Thread: Firefox browser hijack and flash drive folders becoming .exe
View Single Post
Old 07-10-2009, 05:59 PM   #7 (permalink)
niksgt
Registered User
 
Join Date: Jun 2009
Posts: 20
OS: Windows XP, SP 2


Re: Firefox browser hijack and flash drive folders becoming .exe
Hi Ried,

Thanks for your help. Sorry about the delay in my reply, I haven't had a chance to follow this up.

My system is behaving fine now. One problem though:
-my flash drives and external drives still have their folders as .exe files, i can access them through typing the path into explorer, but not through clicking or opening them. Also, another computer I put one of my flash drives into the other day said the flash drive has a virus - w32/sillyFDC . My computer doesn't seem to recognise this.

Also, combofix seems to have a lot of problems when it runs on my machine. this time around, first time it reset the computer part way through, second time it told me to write down c:\windows\temp\logishrd\LVPrcInj01.dll for your review.
It then told me it was going to reset the computer - except it didn't reset the computer and completed the scan. It also claimed it couldn't read 'whitedir.dat' , I guess this will be in the logfile though.

Many thanks for your help.

-----------------------------------------------------------------------


ComboFix 09-07-09.06 - NICKATTACK 07/10/2009 15:33.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.676 [GMT 12:00]
Running from: c:\documents and settings\NICKATTACK\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\NICKATTACK\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
.
The following files were disabled during the run:
c:\windows\TEMP\logishrd\LVPrcInj01.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Previous Run -------
.
c:\windows\Installer\62f4a.msi
c:\windows\system32\sybqnub.exe.ren
c:\windows\system32\wemtareg.exe
c:\windows\system32\wemtoreg.exe
c:\windows\system32\wimtareg.exe
c:\windows\system32\wimzareg.exe
c:\windows\system32\winmcreg.exe
c:\windows\system32\winncreg.exe
c:\windows\system32\winqcreg.exe
c:\windows\system32\winrcreg.exe
c:\windows\system32\winscreg.exe
c:\windows\system32\winucreg.exe
c:\windows\system32\winxcreg.exe
c:\windows\system32\winzcreg.exe
c:\windows\system32\wtitoreg.exe
c:\windows\system32\wtmtoreg.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 03:43 . 2003-02-20 16:03 -------- d-----w- c:\program files\Common Files
2009-07-10 03:42 . 2003-02-20 16:18 2048 --s-a-w- c:\windows\bootstat.dat
2009-07-10 03:42 . 2006-09-21 05:55 1610612736 --sha-w- C:\pagefile.sys
2009-07-10 03:41 . 2006-09-21 06:55 11272192 ---ha-w- c:\documents and settings\NICKATTACK\NTUSER.DAT
2009-07-10 03:41 . 2003-02-20 16:20 233472 ---ha-w- c:\documents and settings\LocalService\NTUSER.DAT
2009-07-10 03:41 . 2003-02-20 16:20 233472 ---ha-w- c:\documents and settings\NetworkService\NTUSER.DAT
2009-07-10 03:26 . 2009-07-10 03:26 388608 ----a-w- c:\windows\system32\CF18450.exe
2009-07-10 03:22 . 2006-10-26 01:19 -------- d-----w- c:\program files\Mozilla Firefox
2009-07-10 02:06 . 2006-11-12 02:11 -------- d-----w- c:\program files\Soulseek
2009-07-09 12:30 . 2008-11-26 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-04 17:07 . 2008-12-09 04:26 -------- d-----w- c:\program files\DVDlabPro2
2009-07-01 03:52 . 2006-10-29 00:41 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\AdobeUM
2009-06-30 06:59 . 2007-11-02 06:22 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\Skype
2009-06-30 06:54 . 2009-06-19 09:40 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-06-30 06:54 . 2009-06-19 09:40 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-06-22 03:50 . 2008-10-08 01:21 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\foobar2000
2009-06-20 15:00 . 2009-06-20 15:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-19 09:40 . 2009-06-19 09:37 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-06-19 09:37 . 2009-06-19 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-06-19 09:37 . 2009-06-19 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-06-19 09:37 . 2009-06-19 09:37 -------- d-----w- c:\program files\Logitech
2009-06-18 11:19 . 2003-02-20 16:10 -------- d-----w- c:\program files\Internet Explorer
2009-06-18 01:34 . 2008-02-22 08:19 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\Azureus
2009-06-17 05:09 . 2003-02-20 16:02 385624 ----a-w- c:\windows\system32\FNTCACHE.DAT
2009-06-17 05:08 . 2009-06-14 10:12 258584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-17 04:35 . 2008-10-19 23:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-16 03:44 . 2006-09-22 04:40 79080 ----a-w- c:\documents and settings\NICKATTACK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 03:43 . 2009-06-16 03:43 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\Autodesk
2009-06-16 03:43 . 2009-06-14 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-06-16 02:08 . 2009-06-16 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-14 10:33 . 2009-06-14 10:14 -------- d-----w- c:\program files\Autodesk
2009-06-14 10:32 . 2009-06-14 10:32 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-14 10:32 . 2009-06-14 10:30 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-14 10:12 . 1980-01-01 07:00 71462 ----a-w- c:\windows\system32\perfc009.dat
2009-06-14 10:12 . 1980-01-01 07:00 441692 ----a-w- c:\windows\system32\perfh009.dat
2009-06-14 10:11 . 2009-06-14 10:11 -------- d-----w- c:\program files\MSBuild
2009-06-14 10:11 . 2009-06-14 10:11 -------- d-----w- c:\program files\Reference Assemblies
2009-06-14 10:05 . 2009-06-14 10:05 -------- d-----w- c:\program files\MSXML 6.0
2009-06-14 00:31 . 2009-06-12 11:07 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\Download Manager
2009-06-07 20:10 . 2009-06-18 11:11 155136 ----a-w- c:\windows\PEV.exe
2009-06-06 23:04 . 2006-11-08 07:36 -------- d-----w- c:\program files\Last.fm
2009-06-01 16:51 . 2006-10-05 23:26 23635392 ----a-w- c:\windows\system32\MRT.exe
2009-05-25 14:50 . 2008-02-22 08:16 -------- d-----w- c:\program files\Azureus
2009-05-23 12:13 . 2009-05-23 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-05-23 12:13 . 2006-09-22 04:24 -------- d-----w- c:\documents and settings\NICKATTACK\Application Data\Macromedia
2009-05-23 12:13 . 2009-05-23 12:13 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-05-23 12:13 . 2009-05-23 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Macromedia
2009-05-23 12:12 . 2009-05-23 11:05 -------- d-----w- c:\program files\Macromedia
2009-05-23 12:12 . 2006-09-21 06:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 15:44 . 1980-01-01 07:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-06-23 18:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:56 . 1980-01-01 07:00 233472 ----a-w- c:\windows\system32\webcheck.dll
2009-04-29 04:56 . 2006-08-31 03:42 1159680 ----a-w- c:\windows\system32\urlmon.dll
2009-04-29 04:56 . 1980-01-01 07:00 671232 ------w- c:\windows\system32\mstime.dll
2009-04-29 04:56 . 1980-01-01 07:00 44544 ----a-w- c:\windows\system32\pngfilt.dll
2009-04-29 04:56 . 1980-01-01 07:00 105984 ----a-w- c:\windows\system32\url.dll
2009-04-29 04:56 . 1980-01-01 07:00 102912 ------w- c:\windows\system32\occache.dll
2009-04-29 04:56 . 2006-06-30 17:28 3596288 ----a-w- c:\windows\system32\mshtml.dll
2009-04-29 04:56 . 1980-01-01 07:00 477696 ----a-w- c:\windows\system32\mshtmled.dll
2009-04-29 04:56 . 1980-01-01 07:00 193024 ------w- c:\windows\system32\msrating.dll
2009-04-28 09:05 . 2007-08-13 05:39 13824 ----a-w- c:\windows\system32\ieudinit.exe
2009-04-28 09:05 . 1980-01-01 07:00 70656 ------w- c:\windows\system32\ie4uinit.exe
2009-04-25 05:26 . 1980-01-01 07:00 161792 ------w- c:\windows\system32\ieakui.dll
2009-04-20 00:56 . 2009-06-18 11:11 31232 ----a-w- c:\windows\NIRCMD.exe
2009-04-17 09:58 . 1980-01-01 07:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-03-06 02:16 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 09:24 . 2005-05-17 00:43 351744 ----a-w- c:\windows\system32\xpsp3res.dll
2006-05-06 16:42 . 2006-10-26 01:20 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\koreavs.sys ---
Company: Native Instruments GmbH
File Description: Native Instruments WDM Audio Driver (AVStream)
File Version: 1.1.3.0
Product Name: Kore Controller
Copyright: Copyright © 2005, 2006 by Native Instruments GmbH
Original Filename: ni_avs.sys
File size: 25088
Created time: 2007-06-14 09:20
Modified time: 2006-03-22 21:54
MD5: 0E1A03FC2C062087B5F4A7118426FEC2
SHA1: EB864C5E14809CDC275F0E021498D303C28255A6


