USB memory stick infected, files inaccessible [Moved]

billermo · 08-23-2007, 11:48 PM

A few days ago my memory stick was used by a co-worker to save some files from another computer. When it came back to me, it was obviously infected with some kind of virus.

I have done a number of things:

1. deleted many .exe files that had been saved to look like folders (the folders have been hidden somehow, some way other than Hide Folders)

2. ran McAfee Virus Scan on the memory stick and it did not find anything.

3. AVG free anti-virus: nothing

4. Anti-spyware programs: Spybot, Spywareblaster, SuperAnti-Spyware, AdAware, Spyware Doctor -- all show nothing.

Just to be clear: if there was a folder before that was named "Photos", now instead there was a .EXE file with the name Photos.exe. I use Display Extensions, so it was immediately obvious to me the virus had replaced my folders with itself. All the file sizes of these .exe files were exactly 230K. There were about 10 folders replaced this way, which was all of them.

Now in the past when a similar virus has infected my USB, all I needed to do was scan it with McAfee, which would kill the virus one file at a time, and then after that go to Explore, Tools, Folder Options, View, choose Show Hidden Files and Folders (the virus had selected Do Not Show Hidden Files and Folders). All the old folders, which had been hidden, would then reappear.

This time when I do that, the lost folders don't reappear.

My first reaction was that they had been deleted by the virus.

However, when I go to Explorer and right click on my USB memory stick drive (it shows up as drive E there), it shows 170mb used, 330 free on the memory stick. I only had about 3mb of files left on this memory stick after deleting all the .exe files. As a double-check, I also deleted everything else that was still left on the USB memory stick, so there should be nothing left, totally empty. Well, no. Now when I right-click on the USB in Windows Explorer, it shows 167mb used. I think that the files were hidden on the USB in some new way that is not just hidden folders. The virus may also have hidden itself in there , but that's just speculation.

Any ideas how to fix this ? Any help would be appreciated.
I should tell you that I already sought advice on another tech forum, and they just suggested trying 2 programs called Flash Disinfector and ClamWin, neither of which had any effect.

At this point, the main problem is that the files on the memory stick are not accessible. The virus has hidden them in some way other than Hide Files and Folders in Windows Explorer.

At my job, I was able to 'explore' the memory stick using ACDSee's built-in explorer feature - and was able to see that the old folders at least are still there. Later when I scanned it at home using ClamWin, as it scanned I saw that it was scanning many of the old files I had on there. SO... the files and folders are still there. Just not accessible.

So if you offer some help, please first address this one of how to access the hidden files and folders and not how to run different kinds of anti-virus software. If this behaves the way the previous virus did, then deleting those .exe files got rid of the virus already. Also, I think whatever is preventing Windows Explorer or most other programs from exploring the USB stick probably will also likely prevent any anti-virus/spyware software from accessing the concealed files and folders.

The other forum where I asked about this seems to be stumped -- nobody is replying anymore about it at this point.

THanks for any help
Billermo

billermo · 08-23-2007, 11:52 PM

One more clue: I was able to use ACDSee to COPY the contents of the USB Memory stick via ACDSee and paste them into a new folder on the desktop. That worked to a degree. If I right click on that folder it shows it contains 167mb. However if I open it, nothign appears to be inside it.

In this case and in every case above, I have already tried goign into Windows Explorer: Tools: Folder Options: View: Show Hidden Files and Folders and clicked Apply and OK. Doing that has had no effect. Everythign remains hidden.

Ried · 08-24-2007, 08:48 PM

Hello billermo,

Sorry, you'll need to run a program to clean this--you have a very specific infection and a specialized tool is needed. Unless you rid this usb stick of the infection, you will spread it to whatever system you plug it into.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Insert the infected USB stick.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply so we can continue the cleansing process.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

-------------------------------------------------------------------

Please download HijackThis to your desktop - this program will help us determine if there are any spyware/malware on your computer.

Alternate link

Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.

Double-click on the file you just downloaded.
Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

If it gives you an intro screen, just choose 'Do a system scan and save a log file'.
If not, run a scan and save the log file.
[b]Do not fix any entries in HijackThis since many are harmless.

billermo · 08-24-2007, 10:18 PM

OK I just did exactly as directed above. The first thing I must mention is that the USB memory stick is in the same bad condition. The folders and files on the USB can't be seen. Only the ClamWin program I put on the memory stick can be seen.

I'm going to post the log files next for the ComboFix and HijackThis scans next, as you asked.

But I have to first ask, do you have any idea how these folders and files are being hidden? Or if there is some way to address THAT part of the problem? Note that the folders and files were copied from the USB onto a WinXP desktop, and even there they remained hidden and couldn't be unhidden.

I want to emphasize that I posted to solve this USB problem. If it turns out that my computer is clean, that is great, but I do still want to fix the USB stick.

OK here first is the ComboFix log.... (I'll post HijackThis log in separate reply)

ComboFix 07-08-25.2 - "Bill" 2007-08-25 10:09:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.411 [GMT 7:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Bill\APPLIC~1\microsoft\internet explorer\quick launch\intern~1.lnk

((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))

2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller
2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc
2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf
2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO
2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
2007-08-22 15:44 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com
2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE
2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle
2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner
2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE
2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile
2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc
2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 06:53 --------- d-------- C:\Program Files\eMule
2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight
2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio
2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-13 00:19 --------- d-------- C:\Program Files\Dell
2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG
2007-08-08 22:11 --------- d-------- C:\Program Files\RGB
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp
2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo!
2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire
2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit
2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager
2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys
2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58]
"nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 0033661187778336mcinstcleanup;McAfee Application Installer Cleanup (0033661187778336);C:\WINDOWS\TEMP\003366~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42ac2d46-a0b0-11db-9c62-001422e76503}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55cc97c-b35f-11da-9a89-001422e76503}]
AutoRun\command- fim.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}]
AutoRun\command- E:\LaunchU3.exe

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 10:14:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 10:15:54
C:\ComboFix-quarantined-files.txt ... 2007-08-25 10:15

--- E O F ---

billermo · 08-24-2007, 10:29 PM

Now here is the HijackThis log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:19 AM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\MSC\mcshell.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF4F84D-F3CC-42E3-AACB-6F9A89B01492}: NameServer = 210.245.31.130,210.245.31.10
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0033661187778336) (0033661187778336mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\003366~1.EXE (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12304 bytes

Ried · 08-24-2007, 10:40 PM

Quote:

I want to emphasize that I posted to solve this USB problem. If it turns out that my computer is clean, that is great, but I do still want to fix the USB stick.

That is exactly what I'm doing here--note I had asked you to insert the USB stick.

Quote:

folders and files were copied from the USB onto a WinXP desktop

Please delete those from the desktop.

***************************************************

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Insert the USB stick.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
E:\autorun.inf
E:\RavmonE.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42ac2d46-a0b0-11db-9c62-001422e76503}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55cc97c-b35f-11da-9a89-001422e76503}]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post the C:\ComboFix.txt

Can you see those files/folders on the stick yet?

billermo · 08-25-2007, 12:06 AM

OK I have completed this.

The answer is that No, the files/folders are still not visible after having run this script. Properties on the disk still shows that it contains 167mb, but only the ClamWin folder appears when you Explore it.

Here is the latest log:

[just deleted this log since it was log.txt and not the combofix.txt file you requested I post.... see new reply below for the correct log]

billermo · 08-25-2007, 12:18 AM

Wait, sorry, I just made a mistake and posted the new Log.txt but you wanted me to post Combofix.txt. Let me do that now....

(incidentally, 2 appear under C:/ -- one is Combofix.txt and also Combofix2.txt. I'm posting the later one, Combofix.txt)

ComboFix 07-08-25.2 - "Bill" 2007-08-25 12:45:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.448 [GMT 7:00]
Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt
* Created a new restore point

FILE::
E:\autorun.inf
E:\RavmonE.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Bill\APPLIC~1\microsoft\internet explorer\quick launch\intern~1.lnk

((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))

2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller
2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc
2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf
2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO
2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com
2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE
2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle
2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner
2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE
2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile
2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc
2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 06:53 --------- d-------- C:\Program Files\eMule
2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight
2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio
2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-13 00:19 --------- d-------- C:\Program Files\Dell
2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG
2007-08-08 22:11 --------- d-------- C:\Program Files\RGB
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp
2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo!
2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire
2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit
2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager
2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys
2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58]
"nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 0033661187778336mcinstcleanup;McAfee Application Installer Cleanup (0033661187778336);C:\WINDOWS\TEMP\003366~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55cc97c-b35f-11da-9a89-001422e76503}]
AutoRun\command- fim.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}]
AutoRun\command- E:\LaunchU3.exe

*Newly Created Service* - 0033661187778336MCINSTCLEANUP
*Newly Created Service* - SCDEMU

Contents of the 'Scheduled Tasks' folder
2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 12:49:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 12:51:06
C:\ComboFix-quarantined-files.txt ... 2007-08-25 12:50
C:\ComboFix2.txt ... 2007-08-25 10:15

--- E O F ---

Ried · 08-25-2007, 12:29 AM

You did fine with the first log you posted. And yes, I'm aware there will be 2 ComboFix files on C:\ . After this next run, there will be 3.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Insert USB stick
---------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
E:\fim.exe
E:\setup.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55cc97c-b35f-11da-9a89-001422e76503}]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Once again, post the C:\ComboFix.txt and provide an update on file access.

billermo · 08-25-2007, 01:22 AM

OK I just did it again.

Still can not access the files or folders on the USB memory stick.

Here is the new ComboFix.txt file:

ComboFix 07-08-25.2 - "Bill" 2007-08-25 14:04:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.437 [GMT 7:00]
Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt
* Created a new restore point

FILE::
E:\fim.exe
E:\setup.exe

((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))

2007-08-25 13:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-08-25 13:11 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DNA
2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller
2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc
2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf
2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO
2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com
2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE
2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle
2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner
2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE
2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile
2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc
2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 13:26 --------- d-------- C:\Program Files\eMule
2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight
2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio
2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-13 00:19 --------- d-------- C:\Program Files\Dell
2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG
2007-08-08 22:11 --------- d-------- C:\Program Files\RGB
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp
2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo!
2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire
2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit
2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager
2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys
2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58]
"nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-08-25 13:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 0033661187778336mcinstcleanup;McAfee Application Installer Cleanup (0033661187778336);C:\WINDOWS\TEMP\003366~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}]
AutoRun\command- E:\LaunchU3.exe

Contents of the 'Scheduled Tasks' folder
2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 14:07:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 14:08:45
C:\ComboFix-quarantined-files.txt ... 2007-08-25 14:08
C:\ComboFix2.txt ... 2007-08-25 12:51
C:\ComboFix3.txt ... 2007-08-25 10:15

--- E O F ---

Ried · 08-25-2007, 08:31 AM

Same as before...

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Insert USB stick.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
C:\autorun.inf

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Next, open Notepad and copy/paste the text below into it:

@echo off
vfind -l E:\* >"%tmp%\log.txt"
start notepad "%tmp%\log.txt"
exit

Save this as look.bat Choose to "Save type as - All Files"
It should look like this:

Double click on look.bat & allow it to run.

Post the contents of that report along with the C:\ComboFix.txt

billermo · 08-25-2007, 09:44 AM

In this post, the log file from look.bat....

