Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help With Removal Of Wowfx.dll Malware


  • Please log in to reply
1 reply to this topic

#1 dadman

dadman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 10 February 2008 - 10:36 AM

Hello,

I'd like to kindly ask you for a help with malware which continueosely renews the wowfx.dll

Thanks in advance
Dadman

This is my hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:21, on 10.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TrustPort Antivirus\bin\avmgma.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TrustPort Antivirus\bin\avcom.exe
C:\Program Files\Common Files\TrustPort\bin\tptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Informatics\TypOmeter\TypOmeter.exe
C:\Program Files\Trillian\trillian.exe
C:\apps\totalcmd7\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\apps\vim\vim64\gvim.exe
C:\apps\vim\vim64\gvim.exe
C:\Documents and Settings\xxxrenamed\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.88.0.115:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.88.0.195;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202596418.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AntivirusCommunicatorAgent] "C:\Program Files\TrustPort Antivirus\bin\avcom.exe"
O4 - HKLM\..\Run: [TrustPortTray] "C:\Program Files\Common Files\TrustPort\bin\tptray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DriveCrypt Startup] e:\DriveCrypt.exe /WS
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Google Desktop for OE] "C:\Program Files\GDS for OE\gdsoe.exe" install
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [HuaWeiEVDO.exe] "C:\Program Files\Huawei technologies\EC500 Mobile Connect\HuaWeiEVDO.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Gabe's TypOmeter.lnk = C:\Program Files\Informatics\TypOmeter\TypOmeter.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://cel.xxxrenamed.cz
O15 - Trusted Zone: *.xxxrenamed.com
O15 - Trusted Zone: http://www.slovnik.cz
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = clance.local
O17 - HKLM\Software\..\Telephony: DomainName = clance.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = clance.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = clance.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O21 - SSODL: KbdSys - {e44fbfad-a749-453a-adec-bd86ef08f0e9} - C:\WINDOWS\Installer\{e44fbfad-a749-453a-adec-bd86ef08f0e9}\KbdSys.dll (file missing)
O21 - SSODL: zip - {aac2b7b6-5748-4177-99a2-8d4aaebab9ee} - C:\WINDOWS\Installer\{aac2b7b6-5748-4177-99a2-8d4aaebab9ee}\zip.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: TrustPort Antivirus On-Access Scanner Agent (avas_service) - AEC, spol. s r.o. - C:\Program Files\TrustPort Antivirus\bin\avas.exe
O23 - Service: TrustPort Antivirus Management Agent (avmgma_service) - AEC, spol. s r.o. - C:\Program Files\TrustPort Antivirus\bin\avmgma.exe
O23 - Service: TrustPort Antivirus Service Scanner Provider (avss_service) - AEC, spol. s r.o. - C:\Program Files\TrustPort Antivirus\bin\avss.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: TrustPort Personal GTW (gozer) - AEC, spol. s r.o. - C:\Program Files\TrustPort Antivirus\bin\gozer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - c:\Program.exe (file missing)
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE (file missing)
O23 - Service: PostgreSQL Database Server 8.0 (pgsql-8.0) - Unknown owner - C:\eISIS\base\postgresql\bin\pg_ctl.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Apache Tomcat tomcateisis (tomcateisis) - Unknown owner - c:\eISIS\base\tomcat\bin\tomcat5.exe (file missing)
O23 - Service: TrustPort Antivirus DrWeb scanner service (tpavdrw_service) - Doctor Web, Ltd. - C:\Program Files\TrustPort Antivirus\engines\drweb\dwengine.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 16733 bytes

ant this is my combofix log

ComboFix 08-02.05.3 - xxxrenamed 2008-02-10 15:43:32.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1526 [GMT 1:00]
Running from: C:\Documents and Settings\xxxrenamed\Plocha\ComboFix.exe
.
The following files were disabled during the run:
C:\Program Files\GDS for OE\hookgdsoe.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wowfx.dll
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Helper

