Windows\system32\drivers\srv2.sys
2008-03-19 17:15 101,888 ------w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-19 17:13 28,344 ------w C:\Windows\system32\drivers\battc.sys
2008-03-19 17:13 258,232 ------w C:\Windows\system32\drivers\acpi.sys
2008-03-19 17:13 20,920 ------w C:\Windows\system32\drivers\compbatt.sys
2008-03-19 17:13 2,923,520 ------w C:\Windows\explorer.exe
2008-03-19 17:13 14,208 ------w C:\Windows\system32\drivers\CmBatt.sys
2008-03-19 17:13 11,264 ------w C:\Windows\system32\drivers\wmiacpi.sys
2008-03-19 17:12 73,216 ------w C:\Windows\system32\drivers\usbccgp.sys
2008-03-19 17:12 5,888 ------w C:\Windows\system32\drivers\usbd.sys
2008-03-19 17:12 38,400 ------w C:\Windows\system32\drivers\usbehci.sys
2008-03-19 17:12 23,040 ------w C:\Windows\system32\drivers\usbuhci.sys
2008-03-19 17:12 224,768 ------w C:\Windows\system32\drivers\usbport.sys
2008-03-19 17:12 193,536 ------w C:\Windows\system32\drivers\usbhub.sys
2008-03-19 17:10 70,144 ------w C:\Windows\system32\drivers\pacer.sys
2008-03-19 17:10 619,008 ------w C:\Windows\system32\drivers\dxgkrnl.sys
2008-03-19 17:10 61,952 ------w C:\Windows\system32\drivers\wanarp.sys
2008-03-19 17:10 53,760 ------w C:\Windows\system32\drivers\hdaudbus.sys
2008-03-19 17:10 48,640 ------w C:\Windows\system32\drivers\ndproxy.sys
2008-03-19 17:10 20,480 ------w C:\Windows\system32\drivers\ndistapi.sys
2008-03-19 17:10 13,312 ------w C:\Windows\system32\drivers\sffdisk.sys
2008-03-19 17:10 12,800 ------w C:\Windows\system32\drivers\sffp_sd.sys
2008-03-19 17:10 12,800 ------w C:\Windows\system32\drivers\sffp_mmc.sys
2008-03-19 17:10 --------- d-----w C:\Program Files\Windows Calendar
2008-03-19 17:09 63,488 ------w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-19 17:09 23,040 ------w C:\Windows\system32\drivers\tunnel.sys
2008-03-19 17:09 15,360 ------w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-19 17:08 74,752 ------w C:\Windows\system32\drivers\rasl2tp.sys
2008-03-19 17:08 60,928 ------w C:\Windows\system32\drivers\raspptp.sys
2008-03-19 17:08 12,800 ------w C:\Windows\system32\drivers\fs_rec.sys
2008-03-19 17:08 --------- d-----w C:\Program Files\Windows Defender
2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys
2008-02-28 03:11 32 ------w C:\Users\All Users\ezsid.dat
2008-02-28 03:11 32 ------w C:\ProgramData\ezsid.dat
2008-02-28 03:08 --------- d-----w C:\ProgramData\Skype
2008-02-28 03:08 --------- d-----w C:\Program Files\Skype
2008-02-28 03:08 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-28 00:34 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-19 12:16 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-27 22:09 171448]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-19 12:08 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 04:20 820520]
"snp2uvc"="C:\Windows\vsnp2uvc.exe" [2006-12-28 21:48 569344]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-07-09 15:40 1282048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-23 21:57 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-23 21:56 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-23 21:57 129560]
"RoxioDragToDisc"="C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 11:05 1116920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2005-09-05 22:55 339968]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 13:03 2630968]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 05:51 91688]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 00:49 66176]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 13:04 59168]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-04-26 12:10 120368]
"TpShocks"="TpShocks.exe" [2007-11-22 17:09 181536 C:\Windows\System32\TpShocks.exe]
"CameraApplicationLauncher"="C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2007-08-22 19:26 16384]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-12-06 12:11 324896]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-12-06 12:11 214576]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 12:32 243248]
"LenovoOobeOffers"="c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 14:53 28672]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 18:21 217176]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 13:00 419376]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 17:49 124200]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 17:48 419112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 20:23 443968]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 15:11:50 719664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-19 12:45:06 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-03-15 00:17 89600 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{03D6F541-4BE7-4039-B9A6-13A8A24F5BD2}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:skype
"{C4C4C03A-1F39-4D0A-B226-D873A804E1E6}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:skype
"{E2AC9AD2-A149-4F17-A019-B2EA9912E0A5}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{16C4EF81-A5FF-4093-B4D4-2DA803A1E539}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6251584E-7E1C-489A-85B4-5817B820407D}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{EADDD870-A607-4969-89B5-3AB8996D3B09}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{010B29D4-8262-4DDB-83EF-90422891F674}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{96FF032D-D16A-4488-8611-4941A08751EE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{39D52858-437B-4B70-9FF4-9023C5C5B469}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{56795E8F-E923-4B3C-891A-6DC3036EF85C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{99B636A6-FACF-4469-BD7E-92C1B7BC8037}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{26F2FED2-82F8-4F1E-AD9F-28004D8131FB}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3BEE8D56-7477-4930-8D58-CAAC6EE18C5E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F7E6FC93-D1C8-4697-9B63-9C4D3165609B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B75DB588-C554-43F5-8B10-4D94582F3E60}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9F25BE4B-C3F5-4C66-87BF-736BF8A84091}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Shockprf;Shockprf;C:\Windows\system32\DRIVERS\Apsx86.sys [2007-10-16 20:33]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM86.sys [2007-10-16 20:32]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 22:05]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-03-12 08:30]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 05:04]
R1 TPPWRIF;TPPWRIF;C:\Windows\system32\drivers\Tppwr32v.sys [2007-12-06 12:11]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 17:44]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-15 00:10]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 TPHKSVC;On Screen Display;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 00:07]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-08 22:03]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 02:44]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-10-17 21:58]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 01:23]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 17:32]
R3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-03-14 23:50]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 17:59]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 02:30]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 13:46]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 00:20]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 00:20]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 18:15:06 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- c:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-10 04:00:34 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - eman.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 13:15:15
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

folder error: C:\Windows\system32
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\ibmpmsvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ProgramData\Stardock\XGF\XGFRuntimeServer.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Users\eman\AppData\Local\Temp\{145DBDE3-582C-418C-AE09-29E140F13519}\Sidebar Clock.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-04-10 13:20:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 18:19:50
Pre-Run: 50,835,955,712 bytes free
Post-Run: 50,283,421,696 bytes free
.
2008-04-10 07:05:44 --- E O F ---

Edited by auring, 10 April 2008 - 05:03 PM.

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 April 2008 - 03:28 PM

Your post has been Moved, Closed or Edited for one of the following reasons:

1.) You posted multiple topics and only one is required

2.) You are spamming links to other places without approval

3.) You have posted your hijackthis log to the wrong forum:
( http://forums.whatth...emoval_f27.html ) <--- correct forum for HijackThis Logs

4.) Abusive language or other problems in your text

5.) Your log is too old (20 days or more) and no replies from you after a volunteer tried to help you

If you came here for help, and you have not posted a Hijackthis log to the proper forum, then you may do so now, if you came here to spam or abuse, you will be dealt with harsher on your next offense

This is a family oriented forum to help those that need help.

==============================

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·