d-sh--w 0 2007-04-04 05:32:00 E:\IELTS General
d-sha-r 0 2007-08-23 15:17:00 E:\autorun.inf
d-sh--w 0 2007-03-22 06:14:14 E:\Nice House
d-sh--w 0 2006-08-22 03:19:02 E:\Inter - AM
d-----w 0 2007-08-23 15:50:28 E:\ClamWinPortable
d-sh--w 0 2007-04-04 05:24:44 E:\IELTS Reading
d-sh--w 0 2007-04-04 05:12:08 E:\SIC
d-sh--w 0 2006-10-20 14:26:28 E:\IELTS First Night
d-sh--w 0 2007-04-04 05:13:42 E:\Games
d-sh--w 0 2007-04-04 05:13:24 E:\IELTS Speaking
d-sh--w 0 2007-07-16 03:24:54 E:\American Culture
d-sh--w 0 2007-03-28 16:50:02 E:\Flea Power
d-sh--w 0 2007-04-04 05:14:20 E:\IELTS Writing
d-sh--w 0 2007-04-04 05:14:46 E:\IELTS Listening
d-sh--w 0 2007-08-15 06:07:06 E:\Laptop Programs
d-sh--w 0 2007-06-03 06:54:52 E:\Nicehouse Site
d-sh--w 0 2006-10-20 14:22:30 E:\Scripts
d-sh--w 0 2006-10-20 14:29:18 E:\Lyrics
d-sh--w 0 2006-10-20 14:30:28 E:\Odds & Ends
----a-w 49,152 2006-07-31 17:14:10 E:\IELTS General\Writing Criteria.doc
----a-w 36,352 2006-05-14 09:14:10 E:\IELTS General\Academic Synonyms.doc
----a-w 54,784 2006-09-11 03:31:06 E:\IELTS General\Answer Sheet.doc
----a-w 56,320 2006-07-27 03:48:30 E:\IELTS General\Answer Sheet BW.doc
----a-w 70,144 2006-06-01 10:17:20 E:\IELTS General\Class Sheet.xls
----a-w 58,368 2006-07-15 05:05:26 E:\IELTS General\Email list.doc
----a-w 3,345,920 2006-02-17 19:34:34 E:\IELTS General\IELTS Excel.doc
----a-w 51,712 2006-12-04 18:21:28 E:\IELTS General\Test Scores Sheet.doc
----a-w 46 2007-08-23 15:17:00 E:\autorun.inf\Who created this folder.txt
----a-w 5,447 2007-03-22 05:55:52 E:\Nice House\index.html
----a-w 9,168 2007-03-22 05:55:22 E:\Nice House\NiceHouse REAL ESTATE.htm
d-----w 0 2007-03-22 06:14:34 E:\Nice House\NiceHouse REAL ESTATE_files
----a-w 5,563 2007-03-22 05:40:44 E:\Nice House\index.htm
----a-w 23,040 2007-01-12 22:01:18 E:\Nice House\Nice House promotion.doc
----a-w 278 2007-03-21 06:36:24 E:\Nice House\NiceHouse REAL ESTATE_files\cornertr.gif
----a-w 68,168 2007-03-21 06:36:28 E:\Nice House\NiceHouse REAL ESTATE_files\dwellings.jpg
----a-w 13,824 2007-03-21 06:36:26 E:\Nice House\NiceHouse REAL ESTATE_files\nicehouse.gif
----a-w 26,624 2007-08-21 14:02:24 E:\Inter - AM\BUI LE QUANG THIEN-INTER IELTS.doc
----a-w 26,624 2007-08-22 01:59:32 E:\Inter - AM\DANG HUY QUOC ANH.doc
----a-w 21,504 2005-08-22 02:05:54 E:\Inter - AM\DAO THI HOANG YEN-INTER-IELTS.doc
----a-w 25,600 2007-08-22 01:56:58 E:\Inter - AM\DUONG HIEU LIEM.doc
----a-w 21,504 2007-08-22 02:04:24 E:\Inter - AM\Essay Writting @ LE Q HUY.doc
----a-w 27,136 2006-08-22 02:05:50 E:\Inter - AM\HAI MINH- INTER.doc
----a-w 25,600 2007-08-22 02:00:24 E:\Inter - AM\Hai_Ha.doc
----a-w 25,600 2006-08-22 02:02:50 E:\Inter - AM\HoLeMinhNhat_InterAM.doc
----a-w 20,992 2007-08-22 02:04:50 E:\Inter - AM\Huynh Mai Thi_inter IELTS(am).doc
----a-w 25,600 2007-08-22 02:14:20 E:\Inter - AM\LuuNgocHanh_IELTS_Inter(Morning).doc
----a-w 25,600 2006-08-22 02:00:34 E:\Inter - AM\Nguyen Bao-intermediate.doc
----a-w 22,016 2007-08-22 02:01:48 E:\Inter - AM\nguyen hoai nam phuong.doc
----a-w 25,600 2007-08-22 02:04:36 E:\Inter - AM\Nguyen Phuoc Dai Loc.doc
----a-w 25,088 2006-08-22 03:03:32 E:\Inter - AM\Nguyen Thi Cam Giang-Ielts inter.doc
----a-w 21,504 2005-08-22 02:07:54 E:\Inter - AM\Nhung.doc
----a-w 26,624 2007-08-22 01:59:20 E:\Inter - AM\NQMAI Inter Mor.doc
----a-w 26,112 2006-08-22 02:11:16 E:\Inter - AM\Pham Linh Chi_ Inter Am.doc
----a-w 25,088 2007-08-21 13:58:22 E:\Inter - AM\Pham Nguyen Quynh Nhu.doc
----a-w 26,624 2007-08-22 02:01:52 E:\Inter - AM\QuanDuyMinh.doc
----a-w 26,112 2006-08-22 02:04:50 E:\Inter - AM\thanhloan-interclass.doc
----a-w 25,600 2006-08-22 02:09:28 E:\Inter - AM\Tran Thi Anh Tuyet.IELTS,Intermediate.doc
----a-w 26,112 2007-08-22 01:57:12 E:\Inter - AM\Vu Nguyen Giang Huong Intermediate IELTS ( morning ).doc
----a-w 25,600 2007-08-22 01:59:10 E:\Inter - AM\Vuong Chinh Loan_Intermediate IELTS(am).doc
----a-w 110,707 2007-07-25 18:25:32 E:\ClamWinPortable\ClamWinPortable.exe
----a-w 8,312 2007-07-25 18:31:52 E:\ClamWinPortable\help.html
d-----w 0 2007-08-23 15:50:32 E:\ClamWinPortable\App
d-----w 0 2007-08-23 15:55:00 E:\ClamWinPortable\Data
d-----w 0 2007-08-23 15:55:00 E:\ClamWinPortable\Other
d-----w 0 2007-08-23 15:50:34 E:\ClamWinPortable\App\AppInfo
d-----w 0 2007-08-23 15:50:36 E:\ClamWinPortable\App\DefaultData
d-----w 0 2007-08-23 15:50:38 E:\ClamWinPortable\App\clamwin
----a-w 23,558 2006-08-09 15

36 E:\ClamWinPortable\App\AppInfo\appicon.ico
----a-w 541 2007-07-25 18:32:04 E:\ClamWinPortable\App\AppInfo\appinfo.ini
d-----w 0 2007-08-23 15:50:36 E:\ClamWinPortable\App\DefaultData\settings
----a-w 1,310 2007-07-25 18:29:58 E:\ClamWinPortable\App\DefaultData\settings\ClamWin.conf
d-----w 0 2007-08-23 15:50:40 E:\ClamWinPortable\App\clamwin\bin
d-----w 0 2007-08-23 15:52:34 E:\ClamWinPortable\App\clamwin\lib
----a-w 40,448 2007-07-23 06:17:20 E:\ClamWinPortable\App\clamwin\bin\ClamTray.exe
----a-w 32,768 2007-07-23 06:17:20 E:\ClamWinPortable\App\clamwin\bin\ClamWin.exe
----a-w 522 2005-09-23 02:22:40 E:\ClamWinPortable\App\clamwin\bin\Microsoft.VC80.CRT.manifest
----a-w 24,576 2007-07-25 18:28:52 E:\ClamWinPortable\App\clamwin\bin\ScheduledScans
----a-w 31,232 2007-07-23 06:17:20 E:\ClamWinPortable\App\clamwin\bin\WClose.exe
----a-w 68,096 2007-07-18 19:01:44 E:\ClamWinPortable\App\clamwin\bin\clamscan.exe
----a-w 92,160 2007-07-22 16:09:54 E:\ClamWinPortable\App\clamwin\bin\freshclam.exe
----a-w 287,744 2007-07-18 19:01:16 E:\ClamWinPortable\App\clamwin\bin\libclamav.dll
----a-w 275,463 2007-07-18 16:43:58 E:\ClamWinPortable\App\clamwin\bin\manual.chm
----a-w 461,926 2007-07-18 16:43:58 E:\ClamWinPortable\App\clamwin\bin\manual_en.pdf
----a-w 479,232 2005-09-23 09:56:36 E:\ClamWinPortable\App\clamwin\bin\msvcm80.dll
----a-w 548,864 2005-09-23 02:05:58 E:\ClamWinPortable\App\clamwin\bin\msvcp80.dll
----a-w 626,688 2005-09-23 02:05:58 E:\ClamWinPortable\App\clamwin\bin\msvcr80.dll
----a-w 18,432 2007-05-03 06:03:48 E:\ClamWinPortable\App\clamwin\bin\pthreadVC2.dll
----a-w 368,640 2005-02-08 20:23:10 E:\ClamWinPortable\App\clamwin\bin\python23.dll
----a-w 131,584 2007-07-18 19:01:28 E:\ClamWinPortable\App\clamwin\bin\sigtool.exe
----a-w 3,584 2004-05-26 00:18:30 E:\ClamWinPortable\App\clamwin\bin\w9xpopen.exe
d-----w 0 2007-08-23 15:52:14 E:\ClamWinPortable\App\clamwin\bin\img
----a-w 13,492 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\Clam.png
----a-w 7,476 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\ClamAV.png
----a-w 898 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\Control.png
----a-w 2,531 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\FD-logo.png
----a-w 23,558 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\FrameIcon.ico
----a-w 597 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\ListScan.png
----a-w 1,077 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\PythonPowered.gif
----a-w 1,542 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\Scan.png
----a-w 1,378 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\ScanMem.png
----a-w 113,568 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\Splash.bmp
----a-w 5,724 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\Support.png
----a-w 5,709 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\Title.png
----a-w 2,862 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\TrayIcon.ico
----a-w 1,985 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\World.png
----a-w 3,382 2007-02-16 18:47:44 E:\ClamWinPortable\App\clamwin\bin\img\netfarm.png
----a-w 262,656 2004-05-26 00:17:14 E:\ClamWinPortable\App\clamwin\lib\_bsddb.pyd
----a-w 16,896 2004-05-26 00:18:20 E:\ClamWinPortable\App\clamwin\lib\_socket.pyd
----a-w 18,432 2004-05-26 00:18:28 E:\ClamWinPortable\App\clamwin\lib\_sre.pyd
----a-w 196,608 2004-05-26 00:18:42 E:\ClamWinPortable\App\clamwin\lib\_ssl.pyd
----a-w 11,264 2004-05-26 00:20:30 E:\ClamWinPortable\App\clamwin\lib\_winreg.pyd
----a-w 1,775,622 2007-07-25 18:13:06 E:\ClamWinPortable\App\clamwin\lib\clamwin.zip
----a-w 17,408 2004-05-26 00:19:32 E:\ClamWinPortable\App\clamwin\lib\datetime.pyd
----a-w 12,800 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\exchange.pyd
----a-w 11,264 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\exchdapi.pyd
----a-w 71,168 2003-10-01 16:40:38 E:\ClamWinPortable\App\clamwin\lib\gizmosc.pyd
----a-w 35,840 2003-10-01 16:40:02 E:\ClamWinPortable\App\clamwin\lib\htmlc.pyd
----a-w 23,552 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\mapi.pyd
----a-w 17,920 2003-08-10 12:14:40 E:\ClamWinPortable\App\clamwin\lib\mxDateTime.pyd
----a-w 104,960 2004-10-11 23:22:18 E:\ClamWinPortable\App\clamwin\lib\pythoncom23.dll
----a-w 40,960 2004-10-11 23:21:26 E:\ClamWinPortable\App\clamwin\lib\pywintypes23.dll
----a-w 29,184 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\shell.pyd
----a-w 169,984 2004-05-26 00:20:20 E:\ClamWinPortable\App\clamwin\lib\unicodedata.pyd
----a-w 3,584 2004-05-26 00:18:30 E:\ClamWinPortable\App\clamwin\lib\w9xpopen.exe
----a-w 21,504 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\win32api.pyd
----a-w 6,656 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\win32clipboard.pyd
----a-w 5,632 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\win32event.pyd
----a-w 20,992 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\win32file.pyd
----a-w 25,088 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\win32gui.pyd
----a-w 7,680 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\win32pipe.pyd
----a-w 11,264 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\win32process.pyd
----a-w 19,456 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\win32security.pyd
----a-w 5,632 2004-11-20 06:27:54 E:\ClamWinPortable\App\clamwin\lib\win32trace.pyd
----a-w 366,592 2003-10-01 16:40:00 E:\ClamWinPortable\App\clamwin\lib\wxc.pyd
----a-w 1,475,072 2003-10-01 14:43:02 E:\ClamWinPortable\App\clamwin\lib\wxmsw24h.dll
----a-w 23,552 2004-05-26 00:20:46 E:\ClamWinPortable\App\clamwin\lib\zlib.pyd
d-----w 0 2007-08-23 16:04:36 E:\ClamWinPortable\Data\settings
d-----w 0 2007-08-23 16:04:38 E:\ClamWinPortable\Data\db
d-----w 0 2007-08-23 16:04:38 E:\ClamWinPortable\Data\log
d-----w 0 2007-08-23 16:04:38 E:\ClamWinPortable\Data\quarantine
----a-w 1,310 2007-08-23 16:04:46 E:\ClamWinPortable\Data\settings\ClamWin.conf
----a-w 10,251,443 2007-08-23 16:19:42 E:\ClamWinPortable\Data\db\main.cvd
----a-w 455,579 2007-08-23 16:20:20 E:\ClamWinPortable\Data\db\daily.cvd
----a-w 52 2007-08-23 16:20:22 E:\ClamWinPortable\Data\db\mirrors.dat
----a-w 711 2007-08-23 16:20:36 E:\ClamWinPortable\Data\log\ClamUpdateLog.txt
----a-w 363 2007-08-23 16:31:54 E:\ClamWinPortable\Data\log\ClamScanLog.txt
d-----w 0 2007-08-23 15:55:00 E:\ClamWinPortable\Other\ClamWinPortableSource
d-----w 0 2007-08-23 15:55:14 E:\ClamWinPortable\Other\ClamWinSource
----a-w 23,558 2006-08-09 15