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 15:32 . 2004-08-18 14:00 261,312 -r-hs---- C:\cmldr
2008-02-10 15:06 . 2008-02-10 15:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-10 15:06 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-10 00:45 . 2008-02-10 01:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-10 00:45 . 2008-02-10 00:45 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-10 00:45 . 2008-02-10 00:45 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-10 00:45 . 2008-02-10 00:45 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-09 22:19 . 2008-02-09 22:27 23,239,549 --a------ C:\WINDOWS\system32\DQMTDUK
2008-02-09 19:56 . 2008-02-05 16:17 29,256 --a------ C:\WINDOWS\system32\drivers\tdifw.sys
2008-02-09 19:55 . 2008-02-09 19:56 <DIR> d-------- C:\Program Files\TrustPort Antivirus
2008-02-09 19:55 . 2008-02-09 19:56 <DIR> d-------- C:\Program Files\Common Files\TrustPort
2008-02-09 19:55 . 2008-02-05 16:17 39,624 --a------ C:\WINDOWS\system32\drivers\avasdmft.sys
2008-02-09 19:55 . 2008-02-05 16:17 30,664 --a------ C:\WINDOWS\system32\drivers\avasdw2k.sys
2008-02-09 17:39 . 2008-02-09 17:39 21,026 --a------ C:\ComboFix.txt.old
2008-02-09 17:28 . 2004-08-18 14:00 389,632 --a------ C:\kmd.exe
2008-02-09 14:21 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-09 14:21 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-09 14:21 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-09 14:21 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-09 14:21 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-02-09 14:21 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-09 14:21 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-09 09:43 . 2008-02-09 16:01 5,546 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-09 09:42 . 2008-02-10 02:32 <DIR> d-------- C:\Documents and Settings\xxxrenamed\SmitfraudFix
2008-02-09 08:18 . 2005-06-15 07:51 9,728 --a------ C:\WINDOWS\shell.exe.0xx
2008-02-09 01:27 . 2008-02-09 01:27 <DIR> d-------- C:\sdfix
2008-02-09 01:16 . 2008-02-10 03:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-09 00:47 . 2008-02-09 00:47 77,890 --a------ C:\WINDOWS\system32\nvidiaad8.0xe
2008-02-09 00:40 . 2008-02-09 00:42 <DIR> d-------- C:\Program Files\InfeStop
2008-02-09 00:23 . 2008-02-09 00:23 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-08 23:27 . 2008-02-09 00:31 <DIR> d-------- C:\VundoFix Backups
2008-02-08 23:20 . 2008-02-10 15:19 <DIR> d-------- C:\Nov  slo§ka
2008-02-08 22:48 . 2008-02-09 00:42 <DIR> d-------- C:\Program Files\Spy-Rid
2008-02-08 22:09 . 2008-02-08 22:09 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-08 22:08 . 2008-02-09 00:47 <DIR> d-------- C:\Program Files\EasySpywareCleaner
2008-02-08 21:56 . 2008-02-08 21:56 <DIR> d-------- C:\Program Files\SysCleaner
2008-02-07 22:38 . 2008-02-07 22:38 75,122 --a------ C:\blondie.jpg
2008-02-07 22:15 . 2008-02-07 22:15 168,875 --a------ C:\dort.jpg
2008-02-06 23:51 . 2008-02-10 09:24 <DIR> d-------- C:\Documents and Settings\xxxrenamed\Tracing
2008-02-06 23:50 . 2008-02-10 02:58 <DIR> d-------- C:\Program Files\Microsoft Office Communicator
2008-02-04 19:37 . 2008-02-04 19:37 365,773 --a------ C:\Ada le§ˇcˇ1.jpg
2008-02-02 22:32 . 2008-03-02 20:53 <DIR> d-------- C:\Temp\HOREMPADEM
2008-02-02 19:39 . 2008-02-02 19:39 36,957 --a------ C:\Temp\vratne[1].lahve.(2007).eng.1cd.(3182145).zip
2008-02-02 19:25 . 2008-02-02 19:25 <DIR> d-------- C:\Program Files\SlySoft
2008-02-02 19:25 . 2008-02-02 19:28 24 ---hs---- C:\WINDOWS\S3AE02A59.tmp
2008-02-02 01:22 . 2008-02-02 01:23 52,428,800 --a------ C:\xxx.dat
2008-02-01 22:03 . 2008-02-01 22:03 <DIR> d-------- C:\Program Files\CoreFTP
2008-01-29 23:01 . 2008-01-29 23:01 <DIR> d-------- C:\Program Files\VisualConnection
2008-01-28 09:23 . 2008-01-28 09:23 140,313 --a------ C:\schovanka.jpg
2008-01-24 08:28 . 2008-01-24 08:22 506,880 --a------ C:\subik.jpg
2008-01-23 22:04 . 2008-01-23 22:04 4,410,054 --a------ C:\WINDOWS\ACD Wallpaper.bmp
