Results 1 to 12 of 12

Thread: !

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User
    Join Date: May:2008
    Location: Smolyan
    Posts: 23

    !

    - - 32. - - C:\WINDOWS\system32\dmserver.dll - Win32/Patched.BU virus - unable to clean...

    , , ... , ... , ... - ...

    dmserver.dll microsoft.com ...
    :
    Is the file in the system 32 folder?
    Is the file size 23,552 bytes?
    Is the file dated 4/14/2008?

    If so, it is likely clean!
    - ...,
    - http://virusscan.jotti.org/ - :


    Microsoft utility: SFC /SCANNOW , .

    ?

    - HijackThis ComboFix:

    HijackThis:
    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:21:34, on 26.11.2008 .
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\System32\TPHDEXLG.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Todo\Desktop\security\HijackThis\myscan.exe.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{940D9F92-3EB8-4AA2-BDE4-7DF564D48288}: NameServer = 213.16.41.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F2FBF508-8506-4CB3-81E1-5C1FD1FB78EB}: NameServer = 195.24.90.1 195.24.88.1
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    
    --
    End of file - 17316 bytes
    ComboFix:
    Code:
    ComboFix 08-11-26.01 - Todo 2008-11-26  1:25:58.1 - NTFSx86
    Microsoft Windows XP Professional  5.1.2600.3.1251.1.1033.18.1134 [GMT 2:00]
    Running from: c:\documents and settings\Todo\Desktop\security\ComboFix.exe
     * Created a new restore point
     * Resident AV is active
    
    
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\windows\system32\msvcsv60.dll
    
    .
    (((((((((((((((((((((((((   Files Created from 2008-10-25 to 2008-11-25  )))))))))))))))))))))))))))))))
    .
    