36 E:\ClamWinPortable\Other\ClamWinPortableSource\ClamWinPortable.ico
----a-w 464 2007-07-25 18:30:44 E:\ClamWinPortable\Other\ClamWinPortableSource\ClamWinPortable.ini
----a-w 48,584 2006-08-10 13:39:12 E:\ClamWinPortable\Other\ClamWinPortableSource\ClamWinPortable.jpg
----a-w 9,646 2007-07-25 18:25:28 E:\ClamWinPortable\Other\ClamWinPortableSource\ClamWinPortable.nsi
----a-w 643 2006-08-14 03:26:42 E:\ClamWinPortable\Other\ClamWinPortableSource\GetParameters.nsh
----a-w 6,988 2007-07-25 18:23:18 E:\ClamWinPortable\Other\ClamWinPortableSource\Installer.nsi
----a-w 18,322 2005-11-29 21:58:26 E:\ClamWinPortable\Other\ClamWinPortableSource\License.txt
----a-w 3,953 2007-07-25 18:31:26 E:\ClamWinPortable\Other\ClamWinPortableSource\Readme.txt
----a-w 110 2007-07-25 18:36:24 E:\ClamWinPortable\Other\ClamWinSource\readme.txt
----a-w 51,712 2006-07-31 16:53:10 E:\IELTS Reading\Unfamiliar Words Exercise.doc
----a-w 211,237 2006-05-29 09:33:22 E:\IELTS Reading\Unfamiliar Words Exercise.pdf
----a-w 50,176 2007-03-30 11:58:44 E:\IELTS Reading\Unfamiliar Words.doc
----a-w 219,269 2006-05-29 09:33:46 E:\IELTS Reading\Unfamiliar Words.pdf
----a-w 277,504 2007-01-29 08:23:30 E:\SIC\10-grammar test.doc
----a-w 74,752 2007-01-26 10:55:30 E:\SIC\10-grammar answersheet.doc
----a-w 83,968 2007-01-26 10:54:14 E:\SIC\10-listening answersheet.doc
----a-w 49,152 2007-01-26 10:54:28 E:\SIC\10-reading answersheet.doc
----a-w 111,616 2007-01-29 09:56:22 E:\SIC\10-writing answersheet.doc
----a-w 63,488 2007-02-04 12:43:02 E:\SIC\aft-grammar answersheet.doc
----a-w 143,872 2007-02-02 08:35:22 E:\SIC\aft-grammar test.doc
----a-w 58,880 2007-02-05 04:50:08 E:\SIC\aft-l-n-r answersheet.doc
----a-w 1,380,838 2007-03-20 05:55:24 E:\SIC\Role Plays.pdf
----a-w 106,435 2006-09-02 06:47:32 E:\IELTS First Night\IELTS Exam Format.pdf
----a-w 122,463 2006-09-02 06:48:00 E:\IELTS First Night\IELTS Exam Questions.pdf
----a-w 96,451 2006-09-02 06:48:36 E:\IELTS First Night\IELTS Key Format.pdf
----a-w 21,504 2006-09-02 06:32:36 E:\IELTS First Night\IELTS Orientation.doc
----a-w 82,362 2006-09-02 06:48:10 E:\IELTS First Night\IELTS Quiz.pdf
----a-w 94,720 2007-01-14 07:54:46 E:\IELTS First Night\First Nite Scores.doc
----a-w 32,768 2006-12-27 15:33:00 E:\Games\HalfLife Walkthrough.doc
----a-w 44,544 2006-11-28 16:13:36 E:\Games\PF controls (original).doc
----a-w 34,304 2006-12-03 04:00:36 E:\Games\Pacific Fighters Controls.doc
----a-w 56,832 2006-11-27 03:15:08 E:\IELTS Speaking\Prepare for Speaking.doc
----a-w 32,768 2007-04-03 06:40:02 E:\IELTS Speaking\Pronunciation Drill.doc
----a-w 36,864 2006-11-26 02:03:06 E:\IELTS Speaking\Teaching speaking.doc
----a-w 160,256 2007-06-17 07:31:04 E:\American Culture\2007 MLB Standings.doc
----a-w 28,160 2007-03-26 07:17:10 E:\Flea Power\fleapower 2.doc
----a-w 21,299 2007-03-28 16:48:34 E:\Flea Power\hddrive.htm
----a-w 413,696 2007-01-24 15:35:52 E:\Flea Power\laptop flea power.doc
----a-w 23,695 2007-03-28 16:48:44 E:\Flea Power\memory.htm
----a-w 21,049 2007-03-28 16:47:58 E:\Flea Power\modem.htm
----a-w 22,455 2007-03-28 16:47:22 E:\Flea Power\opdrive.htm
d-----w 0 2007-03-28 16:50:10 E:\Flea Power\opdrive_files
d-----w 0 2007-03-28 16:50:32 E:\Flea Power\modem_files
d-----w 0 2007-03-28 16:50:56 E:\Flea Power\memory_files
d-----w 0 2007-03-28 16:51:20 E:\Flea Power\hddrive_files
----a-w 48 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\arrow_top.gif
----a-w 903 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\bullet.gif
----a-w 1,046 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\caution.gif
----a-w 100,921 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\common50_b_sp.js
----a-w 65,238 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\css.css
----a-w 1,417 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\img.gif
----a-w 77,465 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\kirin-s3.jpg
----a-w 10,547 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\lexicon50.js
----a-w 1,520 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\logo43.gif
----a-w 23,647 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\menu.htm
----a-w 1,091 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\notice.gif
----a-w 1,213 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\opdrivea.jpg
----a-w 166 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\orderstatus.gif
----a-w 2,362 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\pg-id.css
----a-w 431 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\primary.gif
----a-w 167 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\profile.gif
----a-w 78 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\secondary_sep.gif
----a-w 43 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\spacer.gif
----a-w 401 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\subnavlinkbar.jpg
----a-w 82 2007-03-28 16:47:22 E:\Flea Power\opdrive_files\us.gif
----a-w 48 2007-03-28 16:47:58 E:\Flea Power\modem_files\arrow_top.gif
----a-w 903 2007-03-28 16:47:58 E:\Flea Power\modem_files\bullet.gif
----a-w 1,046 2007-03-28 16:47:58 E:\Flea Power\modem_files\caution.gif
----a-w 100,921 2007-03-28 16:47:58 E:\Flea Power\modem_files\common50_b_sp.js
----a-w 65,238 2007-03-28 16:47:58 E:\Flea Power\modem_files\css.css
----a-w 1,417 2007-03-28 16:47:58 E:\Flea Power\modem_files\img.gif
----a-w 92,239 2007-03-28 16:47:58 E:\Flea Power\modem_files\kirin-s4.jpg
----a-w 90,613 2007-03-28 16:47:58 E:\Flea Power\modem_files\kirin-sd.jpg
----a-w 10,547 2007-03-28 16:47:58 E:\Flea Power\modem_files\lexicon50.js
----a-w 1,520 2007-03-28 16:47:58 E:\Flea Power\modem_files\logo43.gif
----a-w 23,647 2007-03-28 16:47:58 E:\Flea Power\modem_files\menu.htm
----a-w 1,091 2007-03-28 16:47:58 E:\Flea Power\modem_files\notice.gif
----a-w 166 2007-03-28 16:47:58 E:\Flea Power\modem_files\orderstatus.gif
----a-w 2,362 2007-03-28 16:47:58 E:\Flea Power\modem_files\pg-id.css
----a-w 431 2007-03-28 16:47:58 E:\Flea Power\modem_files\primary.gif
----a-w 167 2007-03-28 16:47:58 E:\Flea Power\modem_files\profile.gif
----a-w 78 2007-03-28 16:47:58 E:\Flea Power\modem_files\secondary_sep.gif
----a-w 43 2007-03-28 16:47:58 E:\Flea Power\modem_files\spacer.gif
----a-w 401 2007-03-28 16:47:58 E:\Flea Power\modem_files\subnavlinkbar.jpg
----a-w 82 2007-03-28 16:47:58 E:\Flea Power\modem_files\us.gif
----a-w 48 2007-03-28 16:48:44 E:\Flea Power\memory_files\arrow_top.gif
----a-w 903 2007-03-28 16:48:44 E:\Flea Power\memory_files\bullet.gif
----a-w 1,046 2007-03-28 16:48:44 E:\Flea Power\memory_files\caution.gif
----a-w 100,921 2007-03-28 16:48:44 E:\Flea Power\memory_files\common50_b_sp.js
----a-w 65,238 2007-03-28 16:48:44 E:\Flea Power\memory_files\css.css
----a-w 1,417 2007-03-28 16:48:44 E:\Flea Power\memory_files\img.gif
----a-w 62,046 2007-03-28 16:48:44 E:\Flea Power\memory_files\kirin-13.jpg
----a-w 55,945 2007-03-28 16:48:44 E:\Flea Power\memory_files\kirin-b5.jpg
----a-w 92,234 2007-03-28 16:48:44 E:\Flea Power\memory_files\kirin-s2.jpg
----a-w 10,547 2007-03-28 16:48:44 E:\Flea Power\memory_files\lexicon50.js
----a-w 1,520 2007-03-28 16:48:44 E:\Flea Power\memory_files\logo43.gif
----a-w 23,647 2007-03-28 16:48:44 E:\Flea Power\memory_files\menu.htm
----a-w 1,008 2007-03-28 16:48:44 E:\Flea Power\memory_files\note.gif
----a-w 1,091 2007-03-28 16:48:44 E:\Flea Power\memory_files\notice.gif
----a-w 166 2007-03-28 16:48:44 E:\Flea Power\memory_files\orderstatus.gif
----a-w 2,362 2007-03-28 16:48:44 E:\Flea Power\memory_files\pg-id.css
----a-w 431 2007-03-28 16:48:44 E:\Flea Power\memory_files\primary.gif
----a-w 167 2007-03-28 16:48:44 E:\Flea Power\memory_files\profile.gif
----a-w 78 2007-03-28 16:48:44 E:\Flea Power\memory_files\secondary_sep.gif
----a-w 43 2007-03-28 16:48:44 E:\Flea Power\memory_files\spacer.gif
----a-w 401 2007-03-28 16:48:44 E:\Flea Power\memory_files\subnavlinkbar.jpg
----a-w 82 2007-03-28 16:48:44 E:\Flea Power\memory_files\us.gif
----a-w 48 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\arrow_top.gif
----a-w 903 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\bullet.gif
----a-w 1,046 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\caution.gif
----a-w 100,921 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\common50_b_sp.js
----a-w 65,238 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\css.css
----a-w 1,417 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\img.gif
----a-w 66,909 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\kirin-sb.jpg
----a-w 10,547 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\lexicon50.js
----a-w 1,520 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\logo43.gif
----a-w 23,647 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\menu.htm
----a-w 1,008 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\note.gif
----a-w 1,091 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\notice.gif
----a-w 166 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\orderstatus.gif
----a-w 2,362 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\pg-id.css
----a-w 431 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\primary.gif
----a-w 167 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\profile.gif
----a-w 78 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\secondary_sep.gif
----a-w 43 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\spacer.gif
----a-w 401 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\subnavlinkbar.jpg
----a-w 82 2007-03-28 16:48:34 E:\Flea Power\hddrive_files\us.gif
----a-w 36,864 2006-11-23 10:42:38 E:\IELTS Writing\70 Argument Essay Topics.doc
----a-w 68,608 2006-08-02 13:40:56 E:\IELTS Writing\Essay Types.doc
----a-w 36,352 2006-05-14 09:14:10 E:\IELTS Writing\Academic Synonyms.doc
----a-w 100,352 2007-01-23 13:33:24 E:\IELTS Writing\CWE.doc
----a-w 30,720 2006-06-25 12:56:14 E:\IELTS Writing\CWE Answers.doc
----a-w 31,232 2006-07-26 06:55:20 E:\IELTS Writing\CWE Exercise.doc
----a-w 29,696 2007-01-23 13:29:24 E:\IELTS Writing\Essay Types Exercise.doc
----a-w 35,840 2006-07-03 07:27:34 E:\IELTS Writing\Essay Structure.doc
----a-w 368,088 2006-02-14 18:23:42 E:\IELTS Writing\How To Prepare for Writing.pdf
----a-w 137,647 2005-11-21 06:16:04 E:\IELTS Writing\Linking Words activity.pdf
----a-w 127,128 2005-11-28 03:18:24 E:\IELTS Writing\Making Comparisons Activity.pdf
----a-w 128,772 2005-11-28 04:39:04 E:\IELTS Writing\Referents.pdf
----a-w 117,488 2005-11-28 04:41:20 E:\IELTS Writing\Referents Activity.pdf
----a-w 25,600 2006-04-19 11:27:44 E:\IELTS Writing\Task 1 & 2.doc
----a-w 19,968 2006-03-24 11:02:10 E:\IELTS Writing\Task 2 (VN Culture).doc
----a-w 26,112 2006-04-15 16:12:24 E:\IELTS Writing\Task 2 Find Errors.doc
----a-w 26,624 2006-05-12 10:14:16 E:\IELTS Writing\Writing Task 2 points.doc
d-----w 0 2007-04-04 05:10:10 E:\IELTS Writing\Essays
----a-w 50,688 2007-04-16 03:43:18 E:\IELTS Writing\Task 1 (blank).doc
----a-w 48,640 2007-04-16 03:46:26 E:\IELTS Writing\Task 1 (GT).doc
----a-w 49,152 2007-05-21 01:11:38 E:\IELTS Writing\Task 2 (overweight kids)2.doc
----a-w 48,642 2007-06-06 13:44:32 E:\IELTS Writing\Task 1 (Acad).doc
----a-w 47,104 2007-07-19 03:59:28 E:\IELTS Writing\Task 1 (GT-landlord).doc
----a-w 46,594 2007-06-06 13:31:30 E:\IELTS Writing\Task 2 (GT-paper money).doc
----a-w 46,592 2007-07-19 01:58:10 E:\IELTS Writing\Task 2 (teens internet).doc
----a-w 46,594 2007-06-06 13:27:04 E:\IELTS Writing\Task 2 (undervalued jobs).doc
d---a-w 0 2007-01-25 13:13:38 E:\IELTS Writing\Essays\1-25 Evening
d-----w 0 2007-03-26 11:10:54 E:\IELTS Writing\Essays\3-26 Evening
d-----w 0 2007-03-26 02:57:46 E:\IELTS Writing\Essays\3-26 Morning
d-----w 0 2007-07-04 12:48:20 E:\IELTS Writing\Essays\AM - 4-7-2007
d-----w 0 2007-07-04 13:03:30 E:\IELTS Writing\Essays\PM - 4-7-2007
----a-w 24,576 2007-01-25 12:02:26 E:\IELTS Writing\Essays\1-25 Evening\Nguyen Quoc Thanh.doc
----a-w 22,528 2007-01-25 11:08:36 E:\IELTS Writing\Essays\1-25 Evening\Bui Minh Thao-IELTS Inter.doc
----a-w 25,600 2007-01-25 11:07:06 E:\IELTS Writing\Essays\1-25 Evening\Ngoc Han.doc
----a-w 25,088 2007-01-25 11:09:18 E:\IELTS Writing\Essays\1-25 Evening\Hoang Thi Hong Van.doc
----a-w 25,600 2007-01-25 11:07:52 E:\IELTS Writing\Essays\1-25 Evening\Nguyen Thi Thuy Hang(Inter class).doc
----a-w 21,504 2007-01-25 11:08:24 E:\IELTS Writing\Essays\1-25 Evening\LE HOANG THUY TRANG.doc
----a-w 25,600 2007-01-25 11:08:08 E:\IELTS Writing\Essays\1-25 Evening\Nguyen Minh Nghi.doc
----a-w 25,088 2007-01-25 11:08:30 E:\IELTS Writing\Essays\1-25 Evening\Giang Van Xi.doc
----a-w 27,136 2007-01-25 11:08:22 E:\IELTS Writing\Essays\1-25 Evening\my nguyen.doc
----a-w 25,600 2007-01-25 11:07:52 E:\IELTS Writing\Essays\1-25 Evening\HA NHAT QUANG.doc
----a-w 25,600 2007-01-25 11:38:40 E:\IELTS Writing\Essays\1-25 Evening\Phùng Th?y Bích Tram.doc
----a-w 24,576 2007-01-25 11:12:22 E:\IELTS Writing\Essays\1-25 Evening\tung.doc
----a-w 24,576 2007-01-25 11:12:46 E:\IELTS Writing\Essays\1-25 Evening\lytuvi.doc
----a-w 24,576 2007-01-25 11:07:34 E:\IELTS Writing\Essays\1-25 Evening\lamtanvinh.doc
----a-w 24,576 2007-01-25 11:09:52 E:\IELTS Writing\Essays\1-25 Evening\Name Vu tuong thuat.doc
----a-w 27,648 2007-01-25 11:07:14 E:\IELTS Writing\Essays\1-25 Evening\Writing Task 2 - ThaiHa.doc
----a-w 24,576 2007-01-25 11:04:04 E:\IELTS Writing\Essays\1-25 Evening\vuong dieu tri-inter class.doc
----a-w 26,112 2007-01-25 11:03:58 E:\IELTS Writing\Essays\1-25 Evening\Pham Thi Minh Nguyet_ Task 2.doc
----a-w 26,112 2007-01-25 11:09:26 E:\IELTS Writing\Essays\1-25 Evening\Khanh Duong.doc
----a-w 25,600 2007-01-25 11:08:38 E:\IELTS Writing\Essays\1-25 Evening\nga.doc
----a-w 25,600 2007-01-25 11:36:00 E:\IELTS Writing\Essays\1-25 Evening\van trinh.doc
----a-w 25,600 2007-01-25 11:34:22 E:\IELTS Writing\Essays\1-25 Evening\T? Thùy Trang.doc
----a-w 25,600 2007-01-25 11:58:56 E:\IELTS Writing\Essays\1-25 Evening\NGUYEN HUYNH THAO.doc
----a-w 26,112 2007-01-25 12:11:40 E:\IELTS Writing\Essays\1-25 Evening\Le Hong Van.doc
----a-w 25,088 2007-01-25 12:12:26 E:\IELTS Writing\Essays\1-25 Evening\Pham Thi Phu Thi (Inter class).doc
----a-w 26,112 2007-01-25 12:09:28 E:\IELTS Writing\Essays\1-25 Evening\Chung Le Phan.doc
----a-w 20,992 2007-02-03 07:25:42 E:\IELTS Writing\Essays\1-25 Evening\16.doc
----a-w 26,112 2007-03-26 12:18:20 E:\IELTS Writing\Essays\3-26 Evening\Nguyen Huu Phuc - IELTS.doc
----a-w 26,112 2007-03-26 12:20:54 E:\IELTS Writing\Essays\3-26 Evening\Tran Hong Nhat Minh-Inter.doc
----a-w 25,600 2007-03-26 12:33:32 E:\IELTS Writing\Essays\3-26 Evening\Le Ha Hong Nhung- Intermediate IELTS.doc
----a-w 27,648 2007-03-26 12:32:56 E:\IELTS Writing\Essays\3-26 Evening\Tien Cam Minh Tri_lop IELTS-inter.doc
----a-w 26,112 2007-03-26 12:27:40 E:\IELTS Writing\Essays\3-26 Evening\Nguyen Le Thuy Giang-09- Inter.doc
----a-w 25,600 2007-03-26 12:40:50 E:\IELTS Writing\Essays\3-26 Evening\LE DO MINH THAO - IELTS - inter.doc
----a-w 22,016 2007-03-26 12:45:40 E:\IELTS Writing\Essays\3-26 Evening\dang hoai linh-lop inter ielts.doc
----a-w 25,088 2007-03-26 12:34:12 E:\IELTS Writing\Essays\3-26 Evening\NGO PHAN NGOC TRAN - INTER - 24.doc
----a-w 25,088 2007-03-26 12:40:46 E:\IELTS Writing\Essays\3-26 Evening\lathithuha_ielts(inter).doc
----a-w 25,088 2007-03-26 12:42:20 E:\IELTS Writing\Essays\3-26 Evening\LY MY HONG.doc
----a-w 24,576 2007-03-26 11:38:54 E:\IELTS Writing\Essays\3-26 Evening\VOHONGLINH int2.doc
----a-w 25,600 2007-03-26 12:44:18 E:\IELTS Writing\Essays\3-26 Evening\Cap Le Khanh Hoang_ Inter.doc
----a-w 23,040 2007-03-26 12:40:06 E:\IELTS Writing\Essays\3-26 Evening\Le Quoc Khanh.doc
----a-w 25,600 2007-03-26 12:53:38 E:\IELTS Writing\Essays\3-26 Evening\le minh Hoang Vu.doc
----a-w 25,600 2007-03-26 12:48:48 E:\IELTS Writing\Essays\3-26 Evening\pham thi thanh hong.doc
----a-w 27,648 2007-03-26 12:55:22 E:\IELTS Writing\Essays\3-26 Evening\Thai Quang Anh Vu.doc
----a-w 26,112 2007-03-26 12:49:28 E:\IELTS Writing\Essays\3-26 Evening\nguyen Thi Kim Phung.doc
----a-w 25,600 2007-03-26 12:52:46 E:\IELTS Writing\Essays\3-26 Evening\Le thi thu Hien, Intermediate class.doc
----a-w 25,600 2007-03-26 12:55:24 E:\IELTS Writing\Essays\3-26 Evening\huynhtiendat - intermediate.doc
----a-w 25,600 2007-03-26 12:53:02 E:\IELTS Writing\Essays\3-26 Evening\NguyenThanhPhuoc.doc
----a-w 25,088 2007-03-26 12:46:56 E:\IELTS Writing\Essays\3-26 Evening\Trinh Ngoc Phuong Khanh-IELTS-Inter.doc
----a-w 26,112 2007-03-26 12:20:48 E:\IELTS Writing\Essays\3-26 Evening\To Thi Van Ha.doc
----a-w 26,112 2007-03-26 12:55:18 E:\IELTS Writing\Essays\3-26 Evening\LE THE HUNG-.doc
----a-w 25,088 2007-03-26 02:42:54 E:\IELTS Writing\Essays\3-26 Morning\DO THANH TAM- May 3.doc
----a-w 25,088 2007-03-26 02:45:08 E:\IELTS Writing\Essays\3-26 Morning\Le Thi Thu 04.doc
----a-w 25,600 2007-03-26 02:55:46 E:\IELTS Writing\Essays\3-26 Morning\Ð?ng Hoàng Lâm 05.doc
----a-w 25,600 2007-03-26 02:30:56 E:\IELTS Writing\Essays\3-26 Morning\NguyenTienThanhVan_lop_Inter.doc
----a-w 27,136 2007-03-26 02:38:54 E:\IELTS Writing\Essays\3-26 Morning\Nguyen Thi Kim Ngan - May 2.doc
----a-w 26,624 2007-03-26 03