2008-01-23 15:41 . 2008-01-23 15:41 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-01-16 15:35 . 2008-01-16 15:35 106,530 --a------ C:\SC_screen_result.jpg
2008-01-16 15:34 . 2008-01-16 15:34 105,565 --a------ C:\SC_screen_model.jpg
2008-01-14 22:52 . 2008-01-14 22:57 <DIR> d-------- C:\Temp\!w
2008-01-14 13:07 . 2008-01-14 13:07 61,131 --a------ C:\Untitled-1.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 14:43 --------- d-----w C:\Program Files\GDS for OE
2008-02-10 14:39 --------- d-----w C:\Program Files\Trillian
2008-02-10 02:08 --------- d-----w C:\Program Files\TrueCrypt
2008-02-10 02:06 --------- d-----w C:\Program Files\TortoiseCVS
2008-02-10 02:05 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2008-02-10 02:03 --------- d-----w C:\Program Files\QuickTime
2008-02-10 02:00 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-10 02:00 --------- d-----w C:\Program Files\Opera
2008-02-10 01:57 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-10 01:54 --------- d-----w C:\Program Files\Google
2008-02-10 01:53 --------- d-----w C:\Program Files\Digital Line Detect
2008-01-02 22:12 --------- d-----w C:\Program Files\DivX
2008-01-02 21:46 --------- d-----w C:\Program Files\VideoLAN
2007-12-11 22:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-11 22:08 --------- d-----w C:\Program Files\AskPBar
2007-12-11 22:07 --------- d-----w C:\Program Files\Yahoo!
2007-12-11 15:50 --------- d-----w C:\Program Files\NSS
2007-12-11 15:29 --------- d-----w C:\Program Files\Nokia
2007-12-11 15:29 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-11 03:59 33,792 ----a-w C:\WINDOWS\system32\drivers\cledx.sys
2007-12-08 23:32 87,040 ----a-w C:\WINDOWS\system32\ra32sipr.dll
2007-12-08 23:32 85,504 ----a-w C:\WINDOWS\system32\encdnet.dll
2007-12-08 23:32 81,920 ----a-w C:\WINDOWS\system32\ra3214_4.dll
2007-12-08 23:32 72,704 ----a-w C:\WINDOWS\system32\ra3228_8.dll
2007-12-08 23:32 61,952 ----a-w C:\WINDOWS\system32\decdnet.dll
2007-12-08 23:32 487,936 ----a-w C:\WINDOWS\system32\rmbe3260.dll
2007-12-08 23:32 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
2007-12-08 23:32 352,768 ----a-w C:\WINDOWS\system32\pngu3263.dll
2007-12-08 23:32 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
2007-12-08 23:32 21,504 ----a-w C:\WINDOWS\system32\ra32dnet.dll
2007-12-08 23:32 131,072 ----a-w C:\WINDOWS\system32\pneng50.dll
2007-12-08 23:32 130,560 ----a-w C:\WINDOWS\system32\pnc3250.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-14 07:28 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
.
<pre>
----a-w		 3,952,229 2004-07-13 11:18:12  C:\ac\Guides&Tools\Toolbars\Communication Planning and Delivery Toolbar v1.1 .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
C:\Program Files\Helper\1202596418.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS0]
@={5d1cb710-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS1]
@={5d1cb711-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS2]
@={5d1cb712-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS3]
@={5d1cb713-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS4]
@={5d1cb714-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS5]
@={5d1cb715-1c4b-11d4-bed5-005004b1f42f}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseCVS6]
@={5d1cb716-1c4b-11d4-bed5-005004b1f42f}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2005-10-31 12:38 430080 --------- c:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2005-10-31 12:38 430080 --------- c:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2005-10-31 12:38 430080 --------- c:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2005-10-31 12:38 430080 --------- c:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2005-10-31 12:38 430080 --------- c:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2005-10-31 12:38 430080 --------- c:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2005-10-31 12:38 430080 --------- c:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb710-1c4b-11d4-bed5-005004b1f42f}]