((((((((((((((((((((((((((((( SnapShot_2009-06-21_13.17.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-09-21 06:31 . 2006-09-21 06:31 80896 c:\windows\Installer\d99d.msi
+ 2008-07-29 09:07 . 2008-07-29 09:07 23040 c:\windows\Installer\b40531a.msp
+ 2009-06-14 10:08 . 2009-06-14 10:08 88576 c:\windows\Installer\b3a6ec9.msi
+ 2009-06-14 10:12 . 2009-06-14 10:12 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2006-09-21 06:33 . 2006-09-21 06:33 520192 c:\windows\Installer\d9ef.msi
+ 2006-09-21 06:33 . 2006-09-21 06:33 389120 c:\windows\Installer\d9e9.msi
+ 2006-09-21 06:33 . 2006-09-21 06:33 586752 c:\windows\Installer\d9e2.msi
+ 2006-09-21 06:33 . 2006-09-21 06:33 435200 c:\windows\Installer\d9dc.msi
+ 2006-09-21 06:33 . 2006-09-21 06:33 983040 c:\windows\Installer\d9d6.msi
+ 2006-09-21 06:32 . 2006-09-21 06:32 252416 c:\windows\Installer\d9c5.msi
+ 2006-09-21 06:32 . 2006-09-21 06:32 690688 c:\windows\Installer\d9b5.msi
+ 2006-09-21 06:31 . 2006-09-21 06:31 314368 c:\windows\Installer\d9a9.msi
+ 2006-09-21 06:31 . 2006-09-21 06:31 279552 c:\windows\Installer\d997.msi
+ 2006-09-21 06:30 . 2006-09-21 06:30 351232 c:\windows\Installer\d991.msi
+ 2003-02-20 16:20 . 2003-02-20 16:21 264704 c:\windows\Installer\c4fb.msi
+ 2009-06-14 10:13 . 2009-06-14 10:13 648192 c:\windows\Installer\b419303.msi
+ 2008-07-29 09:23 . 2008-07-29 09:23 250880 c:\windows\Installer\b405323.msp
+ 2008-07-29 09:28 . 2008-07-29 09:28 278016 c:\windows\Installer\b405321.msp
+ 2008-07-29 07:40 . 2008-07-29 07:40 291840 c:\windows\Installer\b40531f.msp
+ 2009-06-14 10:12 . 2009-06-14 10:12 137728 c:\windows\Installer\b405319.msi
+ 2008-07-29 05:35 . 2008-07-29 05:35 553472 c:\windows\Installer\b3a6ece.msp
+ 2008-07-29 05:33 . 2008-07-29 05:33 506368 c:\windows\Installer\b3a6ecc.msp
+ 2008-07-29 05:37 . 2008-07-29 05:37 911360 c:\windows\Installer\b3a6ecb.msp
+ 2009-06-14 10:02 . 2009-06-14 10:02 228352 c:\windows\Installer\b386602.msi
+ 2008-10-19 23:52 . 2008-10-19 23:52 518656 c:\windows\Installer\a6ccf6e.msi
+ 2006-12-08 09:05 . 2006-12-08 09:05 188416 c:\windows\Installer\a379d7.msi
+ 2006-10-05 23:55 . 2006-10-05 23:55 305152 c:\windows\Installer\9ae6b.msi
+ 2007-08-23 11:24 . 2007-08-23 11:24 431104 c:\windows\Installer\922a5d.msi
+ 2009-06-20 15:00 . 2009-06-20 15:00 470528 c:\windows\Installer\90846e7.msi
+ 2008-04-29 10:09 . 2008-04-29 10:09 652288 c:\windows\Installer\87d403.msi
+ 2006-10-05 23:28 . 2006-10-05 23:28 430080 c:\windows\Installer\7ee86.msi
+ 2009-03-23 07:52 . 2009-03-23 07:52 355328 c:\windows\Installer\6f90575.msi
+ 2007-11-01 10:07 . 2007-11-01 10:07 390656 c:\windows\Installer\606cfe4.msi
+ 2006-10-28 20:16 . 2006-10-28 20:16 559104 c:\windows\Installer\5aebe4f.msi
+ 2008-11-13 00:17 . 2008-11-13 00:17 432640 c:\windows\Installer\5232ab2.msi
+ 2007-11-27 07:54 . 2007-11-27 07:54 537600 c:\windows\Installer\50dd7.msi
+ 2008-05-18 02:49 . 2008-05-18 02:49 599040 c:\windows\Installer\4fe2ac.msi
+ 2008-06-11 02:02 . 2008-06-11 02:02 830464 c:\windows\Installer\4a1fac73.msp
+ 2008-07-28 02:59 . 2008-07-28 02:59 180736 c:\windows\Installer\4a1fac5e.msp
+ 2006-11-19 10:54 . 2006-11-19 10:54 428544 c:\windows\Installer\41d8ba.msi
+ 2008-10-08 03:53 . 2008-10-08 03:53 213504 c:\windows\Installer\25223ed7.msi
+ 2006-10-28 22:22 . 2006-10-28 22:22 428544 c:\windows\Installer\1d27b8.msi
+ 2006-06-13 21:12 . 2006-06-13 21:12 509440 c:\windows\Installer\1d2709.msp
+ 2008-12-08 07:58 . 2008-12-08 07:58 100352 c:\windows\Installer\137f0cb.msi
+ 2007-08-09 08:09 . 2007-08-09 08:09 166400 c:\windows\Installer\13798b.msi
+ 2009-06-15 15:01 . 2009-06-15 15:01 972800 c:\windows\Installer\11701c3d.msi
+ 2008-05-05 11:00 . 2008-05-05 11:00 163840 c:\windows\Installer\100e9ca.msi
+ 2008-05-05 10:58 . 2008-05-05 10:58 243712 c:\windows\Installer\100e9c4.msi
+ 2008-05-05 10:56 . 2008-05-05 10:56 988672 c:\windows\Installer\100e9bd.msi
+ 2008-05-05 10:49 . 2008-05-05 10:49 332288 c:\windows\Installer\100e9ab.msi
+ 2006-10-05 23:55 . 2006-10-05 23:55 313404 c:\windows\Downloaded Installations\CmdHere Powertoy For Windows XP.msi
+ 2008-04-29 10:09 . 2008-04-29 10:09 714752 c:\windows\Downloaded Installations\{ECF5B991-25E3-4F8F-8AF6-67647BEDCAE9}\Venue InterLok Driver Kit.msi
+ 1980-01-01 07:00 . 2004-07-17 18:35 1326080 c:\windows\system32\webfldrs.msi
+ 2007-05-25 00:08 . 2007-05-25 00:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2009-05-01 03:49 . 2009-05-01 03:49 4328960 c:\windows\Installer\fab4a7f.msp
+ 2009-04-24 00:31 . 2009-04-24 00:31 1425920 c:\windows\Installer\fab4a69.msp
+ 2009-03-05 03:40 . 2009-03-05 03:40 6819840 c:\windows\Installer\f75db2c.msp
+ 2008-01-14 03:54 . 2008-01-14 03:54 5505024 c:\windows\Installer\f4e89a.msp
+ 2008-01-14 03:53 . 2008-01-14 03:53 5213696 c:\windows\Installer\f4e886.msp
+ 2008-01-25 02:29 . 2008-01-25 02:29 5514752 c:\windows\Installer\f4e872.msp
+ 2007-04-25 03:09 . 2007-04-25 03:09 9944064 c:\windows\Installer\e9233d.msp
+ 2007-04-25 03:10 . 2007-04-25 03:10 6835712 c:\windows\Installer\e92328.msp
+ 2008-09-05 00:08 . 2008-09-05 00:08 5515776 c:\windows\Installer\dbe2e.msp
+ 2006-09-21 06:34 . 2006-09-21 06:34 1107968 c:\windows\Installer\d9fa.msi
+ 2006-09-21 06:32 . 2006-09-21 06:32 5454336 c:\windows\Installer\d9bf.msi
+ 2006-09-21 06:32 . 2006-10-05 23:46 2580480 c:\windows\Installer\d9af.msi
+ 2006-09-21 06:31 . 2006-09-21 06:31 1183232 c:\windows\Installer\d9a3.msi
+ 2006-10-30 04:10 . 2006-10-30 04:10 5864960 c:\windows\Installer\c4068.msp
+ 2009-02-11 02:02 . 2009-02-11 02:02 5519872 c:\windows\Installer\bf42b30.msp
+ 2008-04-18 02:26 . 2008-04-18 02:26 5518336 c:\windows\Installer\b7dd782.msp
+ 2008-04-01 02:33 . 2008-04-01 02:33 5479936 c:\windows\Installer\b7dd76d.msp
+ 2008-12-11 22:09 . 2008-12-11 22:09 5517824 c:\windows\Installer\b65a0.msp
+ 2009-06-14 10:14 . 2009-06-14 10:14 3682816 c:\windows\Installer\b41930a.msi
+ 2008-07-29 07:26 . 2008-07-29 07:26 1043456 c:\windows\Installer\b405322.msp
+ 2008-07-29 08:37 . 2008-07-29 08:37 2679808 c:\windows\Installer\b405320.msp
+ 2008-07-29 09:15 . 2008-07-29 09:15 3697664 c:\windows\Installer\b40531e.msp
+ 2008-07-29 07:34 . 2008-07-29 07:34 1448448 c:\windows\Installer\b40531d.msp
+ 2008-07-29 08:22 . 2008-07-29 08:22 4137984 c:\windows\Installer\b40531c.msp
+ 2008-07-29 07:18 . 2008-07-29 07:18 3376640 c:\windows\Installer\b40531b.msp
+ 2008-07-29 05:45 . 2008-07-29 05:45 2543616 c:\windows\Installer\b3a6ed2.msp
+ 2008-07-29 05:29 . 2008-07-29 05:29 2926080 c:\windows\Installer\b3a6ed1.msp
+ 2008-07-29 05:41 . 2008-07-29 05:41 6487040 c:\windows\Installer\b3a6ed0.msp
+ 2008-07-29 05:39 . 2008-07-29 05:39 3403264 c:\windows\Installer\b3a6ecf.msp
+ 2008-07-29 05:43 . 2008-07-29 05:43 1013248 c:\windows\Installer\b3a6ecd.msp
+ 2008-07-29 05:31 . 2008-07-29 05:31 6083072 c:\windows\Installer\b3a6eca.msp
+ 2008-11-26 05:04 . 2008-11-26 05:04 1396224 c:\windows\Installer\afa9c2.msi
+ 2007-09-10 05:01 . 2007-09-10 05:01 5488640 c:\windows\Installer\a45e1e.msp
+ 2007-07-23 04:40 . 2007-07-23 04:40 9945600 c:\windows\Installer\922a9b.msp
+ 2007-07-24 03:02 . 2007-07-24 03:02 5240320 c:\windows\Installer\922a86.msp
+ 2007-05-21 21:46 . 2007-05-21 21:46 6108672 c:\windows\Installer\922a71.msp
+ 2008-04-29 10:08 . 2008-04-29 10:08 2127872 c:\windows\Installer\87d3fd.msi
+ 2006-09-21 06:07 . 2006-09-21 06:07 3443712 c:\windows\Installer\7a3c2.msi
+ 2007-01-13 04:57 . 2007-01-13 04:57 2211328 c:\windows\Installer\79dc4f.msi
+ 2009-05-03 19:46 . 2009-05-03 19:46 8299008 c:\windows\Installer\667384.msp
+ 2009-05-12 01:01 . 2009-05-12 01:01 6818816 c:\windows\Installer\66737b.msp
+ 2009-04-24 00:30 . 2009-04-24 00:30 2583552 c:\windows\Installer\667366.msp
+ 2009-05-28 00:32 . 2009-05-28 00:32 5518848 c:\windows\Installer\66735c.msp
+ 2009-04-23 05:57 . 2009-04-23 05:57 7672832 c:\windows\Installer\667347.msp
+ 2007-05-24 23:55 . 2007-05-24 23:55 5265408 c:\windows\Installer\5ff55.msp
+ 2007-04-25 03:14 . 2007-04-25 03:14 9828864 c:\windows\Installer\5ff40.msp
+ 2007-11-01 09:33 . 2007-11-01 09:33 1155072 c:\windows\Installer\5e69fd8.msi
+ 2005-10-26 21:59 . 2005-10-26 21:59 2883072 c:\windows\Installer\5dd2a9b.msp
+ 2006-09-06 22:53 . 2006-09-06 22:53 5175808 c:\windows\Installer\5dd2a86.msp
+ 2008-01-30 21:30 . 2008-01-30 21:30 9947648 c:\windows\Installer\5bba04f.msp
+ 2008-02-15 01:57 . 2008-02-15 01:57 5517312 c:\windows\Installer\5766bdc.msp
+ 2008-10-24 20:15 . 2008-10-24 20:15 6227456 c:\windows\Installer\5232adb.msp
+ 2008-10-16 20:03 . 2008-10-16 20:03 5518336 c:\windows\Installer\5232ac6.msp
+ 2007-11-27 07:55 . 2007-11-27 07:55 1453568 c:\windows\Installer\50de1.msi
+ 2007-11-27 07:55 . 2007-11-27 07:55 1868800 c:\windows\Installer\50ddc.msi
+ 2007-11-27 07:53 . 2007-11-27 07:53 2892288 c:\windows\Installer\50dd2.msi
+ 2007-11-27 07:44 . 2007-11-27 07:44 5091840 c:\windows\Installer\50dcd.msi
+ 2007-11-27 07:33 . 2007-11-27 07:33 9278976 c:\windows\Installer\50dc9.msi
+ 2008-07-15 22:39 . 2008-07-15 22:39 5519360 c:\windows\Installer\4a1fac9d.msp
+ 2008-07-07 23:27 . 2008-07-07 23:27 8436736 c:\windows\Installer\4a1fac88.msp
+ 2006-10-12 18:50 . 2006-10-12 18:50 1091584 c:\windows\Installer\41d8ce.msp
+ 2006-10-06 23:15 . 2006-10-06 23:15 5185024 c:\windows\Installer\41d8b2.msp
+ 2007-06-19 03:48 . 2007-06-19 03:48 5247488 c:\windows\Installer\3e756.msp
+ 2007-06-05 02:48 . 2007-06-05 02:48 9944064 c:\windows\Installer\3e741.msp
+ 2008-11-17 00:54 . 2008-11-17 00:54 3443200 c:\windows\Installer\3b67d.msi
+ 2007-09-18 01:18 . 2007-09-18 01:18 5489152 c:\windows\Installer\37f3a.msp
+ 2007-11-15 23:58 . 2007-11-15 23:58 5495296 c:\windows\Installer\36538f.msp
+ 2007-11-07 22:42 . 2007-11-07 22:42 4158464 c:\windows\Installer\36537b.msp
+ 2007-01-24 00:05 . 2007-01-24 00:05 5228544 c:\windows\Installer\355838.msp
+ 2006-12-19 02:42 . 2006-12-19 02:42 6649856 c:\windows\Installer\35580e.msp
+ 2007-01-18 21:46 . 2007-01-18 21:46 6814208 c:\windows\Installer\3557ef.msp
+ 2006-12-17 22:48 . 2006-12-17 22:48 5444096 c:\windows\Installer\3557da.msp
+ 2007-01-23 18:48 . 2007-01-23 18:48 9804800 c:\windows\Installer\3557c5.msp
+ 2007-01-09 21:05 . 2007-01-09 21:05 9921024 c:\windows\Installer\3557b0.msp
+ 2006-11-20 03:37 . 2006-11-20 03:37 6553088 c:\windows\Installer\35579b.msp
+ 2008-04-18 23:25 . 2008-04-18 23:25 3283456 c:\windows\Installer\338a4f4.msi
+ 2008-04-18 23:23 . 2008-04-18 23:23 1635328 c:\windows\Installer\338a4ef.msi
+ 2008-04-18 23:23 . 2008-04-18 23:23 8984576 c:\windows\Installer\338a4ea.msi
+ 2008-04-18 23:20 . 2008-04-18 23:20 2793984 c:\windows\Installer\338a28a.msi
+ 2006-10-18 04:26 . 2006-10-18 04:26 5922816 c:\windows\Installer\3322bc2.msi
+ 2006-09-22 14:30 . 2006-09-22 14:30 7986176 c:\windows\Installer\2da94.msi
+ 2009-06-19 09:37 . 2009-06-19 09:37 4570624 c:\windows\Installer\2b9bfdc.msi
+ 2008-05-14 23:50 . 2008-05-14 23:50 5515776 c:\windows\Installer\2698c20.msp
+ 2008-10-22 09:43 . 2008-10-22 09:43 6820352 c:\windows\Installer\248fe78.msp
+ 2008-10-22 09:48 . 2008-10-22 09:48 7672832 c:\windows\Installer\248fe63.msp
+ 2008-11-05 01:25 . 2008-11-05 01:25 5518336 c:\windows\Installer\248fe4e.msp
+ 2007-01-13 05:37 . 2007-01-13 05:37 1306624 c:\windows\Installer\238c66.msi
+ 2008-06-19 05:28 . 2008-06-19 05:28 1573376 c:\windows\Installer\213a67e.msp
+ 2007-07-21 00:26 . 2007-07-21 00:26 7574016 c:\windows\Installer\213a652.msp
+ 2008-10-19 21:18 . 2008-10-19 21:18 6474240 c:\windows\Installer\213a64b.msp
+ 2006-10-17 03:11 . 2006-10-17 03:11 2447360 c:\windows\Installer\212763.msi
+ 2009-01-14 02:43 . 2009-01-14 02:43 5520384 c:\windows\Installer\20c191.msp
+ 2009-03-20 23:40 . 2009-03-20 23:40 1947648 c:\windows\Installer\1f2038cb.msi
+ 2008-06-11 03:05 . 2008-06-11 03:05 9994240 c:\windows\Installer\1ef750.msp
+ 2008-06-10 02:09 . 2008-06-10 02:09 5517312 c:\windows\Installer\1ef737.msp
+ 2007-11-01 20:30 . 2007-11-01 20:30 7554048 c:\windows\Installer\1e7c43.msp
+ 2006-11-13 23:22 . 2006-11-13 23:22 5248512 c:\windows\Installer\1d41ab.msp
+ 2006-09-11 19:19 . 2006-09-11 19:19 6253056 c:\windows\Installer\1d27b1.msp
+ 2006-09-19 23:13 . 2006-09-19 23:13 8272896 c:\windows\Installer\1d275d.msp
+ 2006-08-16 05:36 . 2006-08-16 05:36 5206528 c:\windows\Installer\1d2733.msp
+ 2006-07-18 00:11 . 2006-07-18 00:11 4578816 c:\windows\Installer\1d271f.msp
+ 2006-02-04 00:00 . 2006-02-04 00:00 9357824 c:\windows\Installer\1d26f3.msp
+ 2006-02-04 00:00 . 2006-02-04 00:00 4008448 c:\windows\Installer\1d26f2.msp
+ 2008-12-08 08:35 . 2008-12-08 08:35 6425600 c:\windows\Installer\1d06a9.msi
+ 2008-03-16 05:11 . 2008-03-16 05:11 5512704 c:\windows\Installer\1cef233.msp
+ 2008-03-15 07:16 . 2008-03-15 07:16 1539072 c:\windows\Installer\1bd1817.msi
+ 2008-05-19 06:29 . 2008-05-19 06:29 3236352 c:\windows\Installer\19b91.msi
+ 2008-08-14 03:01 . 2008-08-14 03:01 5517312 c:\windows\Installer\191b426.msp
+ 2009-04-06 05:00 . 2009-04-06 05:00 5518336 c:\windows\Installer\183782c8.msp
+ 2007-11-02 06:16 . 2007-11-02 06:16 1229824 c:\windows\Installer\166c57.msi
+ 2008-05-06 11:22 . 2008-05-06 11:22 7974912 c:\windows\Installer\116d769.msi
+ 2008-05-05 10:56 . 2008-05-05 10:56 5198848 c:\windows\Installer\100e9b6.msi
+ 2008-04-29 10:08 . 2008-11-17 00:51 5913088 c:\windows\Downloaded Installations\{0B582256-ADA3-4E85-99B9-02DB734B2BD2}\Sentinel Protection Installer 7.3.2.msi
+ 2006-10-06 00:17 . 2002-07-02 04:38 1325568 c:\windows\$NtServicePackUninstall$\webfldrs.msi
+ 2009-02-25 07:07 . 2009-02-25 07:07 11646464 c:\windows\Installer\f75db34.msp
+ 2008-01-14 02:24 . 2008-01-14 02:24 10721280 c:\windows\Installer\f4e85d.msp
+ 2008-01-14 03:50 . 2008-01-14 03:50 11887104 c:\windows\Installer\f4e848.msp
+ 2006-10-06 14:33 . 2006-10-06 14:33 21034496 c:\windows\Installer\ef411b.msi
+ 2008-04-14 02:26 . 2008-04-14 02:26 11888128 c:\windows\Installer\b7dd759.msp
+ 2009-06-14 10:32 . 2009-06-14 10:32 12904960 c:\windows\Installer\b419310.msi
+ 2008-08-13 01:49 . 2008-08-13 01:49 11816960 c:\windows\Installer\9c50d.msp
+ 2007-04-30 21:29 . 2007-04-30 21:29 10994688 c:\windows\Installer\5ff6a.msp
+ 2005-08-08 21:22 . 2005-08-08 21:22 48783360 c:\windows\Installer\5dd2a70.msp
+ 2008-01-30 20:45 . 2008-01-30 20:45 11565056 c:\windows\Installer\5766c07.msp
+ 2008-02-29 09:09 . 2008-02-29 09:09 16907776 c:\windows\Installer\5766bf2.msp
+ 2008-07-07 22:09 . 2008-07-07 22:09 11887616 c:\windows\Installer\4a1facb2.msp
+ 2008-06-30 21:25 . 2008-06-30 21:25 11814912 c:\windows\Installer\4a1fac4a.msp
+ 2008-03-16 23:48 . 2008-03-16 23:48 11813888 c:\windows\Installer\4727945.msp
+ 2007-07-13 22:50 . 2007-07-13 22:50 15256576 c:\windows\Installer\3e72d.msp
+ 2007-01-18 01:29 . 2007-01-18 01:29 10978816 c:\windows\Installer\355823.msp
+ 2008-10-19 21:22 . 2008-10-19 21:22 11758592 c:\windows\Installer\213a68e.msp
+ 2008-08-10 22:51 . 2008-08-10 22:51 15916544 c:\windows\Installer\213a686.msp
+ 2008-08-10 22:49 . 2008-08-10 22:49 22457344 c:\windows\Installer\213a675.msp
+ 2008-09-23 23:05 . 2008-09-23 23:05 16381440 c:\windows\Installer\213a66d.msp
+ 2007-10-14 10:33 . 2007-10-14 10:33 26646016 c:\windows\Installer\213a666.msp
+ 2006-09-13 05:44 . 2006-09-13 05:44 13737984 c:\windows\Installer\1d279c.msp
+ 2006-09-19 18:23 . 2006-09-19 18:23 12292096 c:\windows\Installer\1d2787.msp
+ 2006-09-12 23:59 . 2006-09-12 23:59 14482944 c:\windows\Installer\1d2772.msp
+ 2006-09-27 21:28 . 2006-09-27 21:28 10256384 c:\windows\Installer\1d2748.msp
+ 2006-10-28 22:18 . 2006-10-28 22:18 19210240 c:\windows\Installer\1d26cf.msp
+ 2008-07-29 20:50 . 2008-07-29 20:50 12506112 c:\windows\Installer\191b451.msp
+ 2008-06-04 01:29 . 2008-06-04 01:29 16905728 c:\windows\Installer\191b43c.msp
+ 2007-08-09 08:12 . 2007-08-09 08:12 10237952 c:\windows\Installer\137990.msi
+ 2006-09-22 14:51 . 2006-09-22 14:51 54668800 c:\windows\Downloaded Installations\{91C8C962-0850-4C84-9597-56BAE1BD614F}\Client Security Solution.msi
+ 2006-10-06 13:02 . 2007-06-10 23:57 90358784 c:\windows\Downloaded Installations\{624FE5AF-1F31-404F-A9CC-3D451530446A}\Rescue and Recovery - Client Security Solution.msi
+ 2006-10-17 06:48 . 2006-10-17 06:48 82264576 c:\windows\Downloaded Installations\{462CED12-459C-4FC5-8BF0-AB6D4B18F9E5}\Rescue and Recovery.msi
+ 2007-01-13 04:56 . 2007-01-13 04:56 17034240 c:\windows\Downloaded Installations\{25D23AE7-0A18-4894-A076-024E544772BA}\ACDSee for PENTAX 2.0.msi
+ 2007-07-26 21:03 . 2007-07-26 21:03 119977472 c:\windows\Installer\2072b83.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\documents and settings\NICKATTACK\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-2-13 493832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-6 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI5"=diomidi.dll
"wave5"=Digi32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli csspwntfy