    2008-11-25 19:14 . 2008-11-25 19:15	<DIR>	d--------	c:\program files\RogueRemover FREE
    2008-11-24 21:45 . 2008-04-14 03:12	116,224	--a------	c:\windows\system32\dllcache\xrxwiadr.dll
    2008-11-24 21:45 . 2001-08-17 22:37	99,865	--a------	c:\windows\system32\dllcache\xlog.exe
    2008-11-24 21:45 . 2004-08-04 14:00	28,288	--a------	c:\windows\system32\dllcache\xjis.nls
    2008-11-24 21:45 . 2001-08-17 22:37	27,648	--a------	c:\windows\system32\dllcache\xrxftplt.exe
    2008-11-24 21:45 . 2001-08-17 22:36	23,040	--a------	c:\windows\system32\dllcache\xrxwbtmp.dll
    2008-11-24 21:45 . 2008-04-14 03:12	18,944	--a------	c:\windows\system32\dllcache\xrxscnui.dll
    2008-11-24 21:45 . 2001-08-17 12:11	16,970	--a------	c:\windows\system32\dllcache\xem336n5.sys
    2008-11-24 21:45 . 2001-08-17 22:37	4,608	--a------	c:\windows\system32\dllcache\xrxflnch.exe
    2008-11-24 21:43 . 2001-08-17 13:28	794,654	--a------	c:\windows\system32\dllcache\usr1801.sys
    2008-11-24 21:42 . 2001-08-17 22:36	525,568	--a------	c:\windows\system32\dllcache\tridxp.dll
    2008-11-24 21:41 . 2004-08-04 14:00	185,344	--a------	c:\windows\system32\dllcache\thawbrkr.dll
    2008-11-24 21:40 . 2001-08-17 12:18	285,760	--a------	c:\windows\system32\dllcache\stlnata.sys
    2008-11-24 21:39 . 2001-08-17 14:56	252,032	--a------	c:\windows\system32\dllcache\sis300iv.dll
    2008-11-24 21:38 . 2001-08-17 22:36	495,616	--a------	c:\windows\system32\dllcache\sblfx.dll
    2008-11-24 21:37 . 2001-08-17 13:28	899,146	--a------	c:\windows\system32\dllcache\r2mdkxga.sys
    2008-11-24 21:36 . 2008-04-14 03:12	363,520	--a------	c:\windows\system32\dllcache\psisdecd.dll
    2008-11-24 21:35 . 2001-08-17 14:05	351,616	--a------	c:\windows\system32\dllcache\ovcodek2.sys
    2008-11-24 21:34 . 2001-08-17 12:50	198,144	--a------	c:\windows\system32\dllcache\nv3.sys
    2008-11-24 21:33 . 2004-08-04 14:00	1,875,968	--a------	c:\windows\system32\dllcache\msir3jp.lex
    2008-11-24 21:32 . 2001-08-17 13:28	802,683	--a------	c:\windows\system32\dllcache\ltsm.sys
    2008-11-24 21:31 . 2004-08-04 14:00	1,158,818	--a------	c:\windows\system32\dllcache\korwbrkr.lex
    2008-11-24 21:30 . 2004-08-04 14:00	10,129,408	--a------	c:\windows\system32\dllcache\hwxkor.dll
    2008-11-24 21:29 . 2001-08-17 13:28	542,879	--a------	c:\windows\system32\dllcache\hsf_msft.sys
    2008-11-24 21:28 . 2001-08-17 14:56	1,733,120	--a------	c:\windows\system32\dllcache\g400d.dll
    2008-11-24 21:27 . 2001-08-17 13:28	634,134	--a------	c:\windows\system32\dllcache\el656ct5.sys
    2008-11-24 21:26 . 2001-08-17 12:14	952,007	--a------	c:\windows\system32\dllcache\diwan.sys
    2008-11-24 21:25 . 2004-08-04 14:00	1,677,824	--a------	c:\windows\system32\dllcache\chsbrkr.dll
    2008-11-24 21:24 . 2001-08-17 13:28	871,388	--a------	c:\windows\system32\dllcache\bcmdm.sys
    2008-11-24 21:23 . 2001-08-17 13:28	762,780	--a------	c:\windows\system32\dllcache\3cwmcru.sys
    2008-11-24 21:22 . 2004-08-04 14:00	94,720	--a------	c:\windows\system32\dllcache\certmap.ocx
    2008-11-21 12:20 . 2008-11-21 12:20	<DIR>	d--------	c:\program files\Panda Security
    2008-11-21 12:20 . 2008-06-19 17:24	28,544	--a------	c:\windows\system32\drivers\pavboot.sys
    2008-11-21 12:12 . 2008-11-21 12:18	<DIR>	d--------	c:\windows\BDOSCAN8
    2008-11-21 11:32 . 2008-11-21 11:32	<DIR>	d--------	C:\fsaua.data
    2008-11-21 03:10 . 2008-11-24 19:34	60,319,776	--ahs----	c:\windows\system32\drivers\fidbox.dat
    2008-11-21 03:10 . 2008-11-24 19:34	708,992	--ahs----	c:\windows\system32\drivers\fidbox.idx
    2008-11-20 22:12 . 2008-11-20 22:12	<DIR>	d--------	c:\documents and settings\Todo\DoctorWeb
    2008-11-20 22:08 . 2008-11-20 22:08	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Grisoft
    2008-11-20 20:32 . 2008-11-20 20:39	<DIR>	d--------	c:\program files\Spybot - Search & Destroy
    2008-11-20 20:32 . 2008-11-20 20:32	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-20 20:23 . 2008-11-21 13:11	<DIR>	d--------	c:\program files\SUPERAntiSpyware