2006-02-11 23:00 1073152 --------- C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb711-1c4b-11d4-bed5-005004b1f42f}]
2006-02-11 23:00 1073152 --------- C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb712-1c4b-11d4-bed5-005004b1f42f}]
2006-02-11 23:00 1073152 --------- C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb713-1c4b-11d4-bed5-005004b1f42f}]
2006-02-11 23:00 1073152 --------- C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb714-1c4b-11d4-bed5-005004b1f42f}]
2006-02-11 23:00 1073152 --------- C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb715-1c4b-11d4-bed5-005004b1f42f}]
2006-02-11 23:00 1073152 --------- C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CLASSES_ROOT\CLSID\{5d1cb716-1c4b-11d4-bed5-005004b1f42f}]
2006-02-11 23:00 1073152 --------- C:\Program Files\TortoiseCVS\TrtseShl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-09 16:00 25388584]
"DriveCrypt Startup"="e:\DriveCrypt.exe" [ ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2004-11-18 03:50 258048]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-09-10 20:46 1964840]
"Google Desktop for OE"="C:\Program Files\GDS for OE\gdsoe.exe" [2005-10-31 14:56 327680]
"TrueCrypt"="C:\Program Files\TrueCrypt\TrueCrypt.exe" [2007-05-03 21:21 833984]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 18:48 68856]
"HuaWeiEVDO.exe"="C:\Program Files\Huawei technologies\EC500 Mobile Connect\HuaWeiEVDO.exe" [2007-03-08 10:47 245760]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-01-23 18:04 1670080]
"COMMUNICATOR"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 10:33 5803368]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 02:10 442368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 14:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 14:16 512000]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 18:39 897024]
"TpShocks"="TpShocks.exe" [2006-03-15 19:04 106496 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 02:11 217088]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-21 21:00 344064]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2005-04-27 09:53 90112]
"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 03:07 745472]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 03:07 86016]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 01:01 139264]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 01:01 208896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-01 21:43 282624]
"VF0070 STISvc"="V0070Pin.dll" [2004-11-16 02:00 36864 C:\WINDOWS\system32\V0070Pin.dll]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 02:10 442368]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 19:03 31232]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 04:01 503808]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 04:59 307200]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 13:12 222720]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-21 21:02 1115728]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-30 08:55 29744]
"AntivirusCommunicatorAgent"="C:\Program Files\TrustPort Antivirus\bin\avcom.exe" [2008-02-05 16:17 789576]
"TrustPortTray"="C:\Program Files\Common Files\TrustPort\bin\tptray.exe" [2008-02-05 16:17 650312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15 1634304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E0EA1F31-B58F-47E8-A185-20C52DF9F168}"= C:\WINDOWS\system32\awtttss.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"KbdSys"= {e44fbfad-a749-453a-adec-bd86ef08f0e9} - C:\WINDOWS\Installer\{e44fbfad-a749-453a-adec-bd86ef08f0e9}\KbdSys.dll [ ]
"zip"= {aac2b7b6-5748-4177-99a2-8d4aaebab9ee} - C:\WINDOWS\Installer\{aac2b7b6-5748-4177-99a2-8d4aaebab9ee}\zip.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-25 19:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-03-18 03:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ,, , , , , , , , , , , , , wowfx.dll