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^NICKATTACK^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\NICKATTACK\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^NICKATTACK^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\NICKATTACK\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [8/21/2006 8:04 PM 6912]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [9/21/2006 6:21 PM 58568]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [9/21/2006 6:21 PM 15360]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [4/29/2008 10:09 PM 11776]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [8/21/2006 8:44 PM 12544]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 5:36 PM 86016]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/16/2005 8:11 AM 46142]
R2 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [9/21/2006 6:21 PM 4433]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/21/2006 8:10 PM 3968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 koreavs;koreavs;c:\windows\system32\drivers\koreavs.sys [6/14/2007 9:20 PM 25088]
S3 koreusb;koreusb;c:\windows\system32\drivers\koreusb.sys [6/14/2007 9:20 PM 82944]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [5/29/2008 11:38 PM 30946]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [7/15/2006 11:37 AM 14336]
S3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [7/10/2007 9:06 PM 55840]
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2006-09-21 08:36]

2009-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-12 09:42]

2009-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 06:20]

2009-07-03 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-22 01:22]

2006-09-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-09-21 00:17]

2009-07-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 10:18]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{A93A4625-6216-499C-B360-BBD0A7C0D479} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.cn/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\NICKATTACK\Application Data\Mozilla\Firefox\Profiles\f1sqrupv.default\
FF - prefs.js: browser.startup.homepage - www.blackle.co.nz
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 15:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(872)
c:\program files\IBM ThinkVantage\Client Security Solution\csspwntfy.dll
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtsp.dll
c:\program files\IBM ThinkVantage\Client Security Solution\tcsrpc.dll
c:\program files\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll

- - - - - - - > 'explorer.exe'(6648)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\TpShocks.exe
c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
c:\program files\Common Files\Symantec Shared\CCAPP.EXE
c:\program files\IBM\Messages By IBM\ibmmessages.exe
c:\windows\system32\dla\tfswctrl.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpScrLk.exe
c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
c:\program files\QuickTime\QTTask.exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\program files\Logitech\QuickCam\Quickcam.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2009-07-10 15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 03:51
ComboFix2.txt 2009-06-21 13:30
ComboFix3.txt 2009-06-18 23:49