    2008-11-20 20:23 . 2008-11-20 20:23	<DIR>	d--------	c:\documents and settings\Todo\Application Data\SUPERAntiSpyware.com
    2008-11-20 20:23 . 2008-11-20 20:23	<DIR>	d--------	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-11-20 18:33 . 2008-11-20 18:33	<DIR>	d--------	c:\program files\7-Zip
    2008-11-20 18:29 . 2008-11-20 18:29	<DIR>	d--------	c:\program files\ARAR
    2008-11-19 13:13 . 2008-11-26 01:33	27,744	--a------	c:\windows\system32\nvModes.001
    2008-11-19 13:10 . 2008-03-21 03:19	175,763	--a------	c:\windows\system32\nvapps.nvb
    2008-11-19 13:00 . 2008-10-16 14:07	23,576	--a------	c:\windows\system32\wuapi.dll.mui
    2008-11-17 21:22 . 2008-11-17 21:22	<DIR>	d--------	c:\program files\Bonjour
    2008-11-17 21:13 . 2008-11-17 21:13	<DIR>	d--------	c:\program files\Common Files\Macrovision Shared
    2008-11-17 20:27 . 2008-11-17 20:27	<DIR>	d--------	c:\program files\Common Files\Adobe AIR
    2008-11-17 19:56 . 2008-11-17 19:56	<DIR>	d--------	c:\program files\Windows Installer Clean Up
    2008-11-17 19:56 . 2008-11-17 19:56	<DIR>	d--------	c:\program files\MSECACHE
    2008-11-17 14:04 . 2008-11-17 14:04	<DIR>	d--------	c:\documents and settings\Todo\Application Data\UseNeXT
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-25 23:33	---------	d-----w	c:\documents and settings\Todo\Application Data\skypePM
    2008-11-25 23:27	---------	d---a-w	c:\program files\FlashGet
    2008-11-25 23:27	---------	d-----w	c:\documents and settings\Todo\Application Data\Skype
    2008-11-24 17:09	---------	d---a-w	c:\program files\Lenovo
    2008-11-20 14:36	---------	d---a-w	c:\program files\eMule
    2008-11-17 19:22	---------	d-----w	c:\program files\Common Files\Adobe
    2008-11-08 10:13	3,048,506	----a-w	c:\program files\eMule.rar
    2008-11-02 14:04	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys
    2008-10-23 06:59	---------	d-----w	c:\program files\VOCALOID
    2008-10-21 20:12	---------	d-----w	c:\program files\Skype
    2008-10-21 20:12	---------	d-----w	c:\program files\Common Files\Skype
    2008-10-21 20:12	---------	d-----w	c:\documents and settings\All Users\Application Data\Skype
    2008-10-20 11:08	---------	d--h--w	c:\program files\InstallShield Installation Information
    2008-10-16 12:13	202,776	----a-w	c:\windows\system32\wuweb.dll
    2008-10-16 12:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll
    2008-10-16 12:12	561,688	----a-w	c:\windows\system32\wuapi.dll
    2008-10-16 12:12	323,608	----a-w	c:\windows\system32\wucltui.dll
    2008-10-16 12:09	92,696	----a-w	c:\windows\system32\cdm.dll
    2008-10-16 12:09	51,224	----a-w	c:\windows\system32\wuauclt.exe
    2008-10-16 12:09	43,544	----a-w	c:\windows\system32\wups2.dll
    2008-10-16 12:08	34,328	----a-w	c:\windows\system32\wups.dll
    2008-10-13 09:54	---------	d-----w	c:\documents and settings\Todo\Application Data\Steinberg
    2008-10-13 09:33	---------	d-----w	c:\program files\Steinberg
    2008-10-13 09:31	---------	d-----w	c:\program files\Syncrosoft
    2008-10-11 23:42	---------	d-----w	c:\documents and settings\Todo\Application Data\Waves Preferences
    2008-10-11 23:37	---------	d-----w	c:\documents and settings\Todo\Application Data\Waves
    2008-10-11 23:35	---------	d-----w	c:\documents and settings\Todo\Application Data\Waves Audio
    2008-10-11 23:34	---------	d-----w	c:\program files\Waves
    2008-10-11 23:09	---------	d-----w	c:\program files\Har-Bal 2.0
    2008-10-08 21:01	---------	d-----w	c:\program files\Aixcoustic
    2008-09-30 14:43	1,286,152	----a-w	c:\windows\system32\msxml4.dll
    2008-09-29 08:05	---------	d-----w	c:\program files\Opera
    2008-09-15 12:12	1,846,400	----a-w	c:\windows\system32\win32k.sys
    2008-09-10 01:14	1,307,648	----a-w	c:\windows\system32\msxml6.dll
    2008-09-04 17:15	1,106,944	----a-w	c:\windows\system32\msxml3.dll
    2008-08-26 07:24	826,368	----a-w	c:\windows\system32\wininet.dll
    2008-04-18 15:37	32,768	--sh--w	c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
    .
    