20 E:\IELTS Writing\Essays\3-26 Morning\Trinh Ai Hang_Computer1.doc
----a-w 25,600 2007-03-26 03:09:54 E:\IELTS Writing\Essays\3-26 Morning\phanviethuong 06.doc
----a-w 26,112 2007-03-26 02:48:18 E:\IELTS Writing\Essays\3-26 Morning\NguyenAnh_14.doc
----a-w 25,600 2007-03-26 02:58:28 E:\IELTS Writing\Essays\3-26 Morning\hainhung.doc
----a-w 25,088 2007-03-26 02:30:06 E:\IELTS Writing\Essays\3-26 Morning\Tran Thi Thanh Khuong.doc
----a-w 25,600 2007-03-26 03:01:46 E:\IELTS Writing\Essays\3-26 Morning\Vien My Chi Inter Ielts.doc
----a-w 25,088 2007-03-26 03:10:24 E:\IELTS Writing\Essays\3-26 Morning\Diep Duc Tuan.doc
----a-w 25,088 2007-03-26 03:04:46 E:\IELTS Writing\Essays\3-26 Morning\tran thi tuyet sang 09.doc
----a-w 25,088 2007-03-26 03:08:14 E:\IELTS Writing\Essays\3-26 Morning\dinh ngoc diem quynh (inter) - may12.doc
----a-w 29,184 2007-03-26 03:05:58 E:\IELTS Writing\Essays\3-26 Morning\Do Minh Duc_15.doc
----a-w 26,112 2007-03-26 02:30:36 E:\IELTS Writing\Essays\3-26 Morning\nguyencao.doc
----a-w 24,064 2007-03-26 03:16:46 E:\IELTS Writing\Essays\3-26 Morning\DANG THANH TRUNG 08.doc
----a-w 25,600 2007-03-26 02:39:04 E:\IELTS Writing\Essays\3-26 Morning\Pham Luu Quynh Nhu-int-22.doc
----a-w 26,112 2007-03-26 03:08:22 E:\IELTS Writing\Essays\3-26 Morning\VO THI THAO VY.doc
----a-w 25,088 2007-03-26 02:54:24 E:\IELTS Writing\Essays\3-26 Morning\PHAMANHTUAN.doc
----a-w 25,600 2007-07-04 01:56:10 E:\IELTS Writing\Essays\AM - 4-7-2007\Dinh An_Inter AM.doc
----a-w 26,624 2007-07-04 01:52:48 E:\IELTS Writing\Essays\AM - 4-7-2007\Tran Thi My Dung -interAM.doc
----a-w 25,600 2002-03-23 15:25:12 E:\IELTS Writing\Essays\AM - 4-7-2007\TRAN THANH VAN - INTER- AM.doc
----a-w 27,136 2007-07-04 01:42:52 E:\IELTS Writing\Essays\AM - 4-7-2007\Nguyen Lan Huong - Inter AM.doc
----a-w 25,600 2007-07-04 01:49:06 E:\IELTS Writing\Essays\AM - 4-7-2007\pham tran yen phuong - inter am.doc
----a-w 25,600 2007-07-04 01:54:42 E:\IELTS Writing\Essays\AM - 4-7-2007\Nguyen thi Dieu Tien-InterAm.doc
----a-w 25,600 2005-07-04 01:42:00 E:\IELTS Writing\Essays\AM - 4-7-2007\Pham Thi Thuy Vy - Inter AM.doc
----a-w 25,088 2007-07-04 01:57:16 E:\IELTS Writing\Essays\AM - 4-7-2007\Minh Trang-Inter AM.doc
----a-w 20,992 2007-07-04 01:53:28 E:\IELTS Writing\Essays\AM - 4-7-2007\Ly Cong Binh Inter AM.doc
----a-w 26,112 2007-07-04 01:57:18 E:\IELTS Writing\Essays\AM - 4-7-2007\Tran Linh Trang-IELTS inter AM.doc
----a-w 25,600 2007-07-04 01:43:30 E:\IELTS Writing\Essays\AM - 4-7-2007\tran thi thanh phuong_inter AM.doc
----a-w 27,648 2005-07-04 01:51:52 E:\IELTS Writing\Essays\AM - 4-7-2007\Nguyen Bui Tu Anh-InterAM.doc
----a-w 25,600 2007-07-04 01:39:06 E:\IELTS Writing\Essays\AM - 4-7-2007\Vu thu thao huong-interam.doc
----a-w 25,600 2007-07-04 12:30:46 E:\IELTS Writing\Essays\PM - 4-7-2007\NGUYEN TAO PHUC - INTER PM.doc
----a-w 26,624 2007-07-04 11:49:12 E:\IELTS Writing\Essays\PM - 4-7-2007\Nguyen Tuan Kiet-Intermidiate.doc
----a-w 25,600 2002-03-24 00:58:42 E:\IELTS Writing\Essays\PM - 4-7-2007\Lieu Kim Phuong-Inter PM.doc
----a-w 27,648 2007-07-04 11:30:50 E:\IELTS Writing\Essays\PM - 4-7-2007\MINH LOI.INTER.PM.doc
----a-w 25,600 2007-07-04 11:35:06 E:\IELTS Writing\Essays\PM - 4-7-2007\NguyenNgocHoa-Inter PM.doc
----a-w 26,112 2007-07-04 11:40:28 E:\IELTS Writing\Essays\PM - 4-7-2007\Tran Minh Quan - Inter PM.doc
----a-w 25,600 2007-07-04 11:40:54 E:\IELTS Writing\Essays\PM - 4-7-2007\Nguyen Huy Phuong-Inter PM.doc
----a-w 27,648 2005-07-04 11:38:50 E:\IELTS Writing\Essays\PM - 4-7-2007\Nguyen Huynh Anh Nhung-Inter PM.doc
----a-w 26,624 2007-07-04 11:49:12 E:\IELTS Writing\Essays\PM - 4-7-2007\Nguyen Khanh Duong.doc
----a-w 25,088 2007-07-04 11:48:36 E:\IELTS Writing\Essays\PM - 4-7-2007\Huynh Thu Hang,interPM.doc
----a-w 26,624 2007-07-04 11:55:18 E:\IELTS Writing\Essays\PM - 4-7-2007\NGUYEN THANH HOAI-Inter PM.doc
----a-w 26,624 2007-07-04 11:56:24 E:\IELTS Writing\Essays\PM - 4-7-2007\TraQuynhDao_IELTSInter.doc
----a-w 28,160 2007-07-04 11:47:22 E:\IELTS Writing\Essays\PM - 4-7-2007\Nguyen Phi Phong - InterPM.doc
----a-w 25,600 2007-07-04 11:56:38 E:\IELTS Writing\Essays\PM - 4-7-2007\Trang Bich Anh - Inter AM.doc
----a-w 31,232 2007-07-04 11:54:24 E:\IELTS Writing\Essays\PM - 4-7-2007\NguyenLeYenMinh_InterPM.doc
----a-w 26,112 2007-07-04 11:44:14 E:\IELTS Writing\Essays\PM - 4-7-2007\Hoangtuananh_Inter pm.doc
----a-w 25,088 2007-07-04 11:54:26 E:\IELTS Writing\Essays\PM - 4-7-2007\Vovanviet - Inter PM.doc
----a-w 26,112 2002-03-24 01

02 E:\IELTS Writing\Essays\PM - 4-7-2007\Do Anh Tuan Inter-PM.doc
----a-w 27,136 2005-07-04 11:53:52 E:\IELTS Writing\Essays\PM - 4-7-2007\dieptoquan- Inter PM.doc
----a-w 26,112 2007-07-04 12:05:12 E:\IELTS Writing\Essays\PM - 4-7-2007\Tolan - Inter PM.doc
----a-w 21,504 2007-07-04 11:55:58 E:\IELTS Writing\Essays\PM - 4-7-2007\Lam Van Nghi - inter pm.doc
----a-w 25,600 2007-07-04 11:52:34 E:\IELTS Writing\Essays\PM - 4-7-2007\DQ TuanAnh_InterPM.doc
----a-w 26,624 2007-07-04 11:57:12 E:\IELTS Writing\Essays\PM - 4-7-2007\doanhthu -interPM.doc
----a-w 25,600 2007-07-04 12:56:30 E:\IELTS Writing\Essays\PM - 4-7-2007\Nguyen kieu linhvuong-interpm.doc
----a-w 22,016 2007-07-11 02:14:30 E:\IELTS Writing\Essays\PM - 4-7-2007\nguyenxuanthanhtram_Inter PM.doc
----a-w 68,096 2007-07-05 04:22:18 E:\IELTS Writing\Essays\PM - 4-7-2007\PM writing2.doc
----a-w 73,216 2006-11-27 03:09:02 E:\IELTS Listening\Listening Resources.doc
----a-w 28,672 2006-04-29 10:17:04 E:\IELTS Listening\Listening Tips.doc
----a-w 12,413,440 2007-08-14 05:35:08 E:\Laptop Programs\avgas-setup-7.5.1.43.exe
----a-w 2,566,736 2007-08-14 06:09:32 E:\Laptop Programs\spywareblaster.exe
----a-w 17,180,704 2007-08-11 19:56:16 E:\Laptop Programs\antivir.exe
----a-w 5,659,648 2007-08-16 08:59:30 E:\Laptop Programs\Sygate.msi
----a-w 5,914,648 2007-08-16 08:52:34 E:\Laptop Programs\SUPERAntiSpyware.exe
----a-w 2,617,008 2007-08-16 08:46:54 E:\Laptop Programs\outpost.exe
----a-w 41,573,776 2007-07-23 09

20 E:\Laptop Programs\zone-alarm.exe
----a-w 2,855,080 2006-12-13 15:24:58 E:\Laptop Programs\Ad-Aware.exe
----a-w 1,493,848 2007-01-02 04:33:58 E:\Laptop Programs\Ccleaner.exe
----a-w 905,728 2006-03-13 04:45:10 E:\Laptop Programs\IrfanView.exe
----a-w 22,016 2006-12-11 14:26:44 E:\Laptop Programs\Manually Update AVG.doc
----a-w 5,037,072 2006-12-14 05:38:42 E:\Laptop Programs\Spybot SD.exe
----a-w 316,520 2007-08-14 05:54:26 E:\Laptop Programs\getright.exe
----a-w 20,933,888 2007-05-13 14:41:52 E:\Laptop Programs\SkypeSetup.exe
----a-w 2,323 2007-04-25 17:51:10 E:\Nicehouse Site\apartments.htm
----a-w 1,028 2007-04-26 07:23:18 E:\Nicehouse Site\blurb1.txt
----a-w 220 2007-04-26 07:59:00 E:\Nicehouse Site\categories.txt
----a-w 1,946 2007-04-25 18:16:24 E:\Nicehouse Site\commercial.htm
----a-w 1,967 2007-04-25 18:09:24 E:\Nicehouse Site\contact.htm
----a-w 2,809 2007-05-20 10:08:24 E:\Nicehouse Site\houses.htm
----a-w 3,087 2007-06-03 06:49:48 E:\Nicehouse Site\houses2.htm
----a-w 2,008 2007-05-20 10:11:16 E:\Nicehouse Site\houses_001.htm
----a-w 3,887 2007-05-20 10:02:10 E:\Nicehouse Site\index.htm
----a-w 3,724 2007-05-20 10:22:46 E:\Nicehouse Site\index.html
----a-w 6,627 2007-06-03 06:12:40 E:\Nicehouse Site\nicehouse.css
----a-w 13,824 2007-05-20 10:43:56 E:\Nicehouse Site\Nicehouse.xls
----a-w 2,115 2007-04-25 18:12:46 E:\Nicehouse Site\other.htm
----a-w 2,111 2007-04-26 07:36:24 E:\Nicehouse Site\rooms.htm
d-----w 0 2007-06-03 06:55:10 E:\Nicehouse Site\images
----a-w 46,278 2007-04-26 07:25:56 E:\Nicehouse Site\images\1169097746_Image-1-Large_l1.jpg
----a-w 49,914 2007-04-26 07:26:22 E:\Nicehouse Site\images\1169097746_Image-2-Large_l2.jpg
----a-w 18,290 2007-04-25 17:46:50 E:\Nicehouse Site\images\aptbldg.jpg
----a-w 16,271 2007-04-25 17:40:54 E:\Nicehouse Site\images\house.jpg
----a-w 6,986 2007-04-26 07:35:50 E:\Nicehouse Site\images\room.jpg
----a-w 182,014 2006-08-19 08:18:12 E:\Scripts\Annie Hall.txt
----a-w 115,272 2006-05-24 06:08:34 E:\Scripts\Faces.txt
----a-w 4,944 2006-08-15 10:58:30 E:\Scripts\Fawlty Towers Guide.txt
----a-w 112,128 2006-10-10 15:42:08 E:\Scripts\Fawlty Towers.doc
----a-w 39,116 2006-08-13 22:27:58 E:\Scripts\Fawlty Towers script.txt
----a-w 565,248 2006-07-18 15:53:08 E:\Scripts\Mean Streets.doc
----a-w 160,768 2006-07-18 16:42:52 E:\Scripts\Planes Trains Automobiles.doc
----a-w 31,744 2006-10-05 17:26:50 E:\Scripts\Planes Trains Automobiles_5.doc
----a-w 20,992 2006-10-19 13:29:02 E:\Scripts\PTA_vocab4.doc
----a-w 38,437 2006-12-04 19:50:58 E:\Scripts\Scripts Llist.txt
----a-w 2,893 2006-06-08 03:45:42 E:\Scripts\Seabiscuit Excerpt.txt
----a-w 99,920 2006-05-24 04:44:36 E:\Scripts\Seabiscuit.txt
----a-w 139,668 2006-05-16 17:12:50 E:\Scripts\The Godfather.txt
----a-w 16,927 2006-12-04 19:01:38 E:\Scripts\Transcripts List.txt
----a-w 66,936 2006-11-29 17:47:58 E:\Scripts\love actually.txt
----a-w 89,376 2006-11-29 18:48:40 E:\Scripts\great escape.txt
----a-w 116,736 2006-12-13 03:03:26 E:\Scripts\Fawlty1.doc
----a-w 29,696 2007-01-23 13:45:26 E:\Scripts\Planes Trains Automobiles_1.doc
----a-w 27,648 2007-01-23 13:49:56 E:\Scripts\Planes Trains Automobiles_2.doc
----a-w 29,184 2007-01-23 13:53:36 E:\Scripts\Planes Trains Automobiles_3.doc
----a-w 44,032 2007-01-23 13:56:50 E:\Scripts\Planes Trains Automobiles_4.doc
----a-w 34,304 2007-01-23 13:58:34 E:\Scripts\Fawlty Towers_1.doc
----a-w 199,092 2006-12-15 17:35:00 E:\Scripts\Duck Soup Script.txt
----a-w 284,035 2006-12-15 17:09:10 E:\Scripts\Cuckoos Nest Script.txt
----a-w 769,536 2006-12-20 05:16:50 E:\Scripts\Titanic Script.doc
----a-w 266,374 2006-12-19 17:02:24 E:\Scripts\Titanic.txt
----a-w 43,520 2006-12-20 05:24:16 E:\Scripts\Who's On First.doc
----a-w 20,480 2006-12-20 05:13:46 E:\Scripts\Titanic Script Cover.doc
----a-w 37,376 2007-03-17 10:24:12 E:\Scripts\Honeymooners - Blabbermouth_1.doc
----a-w 54,784 2007-03-17 10:34:58 E:\Scripts\Marx Brothers - full cabin.doc
----a-w 69,120 2007-03-17 04:22:20 E:\Scripts\Honeymooners - Blabbermouth.doc
----a-w 32,768 2007-04-07 08:48:04 E:\Scripts\Honeymooners - Blabbermouth_2.doc
----a-w 38,912 2007-04-07 08:58:32 E:\Scripts\Honeymooners - Blabbermouth_1x.doc
----a-w 30,208 2007-05-26 07:12:28 E:\Scripts\Stranger Than Fiction 2.doc
----a-w 20,992 2007-06-09 05:09:18 E:\Scripts\Stranger Than Fiction 4.doc
----a-w 1,917,402 2007-05-18 06:07:34 E:\Scripts\Stranger-Than-Fiction.pdf
----a-w 74,752 2007-06-23 02:31:06 E:\Scripts\BENJAMIN.doc
----a-w 115,845 2007-05-31 07:51:56 E:\Scripts\Chicago.txt
----a-w 3,983 2007-07-12 06:26:40 E:\Scripts\Creature Comforts.txt
----a-w 3,752 2007-05-18 13:46:20 E:\Scripts\Stranger Than Fiction.txt
----a-w 21,504 2006-08-19 03:12:36 E:\Lyrics\At Seventeen.doc
----a-w 27,648 2006-08-12 03:20:06 E:\Lyrics\Boulevard of Broken Dreams - Green Day.doc
----a-w 1,003 2000-01-21 05:35:08 E:\Lyrics\cantstand.txt
----a-w 37,376 2006-09-10 17:30:56 E:\Lyrics\Cat Stevens.doc
----a-w 39,424 2006-07-14 15:15:12 E:\Lyrics\David Bowie.doc
----a-w 39,424 2006-09-10 17:25:06 E:\Lyrics\Father and Son - Cat Stevens.doc
----a-w 32,768 2006-07-14 15:23:36 E:\Lyrics\Hung Up - Madonna.doc
----a-w 941 1999-10-22 04:33:24 E:\Lyrics\I Am A Child.TXT
----a-w 21,504 1998-08-15 07:25:54 E:\Lyrics\I'm Easy.doc
----a-w 41,472 2006-05-16 07:37:18 E:\Lyrics\Insatiable - Darren Hayes.doc
----a-w 26,112 2006-08-13 15:26:00 E:\Lyrics\My Love - Westlife.doc
----a-w 1,486 2002-10-29 07:58:30 E:\Lyrics\No Woman No Cry.txt
----a-w 918 1998-08-24 17:26:46 E:\Lyrics\Ruby Tuesday.txt
----a-w 29,184 2006-08-24 05:25:56 E:\Lyrics\St Louis Blues.doc
----a-w 880 1999-09-28 08:46:38 E:\Lyrics\Stand By Me.txt
----a-w 29,184 2006-09-05 02:12:58 E:\Lyrics\Uptown Girl - Westlife.doc
----a-w 22,016 2006-08-15 10:52:32 E:\Lyrics\We Will Rock You - Queen.doc
----a-w 21,504 2006-08-26 15:24:12 E:\Lyrics\You're Beautiful - James Blunt.doc
d-----w 0 2006-10-20 14:29:42 E:\Lyrics\Who
d-----w 0 2006-10-20 14:29:42 E:\Lyrics\Simon & Garfunkel
d-----w 0 2006-10-20 14:29:52 E:\Lyrics\Joni Mitchell
d-----w 0 2006-10-20 14:29:56 E:\Lyrics\Johnny Cash
d-----w 0 2006-10-20 14:30:04 E:\Lyrics\Elton John
d-----w 0 2006-10-20 14:30:08 E:\Lyrics\Bob Dylan
d-----w 0 2006-10-20 14:30:14 E:\Lyrics\Beatles
----a-w 24,064 2006-11-25 10:48:42 E:\Lyrics\Fix You - Cold Play.doc
----a-w 29,696 2006-11-30 05:53:04 E:\Lyrics\Shut Up.doc
----a-w 29,184 2006-11-29 18:10:58 E:\Lyrics\Can't Get You Out Of My Head.doc
----a-w 871 2006-11-29 18:02:34 E:\Lyrics\kathy's song.txt
----a-w 20,992 2006-11-29 18:04:20 E:\Lyrics\Kathy's Song.doc
----a-w 1,013 2006-11-29 15

22 E:\Lyrics\land down under.txt
----a-w 20,992 2006-11-29 18:02:02 E:\Lyrics\Land Down Under.doc
----a-w 1,357 2006-11-29 17:47:18 E:\Lyrics\maxwells hammer.txt
----a-w 21,504 2006-11-29 17:47:06 E:\Lyrics\Maxwell's Silver Hammer.doc
----a-w 21,504 2006-12-05 10:57:26 E:\Lyrics\7 Nation Army.doc
----a-w 918 2007-03-31 06:19:08 E:\Lyrics\evil.txt
----a-w 1,280 2007-03-31 06:32:52 E:\Lyrics\She's Leaving Home.txt
----a-w 906 2007-03-31 06:22:06 E:\Lyrics\spoonful.txt
----a-w 35,840 2007-01-08 05:38:22 E:\Lyrics\Rock History.doc
----a-w 246,784 2006-12-29 14:42:24 E:\Lyrics\Top 100 Albums.DOC
----a-w 28,672 2007-04-02 06:41:48 E:\Lyrics\Tom Waits.doc
----a-w 23,552 2007-04-07 08:50:20 E:\Lyrics\You've Got A Friend.doc
----a-w 27,648 2007-06-06 05:57:10 E:\Lyrics\Every Breath You Take.doc
----a-w 960 2007-04-05 08:36:08 E:\Lyrics\So far away.txt
----a-w 848 2007-04-05 08:09:54 E:\Lyrics\This Is The Day.txt
----a-w 1,138 2007-04-05 08:36:40 E:\Lyrics\You've Got A Friend - King.txt
----a-w 1,437 2007-04-06 06:56:56 E:\Lyrics\You've Got A Friend - Taylor.txt
----a-w 1,442 2007-04-06 09:31:12 E:\Lyrics\Fire and Rain.txt
----a-w 23,040 2007-04-11 09:09:00 E:\Lyrics\Fire And Rain.doc
----a-w 29,696 2007-06-06 05:57:26 E:\Lyrics\Police Songs.doc
----a-w 773 2007-07-31 06:07:34 E:\Lyrics\A Very Good Year.txt
----a-w 1,764 2007-07-28 05:39:04 E:\Lyrics\dont you want me baby.txt
----a-w 1,355 2007-07-31 06:11:54 E:\Lyrics\You're So Vain.txt
----a-w 586 1998-08-24 06:49:50 E:\Lyrics\Who\loverainoverme.txt
----a-w 387 1999-10-22 04:21:24 E:\Lyrics\Simon & Garfunkel\April Come She Will.TXT
----a-w 1,167 1998-08-14 13:38:20 E:\Lyrics\Simon & Garfunkel\Boxer.txt
----a-w 35,328 1998-08-12 12:37:32 E:\Lyrics\Simon & Garfunkel\bridge.over.troubled.doc
----a-w 8,613 1998-08-20 01:31:18 E:\Lyrics\Simon & Garfunkel\bridge.txt
----a-w 31,232 2006-07-29 03:03:52 E:\Lyrics\Simon & Garfunkel\Paul Simon.doc
----a-w 30,720 2006-07-17 03:35:12 E:\Lyrics\Simon & Garfunkel\Simon and Garfunkel.doc
----a-w 23,552 2006-11-03 13:27:56 E:\Lyrics\Simon & Garfunkel\50 Ways To Leave Your Lover.doc
----a-w 44,032 2006-11-11 10:55:00 E:\Lyrics\Simon & Garfunkel\Parsley Sage Rosemary and Thyme (Album).doc
----a-w 20,992 2006-11-18 10:38:12 E:\Lyrics\Simon & Garfunkel\Still Crazy.doc
----a-w 22,528 2007-07-28 08:56:34 E:\Lyrics\Simon & Garfunkel\Sounds of Silence.doc
----a-w 28,160 2006-05-12 07:49:50 E:\Lyrics\Joni Mitchell\Both Sides Now - Joni Mitchell.doc
----a-w 55,808 2006-07-14 15:31:24 E:\Lyrics\Joni Mitchell\Joni Mitchell.doc
----a-w 22,016 2006-08-15 14:02:58 E:\Lyrics\Joni Mitchell\River.doc
----a-w 2,852 2002-09-22 06:56:20 E:\Lyrics\Johnny Cash\boy-named-sue.txt
----a-w 26,112 2006-08-24 05:39:06 E:\Lyrics\Johnny Cash\Cash Dylan.doc
----a-w 23,552 2006-08-24 05:37:14 E:\Lyrics\Johnny Cash\Don't Take Your Guns to Town.doc
----a-w 3,231 2002-09-22 06:55:40 E:\Lyrics\Johnny Cash\one-piece-at-a-time.txt
----a-w 715 2006-10-14 15:14:34 E:\Lyrics\Johnny Cash\I Walk The Line.txt
----a-w 22,016 2006-11-29 18

