Thread: Firefox browser hijack and flash drive folders becoming .exe
View Single Post
Old 06-18-2009, 06:28 AM   #5 (permalink)
niksgt
Registered User
 
Join Date: Jun 2009
Posts: 20
OS: Windows XP, SP 2


Re: Firefox browser hijack and flash drive folders becoming .exe
Sorry, upon restart I ran ComboFix again and it worked fine this time:

ComboFix 09-06-17.04 - NICKATTACK 06/19/2009 0:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.613 [GMT 12:00]
Running from: c:\documents and settings\NICKATTACK\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
.

((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-18 08:17 . 2009-06-18 08:17 -------- d-----w- c:\documents and settings\NICKATTACK\Local Settings\Application Data\WMTools Downloaded Files
2009-06-16 03:43 . 2009-06-16 03:43 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\Autodesk
2009-06-16 02:08 . 2009-06-16 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-16 02:07 . 2009-06-16 02:07 -------- d-----w- c:\documents and settings\NICKATTACK\Local Settings\Application Data\Autodesk
2009-06-14 10:32 . 2009-06-14 10:32 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-14 10:30 . 2009-06-14 10:32 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-14 10:27 . 2009-06-16 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-06-14 10:14 . 2009-06-14 10:33 -------- d-----w- c:\program files\Autodesk
2009-06-14 10:13 . 2008-07-30 22:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-06-14 10:13 . 2008-07-30 22:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-06-14 10:13 . 2008-07-30 22:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-06-14 10:13 . 2008-07-11 20:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-06-14 10:13 . 2008-07-11 20:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-06-14 10:13 . 2008-07-11 20:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-06-14 10:13 . 2007-05-16 04:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2009-06-14 10:13 . 2007-05-16 04:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2009-06-14 10:13 . 2007-05-16 04:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-06-14 10:13 . 2006-11-29 01:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-14 10:13 . 2006-09-28 04:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-06-14 10:13 . 2009-06-14 10:13 -------- d-----w- c:\windows\Logs
2009-06-14 10:12 . 2009-06-17 05:08 258584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-14 10:11 . 2009-06-14 10:11 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-14 10:11 . 2009-06-14 10:11 -------- d-----w- c:\program files\MSBuild
2009-06-14 10:11 . 2009-06-14 10:11 -------- d-----w- c:\program files\Reference Assemblies
2009-06-14 10:10 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-14 10:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-14 10:10 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-14 10:10 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-14 10:10 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-14 10:10 . 2009-06-14 10:11 -------- d-----w- C:\9d3084bc6b5eda843311eef063d0
2009-06-14 10:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-14 10:10 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-14 10:09 . 2009-06-17 05:09 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-14 10:05 . 2009-06-14 10:05 -------- d-----w- c:\program files\MSXML 6.0
2009-06-14 09:41 . 2009-06-14 09:41 -------- d-----w- C:\Autodesk
2009-06-12 11:07 . 2009-06-14 00:31 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\Download Manager
2009-05-23 12:13 . 2009-05-23 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-05-23 12:13 . 2009-05-23 12:13 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-05-23 11:05 . 2009-05-23 12:12 -------- d-----w- c:\program files\Macromedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 08:16 . 2006-11-12 02:11 -------- d-----w- c:\program files\Soulseek
2009-06-18 01:34 . 2008-02-22 08:19 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\Azureus
2009-06-17 11:51 . 2008-11-26 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-17 10:52 . 2008-10-08 01:21 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\foobar2000
2009-06-17 04:35 . 2008-10-19 23:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-16 03:44 . 2006-09-22 04:40 79080 ----a-w- c:\documents and settings\NICKATTACK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 23:04 . 2006-11-08 07:36 -------- d-----w- c:\program files\Last.fm
2009-05-25 14:50 . 2008-02-22 08:16 -------- d-----w- c:\program files\Azureus
2009-05-23 12:12 . 2006-09-21 06:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:44 . 1980-01-01 07:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-06-23 18:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-10-06 00:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 1980-01-01 07:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-03-06 02:16 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-20 23:37 . 2009-03-20 23:38 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe
2006-05-06 16:42 . 2006-10-26 01:20 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2008-05-29 11:36 . 2008-05-29 11:36 2 --shatr- c:\windows\winstart.bat
2007-05-23 04:23 . 2007-08-28 20:09 46526 --sha-w- c:\windows\system32\sybqnub.exe.ren
2009-03-04 05:50 . 2009-03-04 05:50 0 --sh--w- c:\windows\system32\wemtareg.exe
2009-03-04 21:38 . 2009-03-04 21:38 20992 --sh--w- c:\windows\system32\wemtoreg.exe
2009-02-21 00:31 . 2009-02-21 00:31 20992 --sh--w- c:\windows\system32\wimtareg.exe
2009-02-19 20:13 . 2009-02-19 20:13 20992 --sh--w- c:\windows\system32\wimzareg.exe
2008-10-15 00:07 . 2008-10-15 00:07 15360 --sh--w- c:\windows\system32\winmcreg.exe
2008-10-25 18:01 . 2008-10-25 18:01 15360 --sh--w- c:\windows\system32\winncreg.exe
2008-11-13 03:49 . 2008-11-13 03:49 15872 --sh--w- c:\windows\system32\winqcreg.exe
2008-11-21 00:57 . 2008-11-21 00:57 16384 --sh--w- c:\windows\system32\winrcreg.exe
2008-11-25 20:08 . 2008-11-25 20:08 16384 --sh--w- c:\windows\system32\winscreg.exe
2008-12-04 07:58 . 2008-12-04 07:58 16896 --sh--w- c:\windows\system32\winucreg.exe
2008-12-09 20:39 . 2008-12-09 20:39 16896 --sh--w- c:\windows\system32\winxcreg.exe
2008-12-16 03:26 . 2008-12-16 03:26 16896 --sh--w- c:\windows\system32\winzcreg.exe
2009-03-10 21:27 . 2009-03-10 21:27 20992 --sh--w- c:\windows\system32\wtitoreg.exe
2009-03-08 22:06 . 2009-03-08 22:06 20992 --sh--w- c:\windows\system32\wtmtoreg.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-01-20 581632]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2003-12-25 394752]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-09-13 237568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-01-20 581632]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-12-25 106496]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-22 344064]
"TPKBDLED"="c:\windows\System32\TpScrLk.exe" [2002-10-09 40960]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-10-05 100056]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BluetoothAuthenticationAgent"="irprops.cpl" - c:\windows\system32\irprops.cpl [2004-08-04 380416]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2003-12-17 102400]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"configmsi"="rmdir" [X]
"supportdir"="rmdir" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-6 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI5"=diomidi.dll
"wave5"=Digi32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli csspwntfy