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 626688]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-21 13524992]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
    "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-01-11 144728]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-04 2630968]
    "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2005-12-13 91136]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
    "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
    "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-05-27 413696]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-09-26 35328]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-21 86016]
    "TpShocks"="TpShocks.exe" [2007-11-23 c:\windows\system32\TpShocks.exe]
    "nwiz"="nwiz.exe" [2008-03-21 c:\windows\system32\nwiz.exe]
    
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-28 561213]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-18 50688]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-20 118784]
    
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-03-15 07:17 89600 c:\windows\system32\psqlpwd.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 09:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2006-12-14 04:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    2007-07-05 23:52 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "msacm.l3fhg"= mp3fhg.acm
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages	REG_MULTI_SZ   	scecli ACGina psqlpwd
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\FlashGet\\flashget.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "e:\\MUSIC\\eMule0.49a\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-21 28544]
    R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-10-17 103472]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-10-17 19504]
    R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2008-04-18 11520]
    R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
    R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2008-04-18 4224]
    R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-04-18 4442]
    R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [2008-06-16 49152]
    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]
    R2 smihlp;SMI Helper Driver (smihlp);\??\c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-15 11152]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-02-08 569344]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2008-10-13 33792]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-23 30336]
    S2 adfs;adfs; []
    S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2006-04-30 3584]
    S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;\??\c:\program files\Magix\Sequoia7\mxasio.sys [2008-06-14 4899]
    S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-06-16 102528]
    S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\system32\DRIVERS\mausb.sys [2008-06-16 102528]
    .
    Contents of the 'Scheduled Tasks' folder
    
    2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    
    2008-11-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-13 00:54]
    
    2008-11-25 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-12-06 18:22]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - c:\documents and settings\Todo\Application Data\Mozilla\Firefox\Profiles\yrnynryw.default\
    FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF -: plugin - c:\program files\Opera\program\plugins\nppl3260.dll
    FF -: plugin - c:\program files\Opera\program\plugins\nprpjplug.dll
    .
    
    **************************************************************************
    
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-26 01:32:11
    Windows 5.1.2600 Service Pack 3 NTFS
    
    scanning hidden processes ... 
    
    scanning hidden autostart entries ...
    
    scanning hidden files ... 
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    
    - - - - - - - > 'winlogon.exe'(1004)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\program files\ThinkVantage Fingerprint Software\remote.dll
    c:\program files\Lenovo\HOTKEY\tphklock.dll
    c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
    c:\program files\ThinkVantage Fingerprint Software\crypto.dll
    
    - - - - - - - > 'lsass.exe'(1060)
    c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACON.dll
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
    c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\windows\system32\TPHDEXLG.exe
    c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\searchindexer.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\Lenovo\System Update\SUService.exe
    c:\program files\Common Files\Lenovo\Logger\logmon.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Apoint2K\ApMsgFwd.exe
    c:\program files\Lenovo\ZOOM\TpScrex.exe
    c:\program files\Apoint2K\ApntEx.exe
    c:\windows\system32\searchprotocolhost.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\windows\system32\searchfilterhost.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-26  1:36:49 - machine was rebooted
    ComboFix-quarantined-files.txt  2008-11-25 23:36:46
    
    Pre-Run: 2*669*195*264 bytes free
    Post-Run: 2,921,627,648 bytes free
    
    319	--- E O F ---	2008-11-18 09:32:26

  2. #2
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    DMSERVER.DLL \windows\system32\dllcache, Safe mode, Logical Disk Manager, , - live CD, UBCD4Win .
    , Search Windows , . CD- Windows:
    Code:
    expand h:\xp_sp3\i386\DMSERVER.DL_ c:\windows\system32\DMSERVERori.DLL
    winlogon.exe :
    http://www.hardwarebg.com/forum/showthread.php?t=139452

  3. #3
    Registered User
    Join Date: Sep:2007
    Location: Sofia
    Posts: 6

    BitDefender rescue disk

    , Sality ( )., - BitDefender rescue disk - http://download.bitdefender.com/resc...07_08_2008.iso
    Knoppix. . .

  4. #4
    Registered User
    Join Date: May:2008
    Location: Smolyan
    Posts: 23
    , . dmserver.dll , Avenger:
    Code:
    Files to delete:
    c:\windows\system32\dmserver.dll
    - system32-.

    -, .

