Please download Combofix and save to your desktop:
Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
Yes I do have USB devices and... it's already too late :-/ well, my fault, I installed USB before I read this post and problem came back :-/ Hacktool again is trying to attack my comp.
Shall I run ComboFix again? and what next with USB devices? huh, this is REALLY difficult virus to delete...
PS: I'm using CompactFlash cards as my USB Data Storage Devices. These are digital camera's data containers - is it enough if I format them in camera? will it kill the bug?
OK, I made it again, there is log below again ( in two pieces this time ). What's next?
ComboFix 08-01-29.3 - Dunadan 2008-01-31 0:02:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1169 [GMT 1:00]
Running from: C:\Documents and Settings\Dunadan\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! .
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Save the File as
CFScript(exactly as shown no spaces) ->> Save it to your
Desktop
Using the Image as a reference, drag
CFScript into
ComboFix.exe
You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply
On the second part of the Combofix log, I cant read it
When you compose and submit your reply, please make sure the box under your text which shows "Automatically convert carriage returns to HTML line breaks" is checked or your reply may not format correctly.
Done. Log is below ( 2 parts again ) - waiting for further orders.
ComboFix 08-01-29.3 - Dunadan 2008-01-31 15:28:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1319 [GMT 1:00]
Running from: C:\Documents and Settings\Dunadan\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dunadan\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Well, everything is OK ;-) I need more time to check if system works properly ( I had problems with FierFox ). And what about USB devices?
EDIT: FireFox is still hanging from time to time. I have no idea why. I have newst version. It hangs randomly, usually at the moment of opening some page or at moment of endind in downloading it. I was trying to reinstall it - didn't help.
Here goes fresh Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17, on 2008-01-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Under "Save as type" Select " all files" ->>Save it to your Desktop Close Notepad The cmd.bat file should now appear on your Desktop (if it saved properly it should appear as a blue box with a gear in the middle of it) Double Click that file (It will appear that nothing has happened, but that's o.k.)
Reboot your PC.
2. Go HERE and download the Flash_Disinfector tool by sUBs
Save it to your Desktop Double Click to run the tool Follow the promts Have any USB memory items ready if prompted to attach them
3. Once done ->> Reboot your PC ->> Rerrun Hijackthis and post a fresh Hijackthis log
bamajim
10.4K Posts
0
January 28th, 2008 14:00
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
"The world is what you make of it"
Featinwe
14 Posts
0
January 29th, 2008 17:00
PS, here is log:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.
2008-01-29 13:41 . 2008-01-29 17:21 103,894 -r-hs---- C:\ylr.exe
2008-01-28 10:29 . 2008-01-29 18:52 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-01-28 09:55 . 2008-01-28 09:55 d-------- C:\Program Files\Bethesda Softworks
2008-01-27 23:39 . 2008-01-27 23:39 177 --a------ C:\ioSpecial.ini
2008-01-27 22:28 . 2008-01-27 22:28 d-------- C:\Program Files\Trend Micro
2008-01-27 21:23 . 2008-01-27 21:31 d-------- C:\Program Files\SkanerOnline
2008-01-27 20:24 . 2008-01-28 00:02 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-27 20:24 . 2008-01-27 20:24 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\SUPERAntiSpyware.com
2008-01-27 20:24 . 2008-01-27 20:24 d-------- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-01-27 20:23 . 2008-01-27 20:23 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 18:29 . 2008-01-28 09:28 105,293 -r-hs---- C:\xo8wr9.exe
2008-01-27 15:15 . 2008-01-25 08:18 104,822 -r-hs---- C:\QD.0MD
2008-01-26 12:10 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-26 12:10 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-26 12:10 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-26 12:10 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-23 00:44 . 2008-01-23 00:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 00:44 . 2008-01-23 00:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 14:44 . 2008-01-21 14:44 d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel
2008-01-19 21:00 . 2008-01-19 21:01 d-------- C:\Program Files\QuickTime
2008-01-19 12:14 . 2008-01-19 12:14 335 --a------ C:\WINDOWS\mozregistry.dat
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-06 22:19 . 2008-01-27 23:39 d-------- C:\Program Files\Common Files\Onet.pl
2008-01-06 22:19 . 2008-01-06 22:19 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Kamerzysta
2008-01-06 22:19 . 2008-01-06 22:19 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\AutoUpdate
2008-01-06 21:46 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-06 21:46 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-06 21:46 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-06 21:43 . 2008-01-21 23:25 d-------- C:\WINDOWS\system32\LogFiles
2008-01-06 21:43 . 2008-01-06 21:44 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-05 18:14 . 2008-01-05 18:14 512 --------- C:\drmHeader.bin
2008-01-05 17:39 . 2008-01-05 17:39 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Gadu-Gadu
2008-01-05 12:50 . 2008-01-05 12:50 d-------- C:\Program Files\Apple Software Update
2008-01-05 12:50 . 2008-01-05 12:50 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-01-04 22:12 . 2008-01-04 22:13 d-------- C:\Program Files\easyHDR
2008-01-04 13:04 . 2008-01-29 19:10 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\skypePM
2008-01-04 13:04 . 2008-01-04 13:04 32 --------- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-04 13:02 . 2008-01-29 20:23 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Skype
2008-01-04 13:00 . 2008-01-04 13:00 d-------- C:\Program Files\Skype
2008-01-04 13:00 . 2008-01-04 13:00 d-------- C:\Program Files\Common Files\Skype
2008-01-04 13:00 . 2008-01-04 13:00 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-04 11:27 . 2008-01-05 17:50 d-------- C:\Documents and Settings\Dunadan\Gadu-Gadu
2008-01-04 11:26 . 2008-01-04 11:27 d-------- C:\Program Files\Gadu-Gadu