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^NICKATTACK^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\NICKATTACK\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^NICKATTACK^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\NICKATTACK\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [8/21/2006 8:04 PM 6912]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [9/21/2006 6:21 PM 58568]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [9/21/2006 6:21 PM 15360]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [4/29/2008 10:09 PM 11776]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [8/21/2006 8:44 PM 12544]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 5:36 PM 86016]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/16/2005 8:11 AM 46142]
R2 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [9/21/2006 6:21 PM 4433]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/21/2006 8:10 PM 3968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 koreavs;koreavs;c:\windows\system32\drivers\koreavs.sys [6/14/2007 9:20 PM 25088]
S3 koreusb;koreusb;c:\windows\system32\drivers\koreusb.sys [6/14/2007 9:20 PM 82944]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [5/29/2008 11:38 PM 30946]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [7/15/2006 11:37 AM 14336]
S3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [7/10/2007 9:06 PM 55840]
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2006-09-21 08:36]

2009-06-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-12 09:42]

2009-06-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 06:20]

2009-06-12 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-22 01:22]

2006-09-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-09-21 00:17]

2009-06-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 10:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BMMLREF - c:\program files\ThinkPad\Utilities\BMMLREF.EXE
HKLM-Run-DigidesignMMERefresh - c:\program files\Digidesign\Drivers\MMERefresh.exe
HKLM-Run-oxbvpen - c:\windows\system32\gwthtis.exe
HKLM-Run-udjudwq - c:\windows\system32\sybqnub.exe
HKLM-Run-XP-04C704A7 - c:\windows\system32\XP-04C704A7.EXE
ShellExecuteHooks-{A93A4625-6216-499C-B360-BBD0A7C0D479} - c:\program files\Common Files\Microsoft Shared\MSINFO\QQGS1.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.cn/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\NICKATTACK\Application Data\Mozilla\Firefox\Profiles\f1sqrupv.default\
FF - prefs.js: browser.startup.homepage - www.blackle.co.nz
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 00:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(876)
c:\program files\IBM ThinkVantage\Client Security Solution\csspwntfy.dll
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtsp.dll
c:\program files\IBM ThinkVantage\Client Security Solution\tcsrpc.dll
c:\program files\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll

- - - - - - - > 'explorer.exe'(2180)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\mshtml.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-18 0:25
ComboFix-quarantined-files.txt 2009-06-18 12:24

Pre-Run: 6,806,904,832 bytes free
Post-Run: 6,788,554,752 bytes free

255 --- E O F --- 2009-06-15 15:01
niksgt is offline