50 E:\Lyrics\Johnny Cash\Ghost Riders.doc
----a-w 27,648 2007-03-17 10:40:42 E:\Lyrics\Johnny Cash\Folsom Prison Blues.doc
----a-w 22,016 2007-03-17 10:41:48 E:\Lyrics\Johnny Cash\Ring Of Fire.doc
----a-w 20,992 2006-08-22 15:11:32 E:\Lyrics\Elton John\Sorry Seems To Be The Hardest Word - Elton John.doc
----a-w 42,496 2007-03-31 10:47:46 E:\Lyrics\Elton John\Elton John.doc
----a-w 1,094 1998-08-11 14:08:54 E:\Lyrics\Bob Dylan\Baby Blue.txt
----a-w 1,064 1998-08-14 03:50:50 E:\Lyrics\Bob Dylan\babyblue.txt
----a-w 40,960 2006-07-13 08:39:00 E:\Lyrics\Bob Dylan\Bob Dylan.doc
----a-w 26,112 2006-08-24 05:39:06 E:\Lyrics\Bob Dylan\Cash Dylan.doc
----a-w 37,888 2006-07-13 08:38:28 E:\Lyrics\Bob Dylan\Dylan.doc
----a-w 22,528 2006-08-24 05:36:54 E:\Lyrics\Bob Dylan\It Ain't Me Babe.doc
----a-w 37,376 2006-07-16 10:11:34 E:\Lyrics\Beatles\Beatles John.doc
----a-w 821 1998-08-24 17:29:20 E:\Lyrics\Beatles\ififell.txt
----a-w 21,504 1998-08-15 07:25:54 E:\Lyrics\Beatles\It Dont Come Easy.doc
----a-w 1,116 2006-07-29 03

58 E:\Lyrics\Beatles\ivejustseenaface.txt
----a-w 892 1998-07-12 18:53:36 E:\Lyrics\Beatles\junk.txt
----a-w 1,317 1998-07-12 15:30:40 E:\Lyrics\Beatles\maxwellssilverhammer.txt
----a-w 851 1998-07-12 15:17:36 E:\Lyrics\Beatles\mothershould know.txt
----a-w 1,271 2006-07-29 03:08:52 E:\Lyrics\Beatles\rocky.txt
----a-w 537 1998-07-12 15:01:46 E:\Lyrics\Beatles\Scrambled Eggs.txt
----a-w 974 1998-08-24 17:13:22 E:\Lyrics\Beatles\sleeping.txt
----a-w 1,003 1998-07-12 15:14:00 E:\Lyrics\Beatles\When I'm 64.txt
----a-w 37,888 2006-05-14 09:14:32 E:\Odds & Ends\Current TOEFL.doc
----a-w 30,208 2006-03-16 15:12:42 E:\Odds & Ends\Half Lilfe.doc
----a-w 28,160 2006-07-26 05:37:24 E:\Odds & Ends\res-jul06.doc
----a-w 25,600 2006-07-26 05:32:30 E:\Odds & Ends\res-oct05.doc
----a-w 31,744 2006-04-19 11:24:52 E:\Odds & Ends\Right Left.doc
----a-w 5,405 2006-06-08 04:15:14 E:\Odds & Ends\Seabiscuit Script2.txt
d-----w 0 2006-10-20 14:30:38 E:\Odds & Ends\American Culture
----a-w 106 1998-08-20 01:59:22 E:\Odds & Ends\favorite names.txt
----a-w 349,696 2006-10-19 08:37:02 E:\Odds & Ends\Cable car photos.doc
----a-w 220,160 2006-10-19 08:28:50 E:\Odds & Ends\Cable car.doc
----a-w 315,904 2006-10-19 08:08:26 E:\Odds & Ends\Golden Gate Bridge.doc
----a-w 30,720 2006-11-22 12:32:02 E:\Odds & Ends\Role Plays.doc
----a-w 334,414 2006-11-15 08:24:12 E:\Odds & Ends\Improv Encyclopedia.pdf
----a-w 31,744 2006-04-19 11:24:52 E:\Odds & Ends\Right & Left.doc
----a-w 20,480 2006-04-24 04:38:06 E:\Odds & Ends\Aussie Towns.doc
----a-w 276,992 2006-04-19 07:08:20 E:\Odds & Ends\British American.doc
----a-w 50,176 2006-04-13 03:09:00 E:\Odds & Ends\Emails List.doc
----a-w 43,008 2007-01-02 04:15:14 E:\Odds & Ends\Free Will.doc
----a-w 20,480 2007-03-30 01:15:20 E:\Odds & Ends\Recommendation.doc
----a-w 22,528 2006-11-27 03:05:34 E:\Odds & Ends\Teaching Vocabulary.doc
----a-w 31,744 2006-10-07 05:50:14 E:\Odds & Ends\Pekar vocabulary.doc
----a-w 61,952 2007-06-11 10:41:44 E:\Odds & Ends\Protect Your Computer.doc
----a-w 61,952 2006-07-17 03:50:26 E:\Odds & Ends\American Culture\Amer Culture emails.doc
----a-w 20,480 2006-07-03 07:29:26 E:\Odds & Ends\American Culture\Amer Culture Questionnaire.doc
----a-w 82,432 2006-07-07 06:46:44 E:\Odds & Ends\American Culture\American Customs.doc
----a-w 130,048 2006-07-10 04:31:42 E:\Odds & Ends\American Culture\American Survival Guide.doc
----a-w 121,856 2006-07-10 04:35:14 E:\Odds & Ends\American Culture\American Survival Guide2.doc
----a-w 114,176 2006-06-29 16:54:36 E:\Odds & Ends\American Culture\Baseball Standings.doc
----a-w 219,136 2006-06-29 16:29:18 E:\Odds & Ends\American Culture\baseball.doc
----a-w 13 2006-07-02 10:00:22 E:\Odds & Ends\American Culture\city data.txt
----a-w 36,864 2006-07-04 07:42:04 E:\Odds & Ends\American Culture\Classroom Customs.doc
----a-w 42,496 2006-06-29 16:25:32 E:\Odds & Ends\American Culture\college_rankings.doc
----a-w 151,040 2006-07-02 10:22:42 E:\Odds & Ends\American Culture\Elective Courses.doc
----a-w 52,224 2006-07-03 10:35:12 E:\Odds & Ends\American Culture\Email blank.doc
----a-w 61,952 2006-07-17 03:50:26 E:\Odds & Ends\American Culture\emails.doc
----a-w 24,064 2006-07-02 09:51:30 E:\Odds & Ends\American Culture\Extracurricular.doc
----a-w 123,392 2006-07-10 03:21:30 E:\Odds & Ends\American Culture\Life in America.doc
----a-w 26,112 2006-07-10 04:35:22 E:\Odds & Ends\American Culture\Life in America_x.doc
----a-w 30,720 2006-07-10 03:40:26 E:\Odds & Ends\American Culture\Life in America_y.doc
----a-w 269,824 2006-07-08 08:51:06 E:\Odds & Ends\American Culture\Little Saigon.doc
----a-w 75,264 2006-07-02 10

26 E:\Odds & Ends\American Culture\SAT.doc
----a-w 20 2006-07-16 07:28:34 E:\Odds & Ends\American Culture\thienan.txt
----a-w 150,528 2006-06-29 16:28:54 E:\Odds & Ends\American Culture\us-news-rankings.doc
d-----w 0 2006-10-20 14:31:04 E:\Odds & Ends\American Culture\Culture pics
d-----w 0 2006-10-20 14:31:44 E:\Odds & Ends\American Culture\American Culture
----a-w 34,500 2006-07-15 06:01:58 E:\Odds & Ends\American Culture\Culture pics\B000002UYZ.01.jpg
----a-w 40,234 2006-07-15 06:09:04 E:\Odds & Ends\American Culture\Culture pics\B000002UZ1.01.jpg
----a-w 53,483 2006-07-15 06:12:50 E:\Odds & Ends\American Culture\Culture pics\Casseus-clay.jpg
----a-w 355,366 2006-07-13 08:44:14 E:\Odds & Ends\American Culture\Culture pics\Dylan-bighair.bmp
----a-w 859,638 2006-07-13 08:55:26 E:\Odds & Ends\American Culture\Culture pics\Dylan-very-young.bmp
----a-w 217,054 2006-07-13 08:49:22 E:\Odds & Ends\American Culture\Culture pics\Dylan-young.bmp
----a-w 92,124 2006-07-13 09:13:26 E:\Odds & Ends\American Culture\Culture pics\Happybirthdaymonroe.jpg
----a-w 40,528 2006-07-15 05:48:54 E:\Odds & Ends\American Culture\Culture pics\JFKMLK.jpg
----a-w 6,826 2006-07-13 09:15:34 E:\Odds & Ends\American Culture\Culture pics\Jk_beatles_john.jpg
----a-w 6,115 2006-07-13 09:15:32 E:\Odds & Ends\American Culture\Culture pics\Jk_beatles_paul.jpg
----a-w 22,785 2006-07-13 08:56:10 E:\Odds & Ends\American Culture\Culture pics\joe-mariilyn.jpg
----a-w 25,872 2006-07-13 09:00:46 E:\Odds & Ends\American Culture\Culture pics\Joe_DiMaggio.jpg
----a-w 18,120 2006-07-15 06:04:02 E:\Odds & Ends\American Culture\Culture pics\Jrobinson.jpg
----a-w 18,751 2006-07-13 09:14:28 E:\Odds & Ends\American Culture\Culture pics\Kennedy_bros.jpg
----a-w 32,834 2006-07-15 05:50:44 E:\Odds & Ends\American Culture\Culture pics\March on Wash.jpg
----a-w 19,900 2006-07-13 09:05:12 E:\Odds & Ends\American Culture\Culture pics\Marilynlovejoekiss.jpg
----a-w 27,331 2006-07-15 05:43:20 E:\Odds & Ends\American Culture\Culture pics\Martin-Luther-King.jpg
----a-w 128,919 2006-07-15 05:42:06 E:\Odds & Ends\American Culture\Culture pics\Martin_Luther_King_-_March_on_Washington.jpg
----a-w 62,528 2006-07-15 05:44:14 E:\Odds & Ends\American Culture\Culture pics\MLK mug.jpg
d-----w 0 2006-10-20 14:31:26 E:\Odds & Ends\American Culture\Culture pics\woodstock
----a-w 33,077 2006-07-15 05:52:34 E:\Odds & Ends\American Culture\Culture pics\woodstock\250px-Woodstock_poster.jpg
----a-w 27,190 2006-07-15 06:00:40 E:\Odds & Ends\American Culture\Culture pics\woodstock\billy.jpg
----a-w 30,343 2006-07-15 06:05:26 E:\Odds & Ends\American Culture\Culture pics\woodstock\crowdshot.jpg
----a-w 34,191 2006-07-15 06:05:42 E:\Odds & Ends\American Culture\Culture pics\woodstock\crowdshot2.jpg
----a-w 25,608 2006-07-15 06:12:42 E:\Odds & Ends\American Culture\Culture pics\woodstock\H-JanisJoplin.jpg
----a-w 32,001 2006-07-15 06:14:40 E:\Odds & Ends\American Culture\Culture pics\woodstock\H-Masses2.jpg
----a-w 16,403 2006-07-15 06:05:16 E:\Odds & Ends\American Culture\Culture pics\woodstock\muddyshoe.jpg
----a-w 9,126 2006-07-15 06:04:18 E:\Odds & Ends\American Culture\Culture pics\woodstock\nudebeach.jpg
----a-w 61,205 2006-07-15 06:11:16 E:\Odds & Ends\American Culture\Culture pics\woodstock\rosecolored-glasses.jpg
----a-w 18,536 2006-07-15 06:03:42 E:\Odds & Ends\American Culture\Culture pics\woodstock\suncrowd.jpg
----a-w 65,696 2006-07-15 06:11:34 E:\Odds & Ends\American Culture\Culture pics\woodstock\swimming.jpg
--sha-w 28,160 2006-07-17 07:00:10 E:\Odds & Ends\American Culture\Culture pics\woodstock\Thumbs.db
----a-w 13,834 2006-07-15 06:04:48 E:\Odds & Ends\American Culture\Culture pics\woodstock\trafficon17B.jpg
----a-w 24,380 2006-07-15 06:12:16 E:\Odds & Ends\American Culture\Culture pics\woodstock\who.jpg
----a-w 125,952 2006-03-03 05:25:32 E:\Odds & Ends\American Culture\American Culture\50 Question Level Test-ADVANCED.doc
----a-w 111,616 2006-03-03 05:31:18 E:\Odds & Ends\American Culture\American Culture\50 Question Level Test-BEGINNER-ANSWERS.doc
----a-w 116,224 2006-04-01 10:28:28 E:\Odds & Ends\American Culture\American Culture\50 Question Level Test-BEGINNER.doc
----a-w 116,736 2006-03-03 05:28:40 E:\Odds & Ends\American Culture\American Culture\50 Question Level Test-INTERMEDIATE-ANSWERS.doc
----a-w 126,464 2006-03-03 05:28:54 E:\Odds & Ends\American Culture\American Culture\50 Question Level Test-INTERMEDIATE.doc
----a-w 111,616 2006-03-18 10:26:22 E:\Odds & Ends\American Culture\American Culture\50 Question Level TestADVANCED-ANSWERS.doc
----a-w 36,352 2006-03-18 10:33:12 E:\Odds & Ends\American Culture\American Culture\American Classroom Customs.doc
----a-w 475,648 2006-03-03 07:07:52 E:\Odds & Ends\American Culture\American Culture\American Slang Dictionary.doc
----a-w 29,184 2006-03-18 10:30:34 E:\Odds & Ends\American Culture\American Culture\American Slang.doc
----a-w 82,432 2006-07-03 08:13:42 E:\Odds & Ends\American Culture\American Culture\AmericanWelcomePackage.doc
----a-w 195,072 2006-03-03 07:08:26 E:\Odds & Ends\American Culture\American Culture\How To Survive in the USA Handbook.doc
----a-w 153,088 2006-03-03 07:12:38 E:\Odds & Ends\American Culture\American Culture\Idioms.doc
----a-w 46,592 2006-03-03 07:21:04 E:\Odds & Ends\American Culture\American Culture\If your American.doc
----a-w 136,192 2006-03-03 08:23:34 E:\Odds & Ends\American Culture\American Culture\Life in the USA.doc
----a-w 52,736 2006-03-03 05:59:26 E:\Odds & Ends\American Culture\American Culture\Venn Diagram.doc
----a-w 162 2006-03-03 06:23:14 E:\Odds & Ends\American Culture\American Culture\~$erican Slang Dictionary.doc
d-----w 0 2006-10-20 14:32:02 E:\Odds & Ends\American Culture\American Culture\Activities
----a-w 45,056 2006-03-03 07:23:10 E:\Odds & Ends\American Culture\American Culture\Activities\USA Celebrations & holidays.doc
----a-w 41,984 2006-07-03 08:21:54 E:\Odds & Ends\American Culture\American Culture\Activities\USA Trivia Test.doc
----a-w 47,616 2006-03-03 07:27:14 E:\Odds & Ends\American Culture\American Culture\Activities\Vietnam.doc

Entries: 684 (665)
Directories: 59 Files: 625
Bytes: 169,782,082 Blocks: 331,750

billermo · 08-25-2007, 09:46 AM

Here is the log file ComboFix.txt...