2008-01-03 22:21 . 2008-01-03 22:21 d-------- C:\Program Files\CCleaner
2008-01-03 21:48 . 2008-01-03 21:57 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-03 21:08 . 2008-01-29 20:31 d-------- C:\Program Files\Spyware Doctor
2008-01-03 21:08 . 2008-01-03 21:08 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\PC Tools
2008-01-03 21:08 . 2008-01-29 20:31 d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-03 21:08 . 2005-09-23 08:29 626,688 --------- C:\WINDOWS\system32\msvcr80.dll
2008-01-03 21:08 . 2007-10-18 00:16 79,688 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-03 21:08 . 2007-10-18 00:15 62,280 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-03 21:08 . 2007-10-18 00:14 41,288 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-03 21:08 . 2007-10-18 00:16 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-01-03 11:09 . 2007-05-29 13:55 22,112 --------- C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-03 11:09 . 2007-05-29 13:55 10,592 --------- C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-03 11:09 . 2007-05-29 13:55 705 --------- C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-01 20:25 . 2008-01-01 20:25 d-------- C:\WINDOWS\Sun
2008-01-01 19:05 . 2008-01-28 09:31 d-------- C:\NeverwinterNights
2007-12-31 13:19 . 2007-12-31 13:19 d-------- C:\Program Files\Konami
2007-12-30 22:59 . 2007-12-30 22:59 d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2007-12-30 22:44 . 2007-12-30 22:44 d-------- C:\Program Files\Bonjour
2007-12-30 22:37 . 2007-12-30 22:37 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-30 22:30 . 2007-12-30 22:30 d-------- C:\Program Files\DAEMON Tools Lite
2007-12-30 22:30 . 2007-12-30 22:30 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\DAEMON Tools
2007-12-30 22:27 . 2007-12-30 22:27 715,248 --------- C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 21:11 . 2007-12-30 21:11 d-------- C:\Program Files\MSXML 6.0
2007-12-30 21:08 . 2007-12-30 21:08 d-------- C:\Program Files\MSXML 4.0
2007-12-30 20:48 . 2007-12-30 20:48 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Sonic
2007-12-30 19:27 . 2007-12-30 19:27 892,928 --------- C:\WINDOWS\system32\iconv.dll
2007-12-30 19:27 . 2007-12-30 19:27 577,536 --------- C:\WINDOWS\system32\ac3filter.ax
2007-12-30 19:26 . 2007-12-30 19:26 237,568 --------- C:\WINDOWS\system32\OggDS.dll
2007-12-30 19:25 . 2007-12-30 19:25 1,415,680 --------- C:\WINDOWS\system32\WMV9VCM.dll
2007-12-30 19:25 . 2007-12-30 19:25 921,600 --------- C:\WINDOWS\system32\vorbisenc.dll
2007-12-30 19:25 . 2007-12-30 19:25 188,416 --------- C:\WINDOWS\system32\vorbis.dll
2007-12-30 19:25 . 2007-12-30 19:25 45,056 --------- C:\WINDOWS\system32\ogg.dll
2007-12-30 19:24 . 2007-12-30 19:24 729,088 --------- C:\WINDOWS\system32\divxdec.ax
2007-12-30 19:24 . 2007-12-30 19:24 391,168 --------- C:\WINDOWS\system32\i263_32.drv
2007-12-30 19:24 . 2007-12-30 19:24 245,760 --------- C:\WINDOWS\system32\mplvpx.dll
2007-12-30 19:24 . 2007-12-30 19:24 106,496 --------- C:\WINDOWS\system32\lmpgspl.ax
2007-12-30 19:24 . 2007-12-30 19:24 94,208 --------- C:\WINDOWS\system32\lmpgvd.ax
2007-12-30 19:24 . 2007-12-30 19:24 86,528 --------- C:\WINDOWS\system32\DVDVideo.ax
2007-12-30 19:24 . 2007-12-30 19:24 9,216 --------- C:\WINDOWS\system32\cpuinf32.dll
2007-12-30 19:23 . 2007-12-30 19:23 740,442 --------- C:\WINDOWS\system32\DivX.dll
2007-12-30 19:23 . 2007-12-30 19:23 352,401 --------- C:\WINDOWS\system32\DivXMedia.ax
2007-12-30 19:23 . 2007-12-30 19:23 77,824 --------- C:\WINDOWS\system32\xvid.ax
2007-12-30 19:22 . 2007-12-30 19:22 1,559,040 --------- C:\WINDOWS\system32\xvidcore.dll
2007-12-30 19:20 . 2007-12-30 19:20 d-------- C:\Program Files\MarBit
2007-12-30 18:55 . 2008-01-27 19:37 d-------- C:\Program Files\eMule
2007-12-30 18:53 . 2008-01-20 21:26 d-------- C:\Program Files\IL-2-STURMOVIK
2007-12-30 18:38 . 2007-12-30 18:49 d-------- C:\Program Files\Winamp
2007-12-30 18:38 . 2007-12-30 18:49 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Winamp
2007-12-30 18:35 . 2007-12-30 18:35 1,167 --------- C:\WINDOWS\mozver.dat
2007-12-30 17:38 . 2007-07-30 19:19 43,352 --------- C:\WINDOWS\system32\wups2.dll
2007-12-30 17:38 . 2007-07-30 19:19 38,232 --------- C:\WINDOWS\system32\wucltui.dll.mui
2007-12-30 17:38 . 2007-07-30 19:20 30,040 --------- C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-30 17:38 . 2007-07-30 19:20 30,040 --------- C:\WINDOWS\system32\wuapi.dll.mui
2007-12-30 17:38 . 2007-07-30 19:18 21,336 --------- C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-30 17:34 . 2007-12-30 17:34 0 --------- C:\WINDOWS\nsreg.dat
2007-12-30 17:24 . 2007-12-30 17:26 d-------- C:\WINDOWS\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 08:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 08:50 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-01-22 15:02 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-01-19 20:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-01-06 20:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-05 13:14 --------- d-----w C:\Program Files\Google
2008-01-03 10:09 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-30 16:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-30 16:11 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-30 16:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-30 16:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-30 16:11 --------- d-----w C:\Program Files\Symantec
2007-12-26 18:31 --------- d-----w C:\Documents and Settings\Dunadan\Dane aplikacji\Intel
2007-12-26 09:35 --------- d-----w C:\Documents and Settings\Dunadan\Dane aplikacji\Apple Computer
2007-12-26 09:28 --------- d-----w C:\Program Files\Common Files\Canon
2007-12-25 22:57 --------- d-----w C:\Documents and Settings\Dunadan\Dane aplikacji\InterVideo
2007-12-25 22:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-12-25 05:05 --------- d-----w C:\Documents and Settings\Dunadan\Dane aplikacji\Leadertech
2007-12-25 00:46 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-25 00:45 50 ------w C:\WINDOWS\system32\drivers\LENOVO_6460_6WG.MRK
2007-12-25 00:44 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 22:51 --------- d--h--w C:\Program Files\Uninstall Information
2007-11-30 22:51 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-30 16:01 --------- d-----w C:\Program Files\Microsoft Small Business