    ?

  5. #5
    Paffkata paf666's Avatar
    Join Date: May:2008
    Location: Bulgaria
    Posts: 92
    , dmssarver ..

  6. #6
    Hacker
    Join Date: Oct:2008
    Location: localhost
    Posts: 150
    Quote Originally Posted by prikumov View Post
    , . dmserver.dll , Avenger:
    Code:
    Files to delete:
    c:\windows\system32\dmserver.dll
    - system32-.

    -, .

    ?
    ?! , ! 4-5, / svchost.exe- system Windows-/ . - system32, 90% ... . ...


    NotFreeUserName - "" ?!
    Let 7he gr0ovE r3LeaSe y0ur m!nd !

  7. #7
    Registered User
    Join Date: Jan:2009
    Location: Sofia
    Posts: 3
    HijackThis ComboFix ?

  8. #8
    Registered User
    Join Date: Jan:2009
    Location: Sofia
    Posts: 3
    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:15:36, on 06.1.2009 .
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\RamCleaner\RamCleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] ybyxlb.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RamCleaner] C:\Program Files\RamCleaner\ramcore.exe -s
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: SysH43325 REQQStartup.lnk = C:\WINDOWS\system32\SysH43325 REQQStartup.exe
    O4 - Global Startup: SysH43325 REQQStartup.lnk = C:\WINDOWS\system32\SysH43325 REQQStartup.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://10.10.0.99/VatDec.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1EBC689A-E681-4E0C-AFE3-2DAE1A0C8CC7}: NameServer = 10.0.0.10,10.10.0.100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F37ACE24-F8E3-4CCB-8318-13135F9C7091}: NameServer = 10.0.0.10
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: urqNHXoP - urqNHXoP.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    
    --
    End of file - 8229 bytes
    .... ?

  9. #9
    Hacker
    Join Date: Oct:2008
    Location: localhost
    Posts: 150
    Quote Originally Posted by NotFreeUserName View Post
    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:15:36, on 06.1.2009 .
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Cyberlink\Shared Files\brs.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\RamCleaner\RamCleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] ybyxlb.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RamCleaner] C:\Program Files\RamCleaner\ramcore.exe -s
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: SysH43325 REQQStartup.lnk = C:\WINDOWS\system32\SysH43325 REQQStartup.exe
    O4 - Global Startup: SysH43325 REQQStartup.lnk = C:\WINDOWS\system32\SysH43325 REQQStartup.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://10.10.0.99/VatDec.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1EBC689A-E681-4E0C-AFE3-2DAE1A0C8CC7}: NameServer = 10.0.0.10,10.10.0.100
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F37ACE24-F8E3-4CCB-8318-13135F9C7091}: NameServer = 10.0.0.10
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: urqNHXoP - urqNHXoP.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    
    --
    End of file - 8229 bytes
    .... ?

    O4 - HKLM\..\RunServices: [Microsoft Update Machine] ybyxlb.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware. exe - "" ?!
    Let 7he gr0ovE r3LeaSe y0ur m!nd !

  10. #10
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Quote Originally Posted by Addicted2seX View Post
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware. exe - "" ?!
    - , malware.

    , Kaspersky online scanner .

  11. #11
    Registered User
    Join Date: Jan:2009
    Location: Sofia
    Posts: 3
    Spywares ?

    O4 - HKLM\..\RunServices: [Microsoft Update Machine] ybyxlb.exe - ?


    .... ?

    O20 - Winlogon Notify: urqNHXoP - urqNHXoP.dll (file missing)
    Last edited by NotFreeUserName; 6th January 2009 at 01:40.

  12. #12
    Hacker
    Join Date: Oct:2008
    Location: localhost
    Posts: 150
    HiJackThis fix.. fix , :

    O4 - Startup: SysH43325 REQQStartup.lnk = C:\WINDOWS\system32\SysH43325 REQQStartup.exe
    O4 - Global Startup: SysH43325 REQQStartup.lnk = C:\WINDOWS\system32\SysH43325 REQQStartup.exe
    O20 - Winlogon Notify: urqNHXoP - urqNHXoP.dll (file missing)
    Let 7he gr0ovE r3LeaSe y0ur m!nd !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |