Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Permissions Issues, Ads Streams, And Undeleteable Files.


  • This topic is locked This topic is locked
6 replies to this topic

#1 Screaming Cheetah

Screaming Cheetah

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 21 March 2008 - 11:26 AM

As I work as an I.T. professional, and have cleaned out many machines, I just can't seem to climb out of this situation. Help me plz.....!
- Screaming Cheetah


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:52 AM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\TpPenMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\apps\SysAdmin\SafetyNets\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkpad
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpPenMon] TpPenMon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TSMResident] "C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204589082703
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: ASR Service (ASRSVC) - Lenovo Group Limited - C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TABLET Service (TabletSVC) - Lenovo Group Limited - C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 10124 bytes

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:25 AM

Posted 21 March 2008 - 03:01 PM

Hello Screaming Cheetah,

Welcome to Bleeping Computer :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Screaming Cheetah

Screaming Cheetah
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 21 March 2008 - 03:29 PM

Thanks for your help so far, teacup61. The pc rebooted successfully and the new logs are inserted below.

Any idea what malware this might be??? - ScreamingCheetah


ComboFix 08-03-21.1 - StaggerLee 2008-03-21 13:11:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1443 [GMT -7:00]
Running from: C:\Documents and Settings\LENOVO USER\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dcstds3.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 05:15 . 2008-03-21 05:15 <DIR> d-------- C:\Documents and Settings\LENOVO USER\Application Data\Thunderbird
2008-03-21 05:14 . 2008-03-21 05:26 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-03-14 17:02 . 2008-03-14 17:04 <DIR> d-------- C:\Program Files\eMailTrackerPro 2007
2008-03-14 17:02 . 2008-03-14 17:02 <DIR> d-------- C:\Documents and Settings\LENOVO USER\vw
2008-03-14 14:02 . 2008-03-14 14:02 <DIR> dr-hs---- C:\RRbackups
2008-03-14 14:00 . 2008-03-14 14:00 <DIR> d-------- C:\Program Files\TVT SMBus
2008-03-14 14:00 . 2008-03-14 14:00 <DIR> d-------- C:\Program Files\SMI2
2008-03-14 13:13 . 2008-03-14 13:19 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-14 04:49 . 2008-03-21 01:28 <DIR> d-------- C:\Program Files\YPOPs
2008-03-14 03:47 . 2008-03-14 14:02 <DIR> d--hs---- C:\WINDOWS\Installer
2008-03-12 15:36 . 2008-03-12 15:36 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-12 15:36 . 2008-03-12 15:36 <DIR> d-------- C:\Documents and Settings\LENOVO USER\Application Data\Lavasoft
2008-03-12 14:43 . 2008-03-12 14:49 <DIR> d-------- C:\Documents and Settings\LENOVO USER\SecurityScans
2008-03-12 10:52 . 2008-03-12 15:19 1,653 --a------ C:\WINDOWS\gmer.ini
2008-03-12 05:51 . 2008-03-12 05:51 <DIR> d-------- C:\KAV
2008-03-11 10:51 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\bklljobdneov.sys
2008-03-11 10:34 . 2008-03-11 10:34 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-11 10:34 . 2008-03-11 10:34 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-11 10:12 . 2007-08-24 11:00 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-10 23:53 . 2008-03-10 23:55 831 --a------ C:\WINDOWS\ldp.INI
2008-03-10 23:52 . 2008-03-10 23:52 0 --a------ C:\WINDOWS\exctrlst.INI
2008-03-10 22:45 . 2008-03-10 22:45 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-03-10 21:28 . 2008-03-10 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 21:01 . 2006-09-05 09:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-10 19:59 . 2008-03-10 19:59 30 --a------ C:\TDS3exec.bat
2008-03-10 19:52 . 2008-03-12 06:01 <DIR> d-------- C:\Program Files\TDS3
2008-03-10 17:17 . 2008-03-10 17:17 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-03-10 17:13 . 2008-03-10 17:13 <DIR> d-------- C:\Program Files\MSBuild
2008-03-10 17:10 . 2008-03-10 17:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-10 17:09 . 2008-03-10 17:09 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-10 17:08 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-03-10 01:59 . 2008-03-10 23:56 <DIR> d-------- C:\WINDOWS\tracing
2008-03-09 01:29 . 2008-03-09 01:29 <DIR> d-------- C:\Program Files\Random House Software
2008-03-05 21:35 . 2001-10-26 15:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-03-05 06:24 . 2008-03-05 06:24 <DIR> d-------- C:\Program Files\Mandiant
2008-03-05 06:23 . 2008-03-05 06:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2008-03-04 17:15 . 2020-02-02 09:25 <DIR> d-------- C:\Documents and Settings\JackStraw\Bluetooth Software
2008-03-04 17:15 . 2020-02-02 09:52 <DIR> d-------- C:\Documents and Settings\JackStraw\Application Data\ThinkVantage
2008-03-04 17:15 . 2020-02-02 09:37 <DIR> d-------- C:\Documents and Settings\JackStraw\Application Data\Symantec
2008-03-04 17:15 . 2008-03-11 01:31 <DIR> d-------- C:\Documents and Settings\JackStraw\Application Data\Lenovo
2008-03-04 17:15 . 2020-02-02 09:24 <DIR> d-------- C:\Documents and Settings\JackStraw\Application Data\InstallShield
2008-02-23 00:01 . 2008-02-23 00:01 <DIR> d-------- C:\Program Files\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-02-02 16:52 --------- d-----w C:\Documents and Settings\LENOVO USER\Application Data\ThinkVantage
2020-02-02 16:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ThinkVantage
2020-02-02 16:44 7,012 ----a-w C:\WINDOWS\system32\drivers\pmemnt.sys
2020-02-02 16:43 --------- d-----w C:\Program Files\Diskeeper Corporation
2020-02-02 16:42 --------- d-----w C:\Program Files\InterVideo
2020-02-02 16:37 --------- d-----w C:\Documents and Settings\LENOVO USER\Application Data\Symantec
2020-02-02 16:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Symantec
2020-02-02 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2020-02-02 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
2020-02-02 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Agilix
2020-02-02 16:31 --------- d-----w C:\Program Files\Microsoft Education Pack
2020-02-02 16:28 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2020-02-02 16:26 --------- d-----w C:\Program Files\CONEXANT
2020-02-02 16:26 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2020-02-02 16:25 0 ----a-w C:\WINDOWS\system32\drivers\IBM_6363_A8U_TP.MRK
2020-02-02 16:25 --------- d-----w C:\Program Files\Analog Devices
2020-02-02 16:24 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2020-02-02 16:24 --------- d-----w C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2020-02-02 16:24 --------- d-----w C:\Documents and Settings\LENOVO USER\Application Data\InstallShield
2020-02-02 16:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2020-02-02 16:23 --------- d-----w C:\Program Files\Intel
2020-02-02 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-03-21 20:04 --------- d-----w C:\Documents and Settings\LENOVO USER\Application Data\SiteAdvisor
2008-03-16 07:00 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2008-03-14 21:02 --------- d-----w C:\Documents and Settings\LENOVO USER\Application Data\Lenovo
2008-03-14 21:00 23,552 ----a-w C:\WINDOWS\system32\drivers\psasrv.exe
2008-03-14 21:00 --------- d-----w C:\Program Files\Lenovo
2008-03-14 21:00 --------- d-----w C:\Program Files\Common Files\Lenovo
2008-03-13 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lenovo
2008-03-13 22:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 18:55 --------- d-----w C:\Program Files\Symantec
2008-03-12 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 18:57 --------- d-----w C:\Program Files\Windows Journal
2008-03-11 18:57 --------- d-----w C:\Program Files\Winamp
2008-03-11 18:57 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2008-03-11 18:56 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-11 18:55 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-11 18:49 --------- d-----w C:\Program Files\Common Files\Zinio
2008-03-11 18:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-11 18:47 --------- d-----w C:\Program Files\Common Files\Elecard
2008-03-11 08:35 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-03-11 08:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lenovo
2008-03-11 08:27 17,536 ----a-w C:\WINDOWS\system32\drivers\psadd.sys
2008-03-11 07:39 --------- d-----w C:\Program Files\Microsoft Small Business
2008-03-11 07:01 --------- d-----w C:\Program Files\Support Tools
2008-03-11 00:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-10 20:21 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-03-05 18:24 --------- d-----w C:\Documents and Settings\LENOVO USER\Application Data\AveDesk
2008-03-03 21:26 3,400 ----a-w C:\WINDOWS\system32\winxtm.dll
2008-03-03 18:39 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe
2008-03-03 18:39 33,280 ----a-w C:\WINDOWS\system32\dllcache\rundll32.exe
2008-02-27 17:59 --------- d-----w C:\Documents and Settings\LENOVO USER\Application Data\Winamp
2008-02-22 11:18 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-22 11:18 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-22 11:18 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-22 11:18 10,676 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-20 23:10 --------- d-----w C:\Program Files\Essentials Codec Pack
2008-02-20 19:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-16 06:15 217,088 ----a-w C:\WINDOWS\system32\xap.dll
2008-02-16 06:15 --------- d-----w C:\Program Files\Xdevel
2008-02-09 01:37 --------- d-----w C:\Program Files\Java
2008-02-08 20:55 --------- d-----w C:\Program Files\icuii
2008-02-08 06:37 --------- d-----w C:\Documents and Settings\LENOVO USER\Application Data\Python-Eggs
2008-02-08 06:37 --------- d-----w C:\Documents and Settings\LENOVO USER\Application Data\Open Source Applications Foundation
2008-02-05 03:31 --------- d-----w C:\Program Files\Microsoft Experience Pack
2008-02-05 03:27 --------- d-----w C:\Program Files\ThinkPad
2008-02-04 12:34 --------- d-----w C:\Program Files\BBK Demo
2008-02-04 11:50 --------- d-----w C:\Program Files\Engineering Information Technologies
2008-02-04 10:33 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-04 09:34 47 ----a-w C:\WINDOWS\system32\drivers\IBM_6363_A8U.MRK
2008-02-04 08:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-04 07:58 --------- d-----w C:\Program Files\ThinkVantage
2008-01-21 17:59 --------- d-----w C:\Program Files\Microsoft Works
2007-02-24 20:36 6,006,304 -c--a-w C:\Program Files\Firefox Setup 2.0.0.2.exe
.