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2006-03-15 17:08]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 14:13]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-03-18 03:07]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2005-03-18 03:07]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 12:18]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-04-14 01:01]
R2 avmgma_service;TrustPort Antivirus Management Agent;C:\Program Files\TrustPort Antivirus\bin\avmgma.exe [2008-02-05 16:17]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-04-27 10:27]
R2 NBXPacket;NBX Packet Driver;C:\WINDOWS\system32\DRIVERS\NBXPkt2K.sys [2005-07-13 11:22]
R2 Ndiskio;Ndiskio;C:\Program Files\TrustPort Antivirus\engines\NVC\NSE\NDISKIO.SYS [2003-05-13 08:38]
R2 SmiHlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 19:00]
R2 tdifw;TrustPort PGTW driver;C:\WINDOWS\system32\drivers\tdifw.sys [2008-02-05 16:17]
R2 ubsbm;Unibrain 1394 SBM Driver;C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2006-06-06 17:39]
R2 ubumapi;Unibrain 1394 FireAPI Driver;C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2006-06-06 17:39]
R3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF;C:\WINDOWS\system32\DRIVERS\avasdmft.sys [2008-02-05 16:17]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2007-12-11 04:59]
R3 motubus;MOTU Audio MIDI Extension;C:\WINDOWS\system32\drivers\MotuBus.sys [2006-05-08 09:20]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-25 19:13]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 14:13]
R3 TPM;Winbond Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\tpm.sys [2005-10-09 21:35]
R3 ubohci;Unibrain 1394 OHCI Driver;C:\WINDOWS\system32\DRIVERS\ubohci.sys [2006-06-16 09:55]
S3 avas_service;TrustPort Antivirus On-Access Scanner Agent;C:\Program Files\TrustPort Antivirus\bin\avas.exe [2008-02-05 16:17]
S3 avss_service;TrustPort Antivirus Service Scanner Provider;C:\Program Files\TrustPort Antivirus\bin\avss.exe [2008-02-05 16:17]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-30 08:55]
S3 gozer;TrustPort Personal GTW;C:\Program Files\TrustPort Antivirus\bin\gozer.exe [2008-02-05 16:17]
S3 ma763011;M-Audio BlackBox;C:\WINDOWS\system32\drivers\MA763011.sys []
S3 MAUSBBB;Service for M-Audio Black Box (WDM);C:\WINDOWS\system32\DRIVERS\mausbbb.sys []
S3 mfwagsif;MOTU Audio GSIF;C:\WINDOWS\system32\drivers\mfwagsif.sys [2006-08-23 16:18]
S3 mfwamidi;MOTU Audio MIDI;C:\WINDOWS\system32\drivers\mfwamidi.sys [2006-08-23 16:19]
S3 mfwawave;MOTU Audio Wave;C:\WINDOWS\system32\drivers\mfwawave.sys [2006-08-23 16:18]
S3 MotuFWA;MotuFWA;C:\WINDOWS\system32\drivers\MotuFWA.sys [2006-08-23 16:17]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE []
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2005-03-18 03:07]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 03:54]
S3 tomcateisis;Apache Tomcat tomcateisis;c:\eISIS\base\tomcat\bin\tomcat5.exe []
S3 tpavdrw_service;TrustPort Antivirus DrWeb scanner service;"C:\Program Files\TrustPort Antivirus\engines\drweb\dwengine.exe" -rpcpr:lpc -rpcep:tpav_drweb_rpc []
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 16:44]
S3 UBFWNet;Unibrain 1394 FireNet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ubfwnet.sys [2006-05-19 16:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e8e3c4d-ca4d-11dc-b99e-000e9bdc8128}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9752ae0-4a62-11dc-b97d-000e9bdc8128}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 14:51:09 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 15:51:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\wowfx.37l 18944 bytes executable
C:\WINDOWS\system32\wowfx.38l 18944 bytes executable
C:\WINDOWS\system32\wowfx.39l 18944 bytes executable
C:\WINDOWS\system32\wowfx.40l 18944 bytes executable
C:\WINDOWS\system32\wowfx.41l 18944 bytes executable
C:\WINDOWS\system32\wowfx.42l 18944 bytes executable
C:\WINDOWS\system32\wowfx.43l 18944 bytes executable
C:\WINDOWS\system32\wowfx.44l 18944 bytes executable
C:\WINDOWS\system32\wowfx.45l 18944 bytes executable
C:\WINDOWS\system32\wowfx.63l 18944 bytes executable

scan completed successfully
hidden files: 10

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tpavdrw_service]
"ImagePath"="\"C:\Program Files\TrustPort Antivirus\engines\drweb\dwengine.exe\" -rpcpr:lpc -rpcep:tpav_drweb_rpc -name:tpavdrw_service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWRMGRRT.DLL
-> C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
-> C:\Program Files\Informatics\TypOmeter\i_Hook2.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Informatics\TypOmeter\TypOmeter.exe
C:\Program Files\Trillian\trillian.exe
.
**************************************************************************
.
Completion time: 2008-02-10 15:57:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 14:57:49
.
2008-01-14 06:28:06 --- E O F ---

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 17 February 2008 - 10:20 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users