Pre-Run: 3,112,116,224 bytes free
Post-Run: 3,092,439,040 bytes free

508 --- E O F --- 2009-07-10 02:48


---------------------------------------------------------------------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, July 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 10, 2009 10:32:24
Records in database: 2456303
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 157837
Threat name: 23
Infected objects: 49
Suspicious objects: 0
Duration of the scan: 03:02:33


File name / Threat name / Threats count
C:\Documents and Settings\NICKATTACK\Desktop\back from celia's comp\nd\disk.exe Infected: Trojan-Downloader.Win32.VB.hup 1
C:\Documents and Settings\NICKATTACK\Desktop\back from celia's comp\nd\nick's folder.exe Infected: Trojan-Downloader.Win32.VB.hup 1
C:\Program Files\Common Files\Microsoft Shared\MSInfo\ATMQQ2.DLL.del Infected: Trojan-PSW.Win32.QQPass.ajx 1
C:\Program Files\Common Files\Microsoft Shared\MSInfo\QQGS1.DLL.del Infected: Trojan-PSW.Win32.QQPass.zu 1
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Program Files\Internet Explorer\IEXPLORE32.DAT.del Infected: Trojan-Spy.Win32.Delf.cis 1
C:\Program Files\Internet Explorer\IEXPLORE32.SYS.del Infected: Trojan-Spy.Win32.Delf.cis 1
C:\Program Files\Internet Explorer\IEXPLORE32.WIN.del Infected: Trojan-Spy.Win32.Delf.cit 1
C:\Program Files\Norton AntiVirus\Quarantine\1E3235BB Infected: Trojan-Downloader.Win32.IstBar.ja 1
C:\Program Files\Norton AntiVirus\Quarantine\1E3235BB Infected: Trojan-Downloader.Win32.IstBar.nn 1
C:\Program Files\Norton AntiVirus\Quarantine\1F0E7C3C Infected: not-a-virus:AdWare.Win32.CommonName.b 1
C:\Qoobox\Quarantine\C\DOCUME~1\NICKAT~1\LOCALS~1\Temp\E_4\eAPI.fne.vir Infected: Trojan.Win32.Agent.aueo 1
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\PLUGINS\SysWin74.Jmp.vir Infected: Trojan-PSW.Win32.QQPass.afp 1
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\PLUGINS\WINSYS84.SYS.del.vir Infected: Trojan-PSW.Win32.QQPass.afp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\5599.EXE.vir Infected: Trojan-Downloader.Win32.Small.agqg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eAPI.fne.vir Infected: Trojan.Win32.Agent.aueo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\meex.com.vir Infected: Worm.Win32.AutoRun.dfq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\XP-04C704A7.EXE.vir Infected: Trojan-Downloader.Win32.VB.hup 1
C:\Qoobox\Quarantine\G\autorun.inf.vir Infected: Trojan-Downloader.Win32.VB.eql 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Worm.Win32.AutoRun.dfq 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan.Win32.FlyStudio.iw 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan.Win32.Agent.aiqt 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan.Win32.Agent.akwn 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan.Win32.Agent.anri 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan.Win32.Agent.aowz 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan.Win32.Agent.aqyc 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan-Downloader.Win32.Small.agqg 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan.Win32.Agent.atsm 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan.Win32.Agent2.fbg 1
C:\Qoobox\Quarantine\[4]-Submit_2009-07-10_15.05.00.zip Infected: Trojan.Win32.FlyStudio.ix 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP801\A0131413.EXE Infected: Trojan-Downloader.Win32.VB.hup 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP801\A0131414.EXE Infected: Trojan-Downloader.Win32.VB.hup 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP801\A0131415.EXE Infected: Trojan-Downloader.Win32.VB.hup 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP801\A0131416.EXE Infected: Trojan-Downloader.Win32.VB.hup 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP801\A0131417.EXE Infected: Trojan-Downloader.Win32.VB.hup 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP801\A0131418.EXE Infected: Trojan-Downloader.Win32.VB.hup 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP801\A0131419.EXE Infected: Trojan-Downloader.Win32.VB.hup 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP801\A0131420.EXE Infected: Trojan-Downloader.Win32.VB.hup 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP803\A0131557.com Infected: Worm.Win32.AutoRun.dfq 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP803\A0131560.EXE Infected: Trojan-Downloader.Win32.VB.hup 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP803\A0131567.EXE Infected: Trojan-Downloader.Win32.Small.agqg 1
C:\WINDOWS\system32\2CDCF0.EXE Infected: Trojan.Win32.Agent.anri 1
C:\WINDOWS\system32\83FCCE7.EXE Infected: Trojan.Win32.Agent.aqyc 1
C:\WINDOWS\system32\8AC8571.EXE Infected: Trojan.Win32.Agent.atsm 1
C:\WINDOWS\system32\AN7B22C.EXE Infected: Trojan.Win32.Agent2.fbg 1
C:\WINDOWS\system32\AP7B22C.EXE Infected: Trojan.Win32.FlyStudio.iw 1
C:\WINDOWS\system32\BP7B22C.EXE Infected: Trojan.Win32.FlyStudio.ix 1
C:\WINDOWS\system32\GWTHTIS.EXE.del Infected: Worm.Win32.AutoRun.dfq 1
C:\WINDOWS\system32\SYBQNUB.EXE.del Infected: Worm.Win32.AutoRun.dfq 1

The selected area was scanned.
niksgt is offline