2007-11-30 15:59 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-30 15:59 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-11-30 15:56 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2007-11-30 15:56 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-11-30 15:55 --------- d-----w C:\Program Files\Microsoft Works
2007-11-30 15:51 --------- d-----w C:\Program Files\Lenovo
2007-11-30 15:47 --------- d-----w C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\Dunadan\Dane aplikacji\Lenovo
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\UIB
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Lenovo
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\Administrator\Dane aplikacji\Lenovo
2007-11-30 15:40 --------- d-----w C:\Program Files\Common Files\Lenovo
2007-11-30 15:39 33,536 ------w C:\WINDOWS\system32\drivers\tvtfilter.sys
2007-11-30 15:38 7,012 ------w C:\WINDOWS\system32\drivers\pmemnt.sys
2007-11-30 15:38 --------- d-----w C:\Program Files\ThinkPad
2007-11-30 15:38 --------- d-----w C:\Program Files\Picasa2
2007-11-30 15:37 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\PC-Doctor
2007-11-30 15:37 --------- d-----w C:\Program Files\PCDR5
2007-11-30 15:37 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-11-30 15:33 --------- d-----w C:\Program Files\ThinkVantage
2007-11-30 15:33 --------- d-----w C:\Program Files\Lenovo Registration
2007-11-30 15:32 --------- d-----w C:\Program Files\Common Files\Installshield
2007-11-30 15:31 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-11-30 15:31 --------- d-----w C:\Program Files\Sonic Icons for Lenovo
2007-11-30 15:31 --------- d-----w C:\Program Files\Sonic
2007-11-30 15:31 --------- d-----w C:\Program Files\Multimedia Center for Think Offerings
2007-11-30 15:31 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-11-30 15:31 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-30 15:29 --------- d-----w C:\Program Files\InterVideo
2007-11-30 15:29 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-11-30 15:28 --------- d-----w C:\Program Files\Java
2007-11-30 15:28 --------- d-----w C:\Program Files\Common Files\Java
2007-11-30 15:23 --------- d---a-w C:\Documents and Settings\LocalService\Dane aplikacji\Intel
2007-11-30 15:22 --------- d-----w C:\Program Files\Analog Devices
2007-11-30 15:21 --------- d-----w C:\Program Files\Digital Line Detect
2007-11-30 15:20 --------- d-----w C:\Program Files\NetWaiting
2007-11-30 15:20 --------- d-----w C:\Program Files\CONEXANT
2007-11-30 15:18 --------- d---a-w C:\Documents and Settings\Dunadan\Dane aplikacji\InstallShield
2007-11-30 15:18 --------- d---a-w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2007-11-30 15:18 --------- d-----w C:\Program Files\Common Files\snp2uvc
2007-11-30 15:17 21,393 ------w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-30 15:17 21,393 ------w C:\WINDOWS\AegisP.sys
2007-11-30 15:17 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Intel
2007-11-30 15:17 --------- d-----w C:\Program Files\Synaptics
2007-11-30 15:16 --------- d-----w C:\Program Files\Intel
2007-11-07 09:50 729,088 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:44 1,291,264 ------w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 11:46 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 11:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 11:07 512000]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 17:18 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 17:18 208896]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 19:03 58416]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 06:49 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 18:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 08:23 1015808]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2007-04-03 19:55 839680]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-17 16:53 8433664]
"nwiz"="nwiz.exe" [2007-05-17 16:53 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-17 16:53 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 11:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 18:10 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 19:00 419376]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-30 16:21:02 50688]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-14 22:17 89600 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 08:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 03:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 16:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-05 17:18]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 16:23]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2006-04-14 10:07]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 22:10]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-14 21:50]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]
S3 ADLLBJBSTEXP;ADLLBJBSTEXP;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\ADLLBJBSTEXP.exe []
S3 DKEMONKHLMOUAOD;DKEMONKHLMOUAOD;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\DKEMONKHLMOUAOD.exe []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 FNY;FNY;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\FNY.exe []
S3 REKPU;REKPU;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\REKPU.exe []
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 UZOJVYT;UZOJVYT;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\UZOJVYT.exe []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2ec4b72-be02-11dc-bebd-001de01bbeb5}]
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 19:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 19:00:13 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Dunadan.job"
Message Edited by Featinwe on 01-29-2008 01:58 PM
Message Edited by Featinwe on 01-29-2008 01:58 PM
bamajim
10.4K Posts
0
January 30th, 2008 15:00
"The world is what you make of it"
Featinwe
14 Posts
0
January 30th, 2008 19:00
Shall I run ComboFix again? and what next with USB devices? huh, this is REALLY difficult virus to delete...
PS: I'm using CompactFlash cards as my USB Data Storage Devices. These are digital camera's data containers - is it enough if I format them in camera? will it kill the bug?
Message Edited by Featinwe on 01-30-2008 04:22 PM
bamajim
10.4K Posts
0
January 30th, 2008 20:00
"The world is what you make of it"
Featinwe
14 Posts
0
January 30th, 2008 21:00
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1169 [GMT 1:00]
Running from: C:\Documents and Settings\Dunadan\Pulpit\ComboFix.exe
.
.
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo1.dll
.
---- Previous Run -------
.