------- Sigcheck -------

2004-08-04 04:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

2005-03-02 11:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2005-03-02 11:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 11:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\system32\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 04:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\system32\drivers\tcpip.sys

2005-04-01 11:19 502784 986ec72d788e00e8e397b7bb7f5a9e45 C:\WINDOWS\system32\winlogon.exe

2006-05-02 03:55 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\dllcache\ndis.sys
2006-05-02 03:55 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 04:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-01 16:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2005-03-01 17:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2006-04-11 17:27 2016768 f196becedb849a135260b758fa546618 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 09:12 2017280 fa64f313f5237c53a909906113acae7d C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 01:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 02:15 2017280 2dfb215e291e3d9b1cf9a6739b3bf16c C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 01:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2005-03-01 17:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2006-04-11 17:55 2137088 7000146d1b17fe998ba56f244eacc37d C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 09:49 2137600 57b9d140e1eb8b0ea06df927b63b0eee C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 02:53 2137600 e6679c3023b17d8b78946bc5df53fa20 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 04:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [2005-07-12 11:55 94208 C:\WINDOWS\system32\tp4serv.exe]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 09:13 151552]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 09:13 208896]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-09-12 10:23 237568]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 09:11 110592]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-13 23:23 487424]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 18:05 503808]
"TpPenMon"="TpPenMon.exe" [2005-11-04 13:18 24576 C:\WINDOWS\system32\TpPenMon.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 17:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 16:06 716800]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 15:54 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-03-10 21:01 6731312]
"TSMResident"="C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.exe" [2006-11-07 03:03 40960]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-05 17:13 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-05 17:13 166424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-05 17:13 137752]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-01 18:19 94208]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 04:00 16384]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 14:18 443968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"TpShocks"="TpShocks.exe" [2006-03-15 20:04 106496 C:\WINDOWS\system32\TpShocks.exe]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 18:13 2341632]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:00 158208]

C:\Documents and Settings\LENOVO USER\Start Menu\Programs\Startup\
YPOPs.lnk - C:\Program Files\YPOPs\YPOPs.exe [2008-03-14 04:49:00 1331200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2006-11-22 16:10 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 04:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-25 20:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 03:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 07:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 04:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 04:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2006-03-15 18:08]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 01:33]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 13:18]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-25 09:13]
R1 TSMSMI;Lenovo System Interface Driver;C:\WINDOWS\system32\DRIVERS\TSMSMI32.SYS [2006-11-07 03:03]
R2 ASRSVC;ASR Service;C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2006-11-07 03:03]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-14 15:55]
R2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 20:00]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-25 20:13]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-12 11:55]
R3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2005-11-29 18:08]
S3 NDIS3Pkt;NDIS 3.0 Packet Driver;C:\WINDOWS\system32\drivers\ndis3pkt.sys [2007-09-22 01:59]
S3 RTRSys;RTRSys;C:\Program Files\XSoft\xworking\rsrsys.sys []

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 13:19:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\cscript.exe
.
**************************************************************************
.
Completion time: 2008-03-21 13:21:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-21 20:21:23
.
2008-03-07 08:50:19 --- E O F ---


----------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:31 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\apps\SysAdmin\SafetyNets\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/thinkpad
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpPenMon] TpPenMon.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TSMResident] "C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204589082703
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: ASR Service (ASRSVC) - Lenovo Group Limited - C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TABLET Service (TabletSVC) - Lenovo Group Limited - C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 9064 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:25 AM

Posted 21 March 2008 - 04:39 PM

Hello,

They're listed as Trojan Downloaders. :thumbsup: How is it running please? I see AVG AS on board. Please be sure it's fully updated and run a scan for me, then post the report in your reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Screaming Cheetah

Screaming Cheetah
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 21 March 2008 - 11:30 PM

Thank you very much. The performance has improved, as well as, an increase in functionality/accessibility.
I will continue to run through and assess everything tonight. At first sight, I'd say it's about 70% resolved and will elaborate thru a follow-up early tomorrow.

- ScreamingCheetah

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:25 AM

Posted 22 March 2008 - 11:25 AM

I'm up and at 'em! :blink: Post when you're ready. :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:25 AM

Posted 31 March 2008 - 03:39 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users