ComboFix 07-08-25.2 - "Bill" 2007-08-25 22:18:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.473 [GMT 7:00]
Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\autorun.inf

((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))

2007-08-25 22:09 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-25 13:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-08-25 13:11 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DNA
2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller
2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc
2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf
2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO
2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com
2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE
2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle
2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner
2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE
2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile
2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc
2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 22:13 --------- d-------- C:\Program Files\eMule
2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight
2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio
2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-13 00:19 --------- d-------- C:\Program Files\Dell
2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG
2007-08-08 22:11 --------- d-------- C:\Program Files\RGB
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp
2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo!
2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire
2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit
2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager
2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys
2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58]
"nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-08-25 13:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 0206261188054549mcinstcleanup;McAfee Application Installer Cleanup (0206261188054549);C:\WINDOWS\TEMP\020626~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}]
AutoRun\command- E:\LaunchU3.exe

Contents of the 'Scheduled Tasks' folder
2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 22:22:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 22:23:11
C:\ComboFix-quarantined-files.txt ... 2007-08-25 22:23
C:\ComboFix2.txt ... 2007-08-25 14:08
C:\ComboFix3.txt ... 2007-08-25 12:51

--- E O F ---

Ried · 08-25-2007, 10:28 AM

One more time, billermo.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Insert the USB stick.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
E:\autorun.inf
C:\autorun.inf

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------------

Reboot the system if ComboFix did not. (keep the USB stick inserted)

-----------------------------------------

Run Combofix once again by double-clicking the combofix.exe

-----------------------------------------

Post the following reports, in the order listed:

C:\ComboFix2.txt
C:\ComboFix.txt

billermo · 08-25-2007, 11:27 AM

Here is ComboFix2.txt....

ComboFix 07-08-25.2 - "Bill" 2007-08-25 23:40:27.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.373 [GMT 7:00]
Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt
* Created a new restore point

FILE::
E:\autorun.inf
C:\autorun.inf

((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))

2007-08-25 22:09 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-25 13:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-08-25 13:11 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DNA
2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller
2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc
2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf
2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO
2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com
2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE
2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle
2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner
2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE
2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile
2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc
2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 22:13 --------- d-------- C:\Program Files\eMule
2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight
2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio
2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-13 00:19 --------- d-------- C:\Program Files\Dell
2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG
2007-08-08 22:11 --------- d-------- C:\Program Files\RGB
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp
2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo!
2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire
2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit
2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager
2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys
2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58]
"nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-08-25 13:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 0206261188054549mcinstcleanup;McAfee Application Installer Cleanup (0206261188054549);C:\WINDOWS\TEMP\020626~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}]
AutoRun\command- E:\LaunchU3.exe

Contents of the 'Scheduled Tasks' folder
2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 23:43:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 23:45:06
C:\ComboFix-quarantined-files.txt ... 2007-08-25 23:44
C:\ComboFix2.txt ... 2007-08-25 22:23
C:\ComboFix3.txt ... 2007-08-25 14:08

--- E O F ---

billermo · 08-25-2007, 11:28 AM

Here is the latest ComboFix.txt log.

The folders have still not appeared.

ComboFix 07-08-25.2 - "Bill" 2007-08-25 23:50:30.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT 7:00]

((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 )))))))))))))))))))))))))))))))

2007-08-25 13:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-08-25 13:11 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DNA
2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller
2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc
2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf
2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO
2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com
2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE
2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle
2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner
2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE
2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile
2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc
2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 22:13 --------- d-------- C:\Program Files\eMule
2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight
2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio
2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-13 00:19 --------- d-------- C:\Program Files\Dell
2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG
2007-08-08 22:11 --------- d-------- C:\Program Files\RGB
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp
2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo!
2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire
2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit
2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager
2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys
2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58]
"nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-08-25 13:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 0206261188054549mcinstcleanup;McAfee Application Installer Cleanup (0206261188054549);C:\WINDOWS\TEMP\020626~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}]
AutoRun\command- E:\LaunchU3.exe

*Newly Created Service* - 0206261188054549MCINSTCLEANUP

Contents of the 'Scheduled Tasks' folder
2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-25 23:53:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-25 23:54:28
C:\ComboFix-quarantined-files.txt ... 2007-08-25 23:54
C:\ComboFix2.txt ... 2007-08-25 23:45
C:\ComboFix3.txt ... 2007-08-25 22:23

--- E O F ---

Ried · 08-25-2007, 04:26 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Insert USB stick.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

Folder::
c:\autorun.inf
e:\aurotrun.inf

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Post the C:\ComboFix.txt

billermo · 08-25-2007, 10:06 PM

This is the latest ComboFix.

ComboFix 07-08-25.2 - "Bill" 2007-08-26 10:51:50.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.470 [GMT 7:00]
Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\autorun.inf
c:\autorun.inf\Who created this folder.txt

((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))

2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller
2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc
2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO
2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter
2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com
2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell
2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE
2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle
2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner
2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE
2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile
2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner
2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc
2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero
2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-25 22:13 --------- d-------- C:\Program Files\eMule
2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight
2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio
2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3
2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor
2007-08-13 00:19 --------- d-------- C:\Program Files\Dell
2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG
2007-08-08 22:11 --------- d-------- C:\Program Files\RGB
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp
2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo!
2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire
2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit
2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager
2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys
2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58]
"nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe"
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 0206261188054549mcinstcleanup;McAfee Application Installer Cleanup (0206261188054549);C:\WINDOWS\TEMP\020626~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}]
AutoRun\command- E:\LaunchU3.exe

Contents of the 'Scheduled Tasks' folder
2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 10:55:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 10:56:05
C:\ComboFix-quarantined-files.txt ... 2007-08-26 10:55
C:\ComboFix2.txt ... 2007-08-25 23:54
C:\ComboFix3.txt ... 2007-08-25 23:45

--- E O F ---

billermo · 08-25-2007, 10:17 PM

I forgot to mention that I just checked and the files and folders on the memory stick are still not visible. I'm a bit curious to know what is happening. I know we're trying to fix the USB now, of course. But are the problems becoming visible in what we've done so far?

Ried · 08-25-2007, 10:52 PM

The problem is the flash drive infection variant that is on this stick. First, we need to get rid of those autorun.inf files and folders. If they continue to return, the spawning file is still located on that stick somewhere in one of the files, or on the C:\ drive of your system so that everytime you use Explorer to open your stick, it puts it back on.

Quote:

In this case and in every case above, I have already tried goign into Windows Explorer: Tools: Folder Options: View: Show Hidden Files and Folders and clicked Apply and OK. Doing that has had no effect. Everythign remains hidden.

Have you opened the E:\drive and changed the file/folder options from within that dialog box?

If so, and you still cannot see the files, then we need another scanner that has a good detection rate for these sorts of infections, to take a look at your stick and system.

Make sure the USB stick in inserted:

Go here and perform the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Leave the scanning options at default and press "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
Once finished, click on the Details button to view the results.
To the upper right of the results you will see an option saying "Click here to export the scan results" Post the log of the scan results in your next reply

08-23-2007, 11:48 PM	#1 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	USB memory stick infected, files inaccessible [Moved] A few days ago my memory stick was used by a co-worker to save some files from another computer. When it came back to me, it was obviously infected with some kind of virus. I have done a number of things: 1. deleted many .exe files that had been saved to look like folders (the folders have been hidden somehow, some way other than Hide Folders) 2. ran McAfee Virus Scan on the memory stick and it did not find anything. 3. AVG free anti-virus: nothing 4. Anti-spyware programs: Spybot, Spywareblaster, SuperAnti-Spyware, AdAware, Spyware Doctor -- all show nothing. Just to be clear: if there was a folder before that was named "Photos", now instead there was a .EXE file with the name Photos.exe. I use Display Extensions, so it was immediately obvious to me the virus had replaced my folders with itself. All the file sizes of these .exe files were exactly 230K. There were about 10 folders replaced this way, which was all of them. Now in the past when a similar virus has infected my USB, all I needed to do was scan it with McAfee, which would kill the virus one file at a time, and then after that go to Explore, Tools, Folder Options, View, choose Show Hidden Files and Folders (the virus had selected Do Not Show Hidden Files and Folders). All the old folders, which had been hidden, would then reappear. This time when I do that, the lost folders don't reappear. My first reaction was that they had been deleted by the virus. However, when I go to Explorer and right click on my USB memory stick drive (it shows up as drive E there), it shows 170mb used, 330 free on the memory stick. I only had about 3mb of files left on this memory stick after deleting all the .exe files. As a double-check, I also deleted everything else that was still left on the USB memory stick, so there should be nothing left, totally empty. Well, no. Now when I right-click on the USB in Windows Explorer, it shows 167mb used. I think that the files were hidden on the USB in some new way that is not just hidden folders. The virus may also have hidden itself in there , but that's just speculation. Any ideas how to fix this ? Any help would be appreciated. I should tell you that I already sought advice on another tech forum, and they just suggested trying 2 programs called Flash Disinfector and ClamWin, neither of which had any effect. At this point, the main problem is that the files on the memory stick are not accessible. The virus has hidden them in some way other than Hide Files and Folders in Windows Explorer. At my job, I was able to 'explore' the memory stick using ACDSee's built-in explorer feature - and was able to see that the old folders at least are still there. Later when I scanned it at home using ClamWin, as it scanned I saw that it was scanning many of the old files I had on there. SO... the files and folders are still there. Just not accessible. So if you offer some help, please first address this one of how to access the hidden files and folders and not how to run different kinds of anti-virus software. If this behaves the way the previous virus did, then deleting those .exe files got rid of the virus already. Also, I think whatever is preventing Windows Explorer or most other programs from exploring the USB stick probably will also likely prevent any anti-virus/spyware software from accessing the concealed files and folders. The other forum where I asked about this seems to be stumped -- nobody is replying anymore about it at this point. THanks for any help Billermo

08-23-2007, 11:52 PM	#2 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible One more clue: I was able to use ACDSee to COPY the contents of the USB Memory stick via ACDSee and paste them into a new folder on the desktop. That worked to a degree. If I right click on that folder it shows it contains 167mb. However if I open it, nothign appears to be inside it. In this case and in every case above, I have already tried goign into Windows Explorer: Tools: Folder Options: View: Show Hidden Files and Folders and clicked Apply and OK. Doing that has had no effect. Everythign remains hidden. Last edited by billermo; 08-24-2007 at 12:08 AM.

08-24-2007, 08:48 PM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,038 OS: WinXP and Vista	Re: USB memory stick infected, files inaccessible Hello billermo, Sorry, you'll need to run a program to clean this--you have a very specific infection and a specialized tool is needed. Unless you rid this usb stick of the infection, you will spread it to whatever system you plug it into. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. ************************************************* Download Combofix and save it to your desktop. Note: It is important that it is saved directly to your desktop -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Insert the infected USB stick. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt in your next reply so we can continue the cleansing process. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall ------------------------------------------------------------------- Please download HijackThis to your desktop - this program will help us determine if there are any spyware/malware on your computer. Alternate link Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program. Double-click on the file you just downloaded. Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis Upon install, HijackThis should open for you. Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe If it gives you an intro screen, just choose 'Do a system scan and save a log file'. If not, run a scan and save** the log file. [b]Do not fix any entries in HijackThis since many are harmless. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

08-24-2007, 10:18 PM	#4 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] OK I just did exactly as directed above. The first thing I must mention is that the USB memory stick is in the same bad condition. The folders and files on the USB can't be seen. Only the ClamWin program I put on the memory stick can be seen. I'm going to post the log files next for the ComboFix and HijackThis scans next, as you asked. But I have to first ask, do you have any idea how these folders and files are being hidden? Or if there is some way to address THAT part of the problem? Note that the folders and files were copied from the USB onto a WinXP desktop, and even there they remained hidden and couldn't be unhidden. I want to emphasize that I posted to solve this USB problem. If it turns out that my computer is clean, that is great, but I do still want to fix the USB stick. OK here first is the ComboFix log.... (I'll post HijackThis log in separate reply) ComboFix 07-08-25.2 - "Bill" 2007-08-25 10:09:50.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.411 [GMT 7:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Bill\APPLIC~1\microsoft\internet explorer\quick launch\intern~1.lnk ((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 ))))))))))))))))))))))))))))))) 2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller 2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc 2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf 2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO 2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter 2007-08-22 15:44 <DIR> d-------- C:\WINDOWS\LastGood 2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com 2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll 2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE 2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle 2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner 2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys 2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE 2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile 2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc 2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN 2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-25 06:53 --------- d-------- C:\Program Files\eMule 2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight 2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor 2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio 2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-08-13 00:19 --------- d-------- C:\Program Files\Dell 2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG 2007-08-08 22:11 --------- d-------- C:\Program Files\RGB 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp 2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo! 2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire 2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit 2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager 2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys 2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58] "nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44] "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30] "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55] "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe" R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 0033661187778336mcinstcleanup;McAfee Application Installer Cleanup (0033661187778336);C:\WINDOWS\TEMP\003366~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42ac2d46-a0b0-11db-9c62-001422e76503}] Auto\command- RavMonE.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55cc97c-b35f-11da-9a89-001422e76503}] AutoRun\command- fim.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}] AutoRun\command- E:\LaunchU3.exe Newly Created Service - CATCHME Contents of the 'Scheduled Tasks' folder 2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-25 10:14:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-25 10:15:54 C:\ComboFix-quarantined-files.txt ... 2007-08-25 10:15 --- E O F --- Last edited by billermo; 08-24-2007 at 10:27 PM.