C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-29 13:41 . 2008-01-29 17:21 103,894 -r-hs---- C:\ylr.exe
2008-01-28 10:29 . 2008-01-29 23:15 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-01-28 09:55 . 2008-01-28 09:55
2008-01-27 23:39 . 2008-01-27 23:39 177 --a------ C:\ioSpecial.ini
2008-01-27 22:28 . 2008-01-27 22:28
2008-01-27 21:23 . 2008-01-27 21:31
2008-01-27 20:24 . 2008-01-28 00:02
2008-01-27 20:24 . 2008-01-27 20:24
2008-01-27 20:24 . 2008-01-27 20:24
2008-01-27 20:23 . 2008-01-27 20:23
2008-01-27 18:29 . 2008-01-28 09:28 105,293 -r-hs---- C:\xo8wr9.exe
2008-01-27 15:15 . 2008-01-25 08:18 104,822 -r-hs---- C:\QD.0MD
2008-01-26 12:10 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-26 12:10 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-26 12:10 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-26 12:10 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-23 00:44 . 2008-01-23 00:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 00:44 . 2008-01-23 00:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 14:44 . 2008-01-21 14:44
2008-01-19 21:00 . 2008-01-19 21:01
2008-01-19 12:14 . 2008-01-19 12:14 335 --a------ C:\WINDOWS\mozregistry.dat
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-06 22:19 . 2008-01-27 23:39
2008-01-06 22:19 . 2008-01-06 22:19
2008-01-06 22:19 . 2008-01-06 22:19
2008-01-06 21:46 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-06 21:46 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-06 21:46 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-06 21:43 . 2008-01-21 23:25
2008-01-06 21:43 . 2008-01-06 21:44
2008-01-05 18:14 . 2008-01-05 18:14 512 --------- C:\drmHeader.bin
2008-01-05 17:39 . 2008-01-05 17:39
2008-01-05 12:50 . 2008-01-05 12:50
2008-01-05 12:50 . 2008-01-05 12:50
2008-01-04 22:12 . 2008-01-04 22:13
2008-01-04 13:04 . 2008-01-31 00:02
2008-01-04 13:04 . 2008-01-04 13:04 32 --------- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-04 13:02 . 2008-01-31 00:00
2008-01-04 13:00 . 2008-01-04 13:00
2008-01-04 13:00 . 2008-01-04 13:00
2008-01-04 13:00 . 2008-01-04 13:00
2008-01-04 11:27 . 2008-01-05 17:50
2008-01-04 11:26 . 2008-01-04 11:27
2008-01-03 22:21 . 2008-01-03 22:21
2008-01-03 21:48 . 2008-01-03 21:57
2008-01-03 21:08 . 2008-01-29 21:04
2008-01-03 21:08 . 2008-01-03 21:08
2008-01-03 21:08 . 2008-01-31 00:06
2008-01-03 21:08 . 2005-09-23 08:29 626,688 --------- C:\WINDOWS\system32\msvcr80.dll
2008-01-03 21:08 . 2007-10-18 00:16 79,688 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-03 21:08 . 2007-10-18 00:15 62,280 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-03 21:08 . 2007-10-18 00:14 41,288 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-03 21:08 . 2007-10-18 00:16 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-01-03 11:09 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-03 11:09 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-03 11:09 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-01 20:25 . 2008-01-01 20:25
2008-01-01 19:05 . 2008-01-28 09:31
2007-12-31 13:19 . 2007-12-31 13:19
2007-12-30 22:59 . 2007-12-30 22:59
2007-12-30 22:44 . 2007-12-30 22:44
2007-12-30 22:37 . 2007-12-30 22:37
2007-12-30 22:30 . 2007-12-30 22:30
2007-12-30 22:30 . 2007-12-30 22:30
2007-12-30 22:27 . 2007-12-30 22:27 715,248 --------- C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 21:11 . 2007-12-30 21:11
2007-12-30 21:08 . 2007-12-30 21:08
2007-12-30 20:48 . 2007-12-30 20:48
2007-12-30 19:27 . 2007-12-30 19:27 892,928 --------- C:\WINDOWS\system32\iconv.dll
2007-12-30 19:27 . 2007-12-30 19:27 577,536 --------- C:\WINDOWS\system32\ac3filter.ax
2007-12-30 19:26 . 2007-12-30 19:26 237,568 --------- C:\WINDOWS\system32\OggDS.dll
2007-12-30 19:25 . 2007-12-30 19:25 1,415,680 --------- C:\WINDOWS\system32\WMV9VCM.dll
2007-12-30 19:25 . 2007-12-30 19:25 921,600 --------- C:\WINDOWS\system32\vorbisenc.dll
2007-12-30 19:25 . 2007-12-30 19:25 188,416 --------- C:\WINDOWS\system32\vorbis.dll
2007-12-30 19:25 . 2007-12-30 19:25 45,056 --------- C:\WINDOWS\system32\ogg.dll
2007-12-30 19:24 . 2007-12-30 19:24 729,088 --------- C:\WINDOWS\system32\divxdec.ax
2007-12-30 19:24 . 2007-12-30 19:24 391,168 --------- C:\WINDOWS\system32\i263_32.drv
2007-12-30 19:24 . 2007-12-30 19:24 245,760 --------- C:\WINDOWS\system32\mplvpx.dll
2007-12-30 19:24 . 2007-12-30 19:24 106,496 --------- C:\WINDOWS\system32\lmpgspl.ax
2007-12-30 19:24 . 2007-12-30 19:24 94,208 --------- C:\WINDOWS\system32\lmpgvd.ax
2007-12-30 19:24 . 2007-12-30 19:24 86,528 --------- C:\WINDOWS\system32\DVDVideo.ax
2007-12-30 19:24 . 2007-12-30 19:24 9,216 --------- C:\WINDOWS\system32\cpuinf32.dll
2007-12-30 19:23 . 2007-12-30 19:23 740,442 --------- C:\WINDOWS\system32\DivX.dll
2007-12-30 19:23 . 2007-12-30 19:23 352,401 --------- C:\WINDOWS\system32\DivXMedia.ax
2007-12-30 19:23 . 2007-12-30 19:23 77,824 --------- C:\WINDOWS\system32\xvid.ax
2007-12-30 19:22 . 2007-12-30 19:22 1,559,040 --------- C:\WINDOWS\system32\xvidcore.dll
2007-12-30 19:20 . 2007-12-30 19:20
2007-12-30 18:55 . 2008-01-27 19:37
2007-12-30 18:53 . 2008-01-20 21:26
2007-12-30 18:38 . 2007-12-30 18:49
2007-12-30 18:38 . 2007-12-30 18:49
2007-12-30 18:35 . 2007-12-30 18:35 1,167 --------- C:\WINDOWS\mozver.dat
2007-12-30 17:38 . 2007-07-30 19:19 43,352 --------- C:\WINDOWS\system32\wups2.dll
2007-12-30 17:38 . 2007-07-30 19:19 38,232 --------- C:\WINDOWS\system32\wucltui.dll.mui
2007-12-30 17:38 . 2007-07-30 19:20 30,040 --------- C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-30 17:38 . 2007-07-30 19:20 30,040 --------- C:\WINDOWS\system32\wuapi.dll.mui
2007-12-30 17:38 . 2007-07-30 19:18 21,336 --------- C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-30 17:34 . 2007-12-30 17:34 0 --------- C:\WINDOWS\nsreg.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 22:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-29 19:41 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-01-28 08:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 15:02 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-01-06 20:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-05 13:14 --------- d-----w C:\Program Files\Google
2008-01-03 10:09 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-30 16:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-30 16:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-30 16:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-30 16:11 --------- d-----w C:\Program Files\Symantec
2007-12-25 00:44 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 22:51 --------- d--h--w C:\Program Files\Uninstall Information
2007-11-30 22:51 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-30 16:01 --------- d-----w C:\Program Files\Microsoft Small Business
2007-11-30 15:59 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-30 15:59 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-11-30 15:56 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2007-11-30 15:56 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-11-30 15:55 --------- d-----w C:\Program Files\Microsoft Works
2007-11-30 15:51 --------- d-----w C:\Program Files\Lenovo
2007-11-30 15:47 --------- d-----w C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\UIB
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Lenovo
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\Administrator\Dane aplikacji\Lenovo
2007-11-30 15:40 --------- d-----w C:\Program Files\Common Files\Lenovo
2007-11-30 15:39 33,536 ------w C:\WINDOWS\system32\drivers\tvtfilter.sys
2007-11-30 15:38 7,012 ------w C:\WINDOWS\system32\drivers\pmemnt.sys
2007-11-30 15:38 --------- d-----w C:\Program Files\ThinkPad
2007-11-30 15:38 --------- d-----w C:\Program Files\Picasa2
2007-11-30 15:37 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\PC-Doctor
2007-11-30 15:37 --------- d-----w C:\Program Files\PCDR5
2007-11-30 15:37 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-11-30 15:33 --------- d-----w C:\Program Files\ThinkVantage
2007-11-30 15:33 --------- d-----w C:\Program Files\Lenovo Registration
2007-11-30 15:32 --------- d-----w C:\Program Files\Common Files\Installshield
2007-11-30 15:31 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-11-30 15:31 --------- d-----w C:\Program Files\Sonic Icons for Lenovo
2007-11-30 15:31 --------- d-----w C:\Program Files\Sonic
2007-11-30 15:31 --------- d-----w C:\Program Files\Multimedia Center for Think Offerings
2007-11-30 15:31 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-11-30 15:31 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-30 15:29 --------- d-----w C:\Program Files\InterVideo
2007-11-30 15:29 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-11-30 15:28 --------- d-----w C:\Program Files\Java
2007-11-30 15:28 --------- d-----w C:\Program Files\Common Files\Java
2007-11-30 15:23 --------- d---a-w C:\Documents and Settings\LocalService\Dane aplikacji\Intel
2007-11-30 15:22 --------- d-----w C:\Program Files\Analog Devices
2007-11-30 15:21 --------- d-----w C:\Program Files\Digital Line Detect
2007-11-30 15:20 --------- d-----w C:\Program Files\NetWaiting
2007-11-30 15:20 --------- d-----w C:\Program Files\CONEXANT
2007-11-30 15:18 --------- d---a-w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2007-11-30 15:18 --------- d-----w C:\Program Files\Common Files\snp2uvc
2007-11-30 15:17 21,393 ------w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-30 15:17 21,393 ------w C:\WINDOWS\AegisP.sys
2007-11-30 15:17 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Intel
2007-11-30 15:17 --------- d-----w C:\Program Files\Synaptics
2007-11-30 15:16 --------- d-----w C:\Program Files\Intel
Message Edited by Featinwe on 01-30-2008 05:23 PM
Featinwe
14 Posts
0
January 30th, 2008 21:00
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 11:46 204288]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 11:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 11:07 512000]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 17:18 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 17:18 208896]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 19:03 58416]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 06:49 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 18:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 08:23 1015808]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2007-04-03 19:55 839680]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-17 16:53 8433664]
"nwiz"="nwiz.exe" [2007-05-17 16:53 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-17 16:53 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 11:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 18:10 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 19:00 419376]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]
BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-30 16:21:02 50688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
ACNotify.dll
C:\WINDOWS\system32\psqlpwd.dll 2007-03-14 22:17 89600 C:\WINDOWS\system32\psqlpwd.dll
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 08:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 03:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-05 17:18]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 16:23]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2006-04-14 10:07]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 22:10]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-14 21:50]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]
S3 ADLLBJBSTEXP;ADLLBJBSTEXP;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\ADLLBJBSTEXP.exe []
S3 DKEMONKHLMOUAOD;DKEMONKHLMOUAOD;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\DKEMONKHLMOUAOD.exe []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 FNY;FNY;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\FNY.exe []
S3 REKPU;REKPU;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\REKPU.exe []
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 UZOJVYT;UZOJVYT;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\UZOJVYT.exe []
\Shell\AutoRun\command - G:\xo8wr9.exe
\Shell\explore\Command - G:\xo8wr9.exe
\Shell\open\Command - G:\xo8wr9.exe
\Shell\AutoRun\command - F:\u.bat
\Shell\explore\Command - F:\u.bat
\Shell\open\Command - F:\u.bat
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 19:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 19:00:13 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Dunadan.job"