08-24-2007, 10:29 PM	#5 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] Now here is the HijackThis log.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:20:19 AM, on 8/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Webshots\webshots.scr C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\McAfee\MSC\mcshell.exe c:\program files\mcafee\msc\mcuimgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user') O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF4F84D-F3CC-42E3-AACB-6F9A89B01492}: NameServer = 210.245.31.130,210.245.31.10 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: McAfee Application Installer Cleanup (0033661187778336) (0033661187778336mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\003366~1.EXE (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe -- End of file - 12304 bytes

08-25-2007, 12:06 AM	#7 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] OK I have completed this. The answer is that No, the files/folders are still not visible after having run this script. Properties on the disk still shows that it contains 167mb, but only the ClamWin folder appears when you Explore it. Here is the latest log: [just deleted this log since it was log.txt and not the combofix.txt file you requested I post.... see new reply below for the correct log] Last edited by billermo; 08-25-2007 at 12:23 AM.

08-25-2007, 12:18 AM	#8 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] Wait, sorry, I just made a mistake and posted the new Log.txt but you wanted me to post Combofix.txt. Let me do that now.... (incidentally, 2 appear under C:/ -- one is Combofix.txt and also Combofix2.txt. I'm posting the later one, Combofix.txt) ComboFix 07-08-25.2 - "Bill" 2007-08-25 12:45:38.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.448 [GMT 7:00] Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt * Created a new restore point FILE:: E:\autorun.inf E:\RavmonE.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Bill\APPLIC~1\microsoft\internet explorer\quick launch\intern~1.lnk ((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 ))))))))))))))))))))))))))))))) 2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller 2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc 2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf 2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO 2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter 2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com 2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll 2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE 2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle 2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner 2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys 2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE 2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile 2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc 2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN 2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-25 06:53 --------- d-------- C:\Program Files\eMule 2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight 2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor 2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio 2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-08-13 00:19 --------- d-------- C:\Program Files\Dell 2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG 2007-08-08 22:11 --------- d-------- C:\Program Files\RGB 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp 2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo! 2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire 2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit 2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager 2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys 2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58] "nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44] "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30] "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55] "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe" R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 0033661187778336mcinstcleanup;McAfee Application Installer Cleanup (0033661187778336);C:\WINDOWS\TEMP\003366~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a55cc97c-b35f-11da-9a89-001422e76503}] AutoRun\command- fim.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}] AutoRun\command- E:\LaunchU3.exe Newly Created Service - 0033661187778336MCINSTCLEANUP Newly Created Service - SCDEMU Contents of the 'Scheduled Tasks' folder 2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-25 12:49:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-25 12:51:06 C:\ComboFix-quarantined-files.txt ... 2007-08-25 12:50 C:\ComboFix2.txt ... 2007-08-25 10:15 --- E O F ---

08-25-2007, 01:22 AM	#10 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] OK I just did it again. Still can not access the files or folders on the USB memory stick. Here is the new ComboFix.txt file: ComboFix 07-08-25.2 - "Bill" 2007-08-25 14:04:24.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.437 [GMT 7:00] Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt * Created a new restore point FILE:: E:\fim.exe E:\setup.exe ((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 ))))))))))))))))))))))))))))))) 2007-08-25 13:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA 2007-08-25 13:11 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DNA 2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller 2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc 2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf 2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO 2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter 2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com 2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll 2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE 2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle 2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner 2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys 2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE 2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile 2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc 2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN 2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-25 13:26 --------- d-------- C:\Program Files\eMule 2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight 2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor 2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio 2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-08-13 00:19 --------- d-------- C:\Program Files\Dell 2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG 2007-08-08 22:11 --------- d-------- C:\Program Files\RGB 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp 2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo! 2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire 2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit 2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager 2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys 2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58] "nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44] "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30] "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55] "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-08-25 13:11] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe" R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 0033661187778336mcinstcleanup;McAfee Application Installer Cleanup (0033661187778336);C:\WINDOWS\TEMP\003366~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}] AutoRun\command- E:\LaunchU3.exe Contents of the 'Scheduled Tasks' folder 2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-25 14:07:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-25 14:08:45 C:\ComboFix-quarantined-files.txt ... 2007-08-25 14:08 C:\ComboFix2.txt ... 2007-08-25 12:51 C:\ComboFix3.txt ... 2007-08-25 10:15 --- E O F ---

08-25-2007, 09:46 AM	#13 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] Here is the log file ComboFix.txt... ComboFix 07-08-25.2 - "Bill" 2007-08-25 22:18:54.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.473 [GMT 7:00] Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt * Created a new restore point FILE:: C:\autorun.inf ((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 ))))))))))))))))))))))))))))))) 2007-08-25 22:09 <DIR> d-------- C:\WINDOWS\LastGood 2007-08-25 13:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA 2007-08-25 13:11 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DNA 2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller 2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc 2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf 2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO 2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter 2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com 2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll 2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE 2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle 2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner 2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys 2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE 2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile 2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc 2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN 2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-25 22:13 --------- d-------- C:\Program Files\eMule 2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight 2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor 2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio 2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-08-13 00:19 --------- d-------- C:\Program Files\Dell 2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG 2007-08-08 22:11 --------- d-------- C:\Program Files\RGB 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp 2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo! 2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire 2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit 2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager 2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys 2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58] "nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44] "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30] "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55] "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-08-25 13:11] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe" R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 0206261188054549mcinstcleanup;McAfee Application Installer Cleanup (0206261188054549);C:\WINDOWS\TEMP\020626~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}] AutoRun\command- E:\LaunchU3.exe Contents of the 'Scheduled Tasks' folder 2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-25 22:22:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-25 22:23:11 C:\ComboFix-quarantined-files.txt ... 2007-08-25 22:23 C:\ComboFix2.txt ... 2007-08-25 14:08 C:\ComboFix3.txt ... 2007-08-25 12:51 --- E O F ---

08-25-2007, 11:27 AM	#15 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] Here is ComboFix2.txt.... ComboFix 07-08-25.2 - "Bill" 2007-08-25 23:40:27.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.373 [GMT 7:00] Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt * Created a new restore point FILE:: E:\autorun.inf C:\autorun.inf ((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 ))))))))))))))))))))))))))))))) 2007-08-25 22:09 <DIR> d-------- C:\WINDOWS\LastGood 2007-08-25 13:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA 2007-08-25 13:11 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DNA 2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller 2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc 2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf 2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO 2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter 2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com 2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll 2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE 2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle 2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner 2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys 2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE 2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile 2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc 2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN 2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-25 22:13 --------- d-------- C:\Program Files\eMule 2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight 2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor 2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio 2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-08-13 00:19 --------- d-------- C:\Program Files\Dell 2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG 2007-08-08 22:11 --------- d-------- C:\Program Files\RGB 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp 2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo! 2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire 2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit 2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager 2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys 2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58] "nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44] "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30] "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55] "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-08-25 13:11] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe" R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 0206261188054549mcinstcleanup;McAfee Application Installer Cleanup (0206261188054549);C:\WINDOWS\TEMP\020626~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}] AutoRun\command- E:\LaunchU3.exe Contents of the 'Scheduled Tasks' folder 2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-25 23:43:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-25 23:45:06 C:\ComboFix-quarantined-files.txt ... 2007-08-25 23:44 C:\ComboFix2.txt ... 2007-08-25 22:23 C:\ComboFix3.txt ... 2007-08-25 14:08 --- E O F ---

08-25-2007, 11:28 AM	#16 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] Here is the latest ComboFix.txt log. The folders have still not appeared. ComboFix 07-08-25.2 - "Bill" 2007-08-25 23:50:30.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT 7:00] ((((((((((((((((((((((((( Files Created from 2007-07-25 to 2007-08-25 ))))))))))))))))))))))))))))))) 2007-08-25 13:11 <DIR> d-------- C:\Program Files\BitTorrent_DNA 2007-08-25 13:11 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DNA 2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller 2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc 2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-23 22:16 <DIR> drahs---- C:\autorun.inf 2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO 2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter 2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com 2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll 2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE 2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle 2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner 2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys 2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE 2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile 2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc 2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN 2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-25 22:13 --------- d-------- C:\Program Files\eMule 2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight 2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor 2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio 2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-08-13 00:19 --------- d-------- C:\Program Files\Dell 2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG 2007-08-08 22:11 --------- d-------- C:\Program Files\RGB 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp 2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo! 2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire 2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit 2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager 2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys 2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58] "nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44] "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30] "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55] "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-08-25 13:11] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe" R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 0206261188054549mcinstcleanup;McAfee Application Installer Cleanup (0206261188054549);C:\WINDOWS\TEMP\020626~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}] AutoRun\command- E:\LaunchU3.exe Newly Created Service - 0206261188054549MCINSTCLEANUP Contents of the 'Scheduled Tasks' folder 2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-25 23:53:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-25 23:54:28 C:\ComboFix-quarantined-files.txt ... 2007-08-25 23:54 C:\ComboFix2.txt ... 2007-08-25 23:45 C:\ComboFix3.txt ... 2007-08-25 22:23 --- E O F --- Last edited by billermo; 08-25-2007 at 11:37 AM.

08-25-2007, 10:06 PM	#18 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] This is the latest ComboFix. ComboFix 07-08-25.2 - "Bill" 2007-08-26 10:51:50.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.470 [GMT 7:00] Command switches used :: C:\Documents and Settings\Bill\Desktop\CFScript.txt * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) c:\autorun.inf c:\autorun.inf\Who created this folder.txt ((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 ))))))))))))))))))))))))))))))) 2007-08-25 10:19 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-24 00:53 <DIR> d-------- C:\Program Files\Easy Uninstaller 2007-08-23 22:53 <DIR> d-------- C:\Program Files\IZArc 2007-08-23 22:18 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-23 13:21 <DIR> d-------- C:\Program Files\PowerISO 2007-08-23 12:22 <DIR> d-------- C:\Program Files\Absolute MP3 Splitter 2007-08-17 15:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-08-17 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-08-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-17 15:16 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\SUPERAntiSpyware.com 2007-08-15 13:05 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-14 06:26 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-08-13 00:19 <DIR> d-------- C:\WINDOWS\system32\Dell 2007-08-09 06:46 45,056 --a------ C:\WINDOWS\system32\pclepim1.dll 2007-08-09 06:46 128,000 --a------ C:\Program Files\UNWISE.EXE 2007-08-09 06:46 <DIR> d-------- C:\Program Files\Pinnacle 2007-08-08 23:35 <DIR> d-------- C:\Program Files\CCleaner 2007-08-07 07:15 33,052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys 2007-08-06 14:55 <DIR> d-------- C:\Program Files\PurgeIE 2007-08-06 14:55 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\DelinvFile 2007-07-29 22:30 <DIR> d-------- C:\Program Files\MP3 Splitter & Joiner 2007-07-29 22:03 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\vlc 2007-07-29 21:51 <DIR> d-------- C:\Program Files\VideoLAN 2007-07-29 21:23 <DIR> d-------- C:\DOCUME~1\Bill\APPLIC~1\Ahead 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Nero 2007-07-29 21:18 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-07-29 21:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-25 22:13 --------- d-------- C:\Program Files\eMule 2007-08-24 00:51 --------- d-------- C:\Program Files\GetRight 2007-08-23 22:54 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-08-23 22:54 --------- d-------- C:\Program Files\Spyware Doctor 2007-08-23 12:38 --------- d-------- C:\Program Files\Monkey's Audio 2007-08-22 17:25 --------- d-------- C:\Program Files\McAfee 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-17 13:57 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\U3 2007-08-16 22:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip 2007-08-16 00:00 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-08-13 00:19 --------- d-------- C:\Program Files\Dell 2007-08-09 06:46 1252 --a------ C:\Program Files\INSTALL.LOG 2007-08-08 22:11 --------- d-------- C:\Program Files\RGB 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-08-08 18:25 --------- d-------- C:\DOCUME~1\Bill\APPLIC~1\SiteAdvisor 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-23 14:45 --------- d-------- C:\Program Files\Winamp 2007-07-19 13:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-16 14:16 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! 2007-07-16 14:15 --------- d-------- C:\Program Files\Yahoo! 2007-07-13 06:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 11:26 --------- d-------- C:\Program Files\ThirdWire 2007-07-10 11:21 --------- d-------- C:\Program Files\Common Files\Intuit 2007-07-10 11:16 --------- d-------- C:\Program Files\Common Files\LogoManager 2007-06-27 21:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 21:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 21:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 21:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 21:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 21:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 21:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 21:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 21:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 21:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 21:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 21:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 21:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 21:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 21:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 21:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 21:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 21:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 21:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 21:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 15:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 15:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 14:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 13:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 13:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-19 20:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 20:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 17:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-13 17:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2006-03-18 18:21:50 56 --sh--r C:\WINDOWS\system32\D33E28693D.sys 2006-03-18 18:21:53 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 03:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 11:58] "nwiz"="nwiz.exe" [2005-09-09 11:58 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 05:33] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-31 03:59] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-24 05:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 14:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 23:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 23:44] "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 14:30] "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 10:55] "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 16:39] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 11:37] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-21 11:07] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2005-09-02 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Start WingMan Profiler"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"= C:\DOCUME~1\Bill\STARTM~1\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-15 14:11:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 05:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk;"C:\Program Files\Iomega\AutoDisk\ADService.exe" R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 0206261188054549mcinstcleanup;McAfee Application Installer Cleanup (0206261188054549);C:\WINDOWS\TEMP\020626~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c06aeb5a-b5a1-11db-9c86-001422e76503}] AutoRun\command- E:\LaunchU3.exe Contents of the 'Scheduled Tasks' folder 2007-08-21 09:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-14 18:44:02 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe 2007-07-31 18:00:45 C:\WINDOWS\Tasks\McQcTask.job ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-26 10:55:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-26 10:56:05 C:\ComboFix-quarantined-files.txt ... 2007-08-26 10:55 C:\ComboFix2.txt ... 2007-08-25 23:54 C:\ComboFix3.txt ... 2007-08-25 23:45 --- E O F ---

08-25-2007, 10:17 PM	#19 (permalink)
billermo Registered User Join Date: Aug 2007 Posts: 163 OS: Win XP	Re: USB memory stick infected, files inaccessible [Moved] I forgot to mention that I just checked and the files and folders on the memory stick are still not visible. I'm a bit curious to know what is happening. I know we're trying to fix the USB now, of course. But are the problems becoming visible in what we've done so far?