Message Edited by Featinwe on 01-30-2008 05:22 PM
bamajim
10.4K Posts
0
January 31st, 2008 11:00
Good work
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\h.cmd
C:\ylr.exe
C:\xo8wr9.exe
C:\QD.0MD
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4749aa6-b396-11dc-be8d-001de01bbeb5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2ec4b72-be02-11dc-bebd-001de01bbeb5}]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
"The world is what you make of it"
Featinwe
14 Posts
0
January 31st, 2008 12:00
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 11:46 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 11:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 11:07 512000]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 17:18 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 17:18 208896]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 19:03 58416]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 06:49 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 18:32 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 08:23 1015808]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2007-04-03 19:55 839680]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-17 16:53 8433664]
"nwiz"="nwiz.exe" [2007-05-17 16:53 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-17 16:53 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 13:19 536576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 05:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 11:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 18:10 120368]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 19:00 419376]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 16:24 196696]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11 771704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30 561213]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-30 16:21:02 50688]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-14 22:17 89600 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 08:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 03:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 16:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-05 17:18]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 16:23]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2006-04-14 10:07]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 22:10]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 13:11]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-14 21:50]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 15:59]
S3 ADLLBJBSTEXP;ADLLBJBSTEXP;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\ADLLBJBSTEXP.exe []
S3 DKEMONKHLMOUAOD;DKEMONKHLMOUAOD;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\DKEMONKHLMOUAOD.exe []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 FNY;FNY;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\FNY.exe []
S3 REKPU;REKPU;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\REKPU.exe []
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 UZOJVYT;UZOJVYT;C:\DOCUME~1\Dunadan\USTAWI~1\Temp\UZOJVYT.exe []
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 19:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 19:00:13 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Dunadan.job"
Message Edited by Featinwe on 01-31-2008 08:49 AM
Message Edited by Featinwe on 01-31-2008 08:50 AM
bamajim
10.4K Posts
0
January 31st, 2008 12:00
"The world is what you make of it"
Featinwe
14 Posts
0
January 31st, 2008 12:00
ComboFix 08-01-29.3 - Dunadan 2008-01-31 15:28:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1319 [GMT 1:00]
Running from: C:\Documents and Settings\Dunadan\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dunadan\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\h.cmd
C:\QD.0MD
C:\xo8wr9.exe
C:\ylr.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\h.cmd
C:\QD.0MD
C:\xo8wr9.exe
C:\ylr.exe
.
---- Previous Run -------
.
C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.
2008-01-28 10:29 . 2008-01-29 23:15 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-01-28 09:55 . 2008-01-28 09:55 d-------- C:\Program Files\Bethesda Softworks
2008-01-27 23:39 . 2008-01-27 23:39 177 --a------ C:\ioSpecial.ini
2008-01-27 22:28 . 2008-01-27 22:28 d-------- C:\Program Files\Trend Micro
2008-01-27 21:23 . 2008-01-27 21:31 d-------- C:\Program Files\SkanerOnline
2008-01-27 20:24 . 2008-01-28 00:02 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-27 20:24 . 2008-01-27 20:24 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\SUPERAntiSpyware.com
2008-01-27 20:24 . 2008-01-27 20:24 d-------- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-01-27 20:23 . 2008-01-27 20:23 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 12:10 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-26 12:10 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-26 12:10 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-26 12:10 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-23 00:44 . 2008-01-23 00:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-23 00:44 . 2008-01-23 00:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 14:44 . 2008-01-21 14:44 d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel
2008-01-19 21:00 . 2008-01-19 21:01 d-------- C:\Program Files\QuickTime
2008-01-19 12:14 . 2008-01-19 12:14 335 --a------ C:\WINDOWS\mozregistry.dat
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-06 22:19 . 2008-01-27 23:39 d-------- C:\Program Files\Common Files\Onet.pl
2008-01-06 22:19 . 2008-01-06 22:19 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Kamerzysta
2008-01-06 22:19 . 2008-01-06 22:19 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\AutoUpdate
2008-01-06 21:46 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-06 21:46 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-06 21:46 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-06 21:43 . 2008-01-21 23:25 d-------- C:\WINDOWS\system32\LogFiles
2008-01-06 21:43 . 2008-01-06 21:44 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-05 18:14 . 2008-01-05 18:14 512 --------- C:\drmHeader.bin
2008-01-05 17:39 . 2008-01-05 17:39 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Gadu-Gadu
2008-01-05 12:50 . 2008-01-05 12:50 d-------- C:\Program Files\Apple Software Update
2008-01-05 12:50 . 2008-01-05 12:50 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-01-04 22:12 . 2008-01-04 22:13 d-------- C:\Program Files\easyHDR
2008-01-04 13:04 . 2008-01-31 00:02 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\skypePM
2008-01-04 13:04 . 2008-01-04 13:04 32 --------- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-04 13:02 . 2008-01-31 00:00 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Skype
2008-01-04 13:00 . 2008-01-04 13:00 d-------- C:\Program Files\Skype
2008-01-04 13:00 . 2008-01-04 13:00 d-------- C:\Program Files\Common Files\Skype
2008-01-04 13:00 . 2008-01-04 13:00 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-01-04 11:27 . 2008-01-05 17:50 d-------- C:\Documents and Settings\Dunadan\Gadu-Gadu
2008-01-04 11:26 . 2008-01-04 11:27 d-------- C:\Program Files\Gadu-Gadu
2008-01-03 22:21 . 2008-01-03 22:21 d-------- C:\Program Files\CCleaner
2008-01-03 21:48 . 2008-01-03 21:57 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-01-03 21:08 . 2008-01-31 09:28 d-------- C:\Program Files\Spyware Doctor
2008-01-03 21:08 . 2008-01-03 21:08 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\PC Tools
2008-01-03 21:08 . 2008-01-31 15:32 d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-03 21:08 . 2005-09-23 08:29 626,688 --------- C:\WINDOWS\system32\msvcr80.dll
2008-01-03 21:08 . 2007-10-18 00:16 79,688 --------- C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-03 21:08 . 2007-10-18 00:15 62,280 --------- C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-03 21:08 . 2007-10-18 00:14 41,288 --------- C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-03 21:08 . 2007-10-18 00:16 29,000 --------- C:\WINDOWS\system32\drivers\kcom.sys
2008-01-03 11:09 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-03 11:09 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-03 11:09 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-01 20:25 . 2008-01-01 20:25 d-------- C:\WINDOWS\Sun
2008-01-01 19:05 . 2008-01-28 09:31 d-------- C:\NeverwinterNights
2007-12-31 13:19 . 2007-12-31 13:19 d-------- C:\Program Files\Konami
2007-12-30 22:59 . 2007-12-30 22:59 d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2007-12-30 22:44 . 2007-12-30 22:44 d-------- C:\Program Files\Bonjour
2007-12-30 22:37 . 2007-12-30 22:37 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-30 22:30 . 2007-12-30 22:30 d-------- C:\Program Files\DAEMON Tools Lite
2007-12-30 22:30 . 2007-12-30 22:30 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\DAEMON Tools
2007-12-30 22:27 . 2007-12-30 22:27 715,248 --------- C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 21:11 . 2007-12-30 21:11 d-------- C:\Program Files\MSXML 6.0
2007-12-30 21:08 . 2007-12-30 21:08 d-------- C:\Program Files\MSXML 4.0
2007-12-30 20:48 . 2007-12-30 20:48 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Sonic
2007-12-30 19:27 . 2007-12-30 19:27 892,928 --------- C:\WINDOWS\system32\iconv.dll
2007-12-30 19:27 . 2007-12-30 19:27 577,536 --------- C:\WINDOWS\system32\ac3filter.ax
2007-12-30 19:26 . 2007-12-30 19:26 237,568 --------- C:\WINDOWS\system32\OggDS.dll
2007-12-30 19:25 . 2007-12-30 19:25 1,415,680 --------- C:\WINDOWS\system32\WMV9VCM.dll
2007-12-30 19:25 . 2007-12-30 19:25 921,600 --------- C:\WINDOWS\system32\vorbisenc.dll
2007-12-30 19:25 . 2007-12-30 19:25 188,416 --------- C:\WINDOWS\system32\vorbis.dll
2007-12-30 19:25 . 2007-12-30 19:25 45,056 --------- C:\WINDOWS\system32\ogg.dll
2007-12-30 19:24 . 2007-12-30 19:24 729,088 --------- C:\WINDOWS\system32\divxdec.ax
2007-12-30 19:24 . 2007-12-30 19:24 391,168 --------- C:\WINDOWS\system32\i263_32.drv
2007-12-30 19:24 . 2007-12-30 19:24 245,760 --------- C:\WINDOWS\system32\mplvpx.dll
2007-12-30 19:24 . 2007-12-30 19:24 106,496 --------- C:\WINDOWS\system32\lmpgspl.ax
2007-12-30 19:24 . 2007-12-30 19:24 94,208 --------- C:\WINDOWS\system32\lmpgvd.ax
2007-12-30 19:24 . 2007-12-30 19:24 86,528 --------- C:\WINDOWS\system32\DVDVideo.ax
2007-12-30 19:24 . 2007-12-30 19:24 9,216 --------- C:\WINDOWS\system32\cpuinf32.dll
2007-12-30 19:23 . 2007-12-30 19:23 740,442 --------- C:\WINDOWS\system32\DivX.dll
2007-12-30 19:23 . 2007-12-30 19:23 352,401 --------- C:\WINDOWS\system32\DivXMedia.ax
2007-12-30 19:23 . 2007-12-30 19:23 77,824 --------- C:\WINDOWS\system32\xvid.ax
2007-12-30 19:22 . 2007-12-30 19:22 1,559,040 --------- C:\WINDOWS\system32\xvidcore.dll
2007-12-30 19:20 . 2007-12-30 19:20 d-------- C:\Program Files\MarBit
2007-12-30 18:55 . 2008-01-27 19:37 d-------- C:\Program Files\eMule
2007-12-30 18:53 . 2008-01-20 21:26 d-------- C:\Program Files\IL-2-STURMOVIK
2007-12-30 18:38 . 2007-12-30 18:49 d-------- C:\Program Files\Winamp
2007-12-30 18:38 . 2007-12-30 18:49 d-------- C:\Documents and Settings\Dunadan\Dane aplikacji\Winamp
2007-12-30 18:35 . 2007-12-30 18:35 1,167 --------- C:\WINDOWS\mozver.dat
2007-12-30 17:38 . 2007-07-30 19:19 43,352 --------- C:\WINDOWS\system32\wups2.dll
2007-12-30 17:38 . 2007-07-30 19:19 38,232 --------- C:\WINDOWS\system32\wucltui.dll.mui
2007-12-30 17:38 . 2007-07-30 19:20 30,040 --------- C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-30 17:38 . 2007-07-30 19:20 30,040 --------- C:\WINDOWS\system32\wuapi.dll.mui
2007-12-30 17:38 . 2007-07-30 19:18 21,336 --------- C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-30 17:34 . 2007-12-30 17:34 0 --------- C:\WINDOWS\nsreg.dat
2007-12-30 17:24 . 2007-12-30 17:26 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-30 17:24 . 2008-01-09 20:51 d-------- C:\Program Files\Common Files\Adobe
2007-12-30 17:15 . 2007-12-30 17:16 16 --------- C:\WINDOWS\system32\coh.cache
2007-12-30 16:37 . 2003-08-10 01:32 14,336 -r------- C:\WINDOWS\system32\drivers\NetMotCM.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 23:13 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-01-30 22:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 08:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 15:02 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-01-06 20:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-05 13:14 --------- d-----w C:\Program Files\Google
2008-01-03 10:09 --------- d-----w C:\Program Files\Norton Internet Security
2007-12-30 16:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-30 16:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-30 16:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-30 16:11 --------- d-----w C:\Program Files\Symantec
2007-12-25 00:44 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 22:51 --------- d--h--w C:\Program Files\Uninstall Information
2007-11-30 22:51 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-30 16:01 --------- d-----w C:\Program Files\Microsoft Small Business
2007-11-30 15:59 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-30 15:59 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-11-30 15:56 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2007-11-30 15:56 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-11-30 15:55 --------- d-----w C:\Program Files\Microsoft Works
2007-11-30 15:51 --------- d-----w C:\Program Files\Lenovo
2007-11-30 15:47 --------- d-----w C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\UIB
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Lenovo
2007-11-30 15:46 --------- d---a-w C:\Documents and Settings\Administrator\Dane aplikacji\Lenovo
2007-11-30 15:40 --------- d-----w C:\Program Files\Common Files\Lenovo
2007-11-30 15:39 33,536 ------w C:\WINDOWS\system32\drivers\tvtfilter.sys
2007-11-30 15:38 7,012 ------w C:\WINDOWS\system32\drivers\pmemnt.sys
2007-11-30 15:38 --------- d-----w C:\Program Files\ThinkPad
2007-11-30 15:38 --------- d-----w C:\Program Files\Picasa2
2007-11-30 15:37 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\PC-Doctor
2007-11-30 15:37 --------- d-----w C:\Program Files\PCDR5
2007-11-30 15:37 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-11-30 15:33 --------- d-----w C:\Program Files\ThinkVantage
2007-11-30 15:33 --------- d-----w C:\Program Files\Lenovo Registration
2007-11-30 15:32 --------- d-----w C:\Program Files\Common Files\Installshield
2007-11-30 15:31 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2007-11-30 15:31 --------- d-----w C:\Program Files\Sonic Icons for Lenovo
2007-11-30 15:31 --------- d-----w C:\Program Files\Sonic
2007-11-30 15:31 --------- d-----w C:\Program Files\Multimedia Center for Think Offerings
2007-11-30 15:31 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-11-30 15:31 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-30 15:29 --------- d-----w C:\Program Files\InterVideo
2007-11-30 15:29 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-11-30 15:28 --------- d-----w C:\Program Files\Java
2007-11-30 15:28 --------- d-----w C:\Program Files\Common Files\Java
2007-11-30 15:23 --------- d---a-w C:\Documents and Settings\LocalService\Dane aplikacji\Intel
2007-11-30 15:22 --------- d-----w C:\Program Files\Analog Devices
2007-11-30 15:21 --------- d-----w C:\Program Files\Digital Line Detect
2007-11-30 15:20 --------- d-----w C:\Program Files\NetWaiting
2007-11-30 15:20 --------- d-----w C:\Program Files\CONEXANT
2007-11-30 15:18 --------- d---a-w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2007-11-30 15:18 --------- d-----w C:\Program Files\Common Files\snp2uvc
2007-11-30 15:17 21,393 ------w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-30 15:17 21,393 ------w C:\WINDOWS\AegisP.sys
2007-11-30 15:17 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\Intel
2007-11-30 15:17 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel
2007-11-30 15:17 --------- d-----w C:\Program Files\Synaptics
2007-11-30 15:16 --------- d-----w C:\Program Files\Intel
.
Message Edited by Featinwe on 01-31-2008 08:40 AM
Featinwe
14 Posts
0
January 31st, 2008 12:00
bamajim
10.4K Posts
0
January 31st, 2008 13:00
"The world is what you make of it"
Featinwe
14 Posts
0
January 31st, 2008 14:00
EDIT: FireFox is still hanging from time to time. I have no idea why. I have newst version. It hangs randomly, usually at the moment of opening some page or at moment of endind in downloading it. I was trying to reinstall it - didn't help.
Here goes fresh Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17, on 2008-01-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.pl/0SEPLPL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199032598921
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D140AA0F-75F3-462B-8EE0-4CA4504624A1}: NameServer = 212.76.39.211,212.76.39.205
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: ADLLBJBSTEXP - Unknown owner - C:\DOCUME~1\Dunadan\USTAWI~1\Temp\ADLLBJBSTEXP.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DKEMONKHLMOUAOD - Unknown owner - C:\DOCUME~1\Dunadan\USTAWI~1\Temp\DKEMONKHLMOUAOD.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FNY - Unknown owner - C:\DOCUME~1\Dunadan\USTAWI~1\Temp\FNY.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: REKPU - Unknown owner - C:\DOCUME~1\Dunadan\USTAWI~1\Temp\REKPU.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: UZOJVYT - Unknown owner - C:\DOCUME~1\Dunadan\USTAWI~1\Temp\UZOJVYT.exe (file missing)
--
End of file - 16504 bytes
Message Edited by Featinwe on 01-31-2008 10:20 AM
Message Edited by Featinwe on 01-31-2008 10:29 AM
bamajim
10.4K Posts
0
January 31st, 2008 14:00
We still have a few things to do. Just wanted to see where we were.
First Copy and paste the following into NotePad (Not Wordpad)
sc delete ADLLBJBSTEXP
sc stop DKEMONKHLMOUAOD
sc delete DKEMONKHLMOUAOD
sc stop FNY
sc delete FNY
sc stop REKPU
sc delete REKPU
sc stop UZOJVYT
sc delete UZOJVYT
Click File ->> Save as ->>type in cmd.bat
Close Notepad
The cmd.bat file should now appear on your Desktop (if it saved properly it should appear as a blue box with a gear in the middle of it)
Double Click that file (It will appear that nothing has happened, but that's o.k.)
Reboot your PC.
2. Go HERE and download the Flash_Disinfector tool by sUBs
Double Click to run the tool
Follow the promts
Have any USB memory items ready if prompted to attach them
3. Once done ->> Reboot your PC ->> Rerrun Hijackthis and post a fresh Hijackthis log
"The world is what you make of it"