HijackThis - alexxx21a

O4 - HKLM\..\Run: [cimiptyns] C:\WINDOWS\System32\cimiptyns.exe
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [cimiptyns] C:\Documents and Settings\ale---xxx\cimiptyns.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\ale---xxx\wuaucldt.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ol] C:\WINDOWS\ol.exe
O4 - HKCU\..\Run: [Apudakaxodemad] rundll32.exe "C:\WINDOWS\copdsr1.dll",Startup

File::
c:\documents and settings\ale---xxx\wuaucldt.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\ol.exe
C:\DOCUME~1\ale---xxx\LOCAL Settings\Temp\lsass.exe
C:\DOCUME~1\ale---xxx\LOCAL Settings\Temp\v2.exe
C:\Documents and Settings\ale---xxx\cimiptyns.exe
C:\WINDOWS\System32\cimiptyns.exe
C:\WINDOWS\copdsr1.dll
C:\WINDOWS\system32\regedit.exe

ComboFix 10-08-15.04 - ale---xxx 08/16/2010  17:16:26.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.732 [GMT 3:00]
Running from: c:\documents and settings\ale---xxx\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ale---xxx\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


FILE ::
"c:\docume~1\ale---xxx\LOCAL Settings\Temp\lsass.exe"
"c:\docume~1\ale---xxx\LOCAL Settings\Temp\v2.exe"
"c:\documents and settings\ale---xxx\cimiptyns.exe"
"c:\documents and settings\ale---xxx\wuaucldt.exe"
"c:\windows\copdsr1.dll"
"c:\windows\ol.exe"
"c:\windows\System32\cimiptyns.exe"
"c:\windows\system32\regedit.exe"
"c:\windows\system32\wuaucldt.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALE---~1\LOCALS~1\Temp\lsass.exe
c:\docume~1\ale---xxx\LOCAL Settings\Temp\lsass.exe
c:\docume~1\ale---xxx\LOCAL Settings\Temp\v2.exe
c:\documents and settings\ale---xxx\Application Data\chrtmp
c:\documents and settings\ale---xxx\Application Data\gnja.exe
c:\documents and settings\ale---xxx\Application Data\inst.exe
c:\documents and settings\ale---xxx\cimiptyns.exe
c:\documents and settings\ale---xxx\msgvn.exe
c:\documents and settings\ale---xxx\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\ale---xxx\wuaucldt.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-3071634982-0830670934-050293930-9477\nissan.exe
c:\windows\copdsr1.dll
c:\windows\ol.exe
c:\windows\System32\cimiptyns.exe
c:\windows\system32\wuaucldt.exe

----- BITS: Possible infected sites -----

hxxp://downlj+|[email protected]:NGD_DQ{[email protected](M(O.O?{=
Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP99\A0048408.sys
.
(((((((((((((((((((((((((   Files Created from 2010-07-16 to 2010-08-16  )))))))))))))))))))))))))))))))
.

2010-08-16 12:43 . 2010-08-16 12:43 -------- d-----w- c:\program files\ESET
2010-08-16 12:11 . 2010-08-16 12:11 76288 ----a-w- c:\windows\bhat.exe
2010-08-16 12:10 . 2010-08-16 12:10 40960 ----a-w- c:\windows\as36.exe
2010-08-16 11:39 . 2010-08-16 11:39 90112 ----a-w- c:\windows\system32\YmsgCrypt.dll
2010-08-16 11:39 . 2010-08-16 11:39 139264 ----a-w- c:\windows\system32\DartCertificate.dll
2010-08-16 11:39 . 2010-08-16 11:39 147456 ----a-w- c:\windows\system32\DartSecure2.dll
2010-08-16 11:39 . 2010-08-16 11:39 212992 ----a-w- c:\windows\system32\DartSock.dll
2010-08-16 09:37 . 2010-08-16 09:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-08-12 15:59 . 2010-08-12 15:59 -------- d-----w- c:\program files\Conduit
2010-08-07 05:55 . 2010-08-07 05:55 61440 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f88d24c-n\decora-sse.dll
2010-08-07 05:55 . 2010-08-07 05:55 503808 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5402958d-n\msvcp71.dll
2010-08-07 05:55 . 2010-08-07 05:55 499712 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5402958d-n\jmc.dll
2010-08-07 05:55 . 2010-08-07 05:55 12800 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f88d24c-n\decora-d3d.dll
2010-08-07 05:55 . 2010-08-07 05:55 348160 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5402958d-n\msvcr71.dll
2010-07-29 15:42 . 2010-07-29 15:42 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\vlc
2010-07-23 08:45 . 2010-07-23 08:45 -------- d-----w- c:\program files\Alcohol Soft
2010-07-22 13:58 . 2003-10-27 11:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-07-22 13:58 . 2003-10-27 11:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2010-07-22 13:58 . 2003-10-27 11:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2010-07-22 13:58 . 2003-10-27 11:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2010-07-22 13:58 . 2003-10-27 11:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-07-22 13:58 . 2010-07-22 13:58 -------- d-----w- c:\program files\Ubisoft
2010-07-22 13:35 . 2010-07-22 13:35 -------- d-----w- c:\program files\7-Zip
2010-07-19 11:28 . 2010-07-19 11:28 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\Media Player Classic

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 09:57 . 2010-04-26 16:57 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\uTorrent
2010-08-11 17:17 . 2010-04-26 20:44 -------- d-----w- c:\program files\Garena
2010-08-03 10:38 . 2010-04-26 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-07-29 11:55 . 2010-04-26 03:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-29 11:55 . 2010-04-26 03:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 22:47 . 2010-04-26 16:53 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\Skype
2010-07-26 22:44 . 2010-04-26 16:54 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\skypePM
2010-07-23 08:43 . 2010-04-26 16:58 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-13 07:04 . 2010-04-26 03:40 44528 ----a-w- c:\documents and settings\ale---xxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-13 06:48 . 2010-04-26 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-07 16:15 . 2010-07-07 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-07 15:21 . 2010-07-07 15:21 2568656 ----a-w- c:\documents and settings\ale---xxx\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-07-02 14:22 . 2010-07-02 00:52 -------- d-----w- c:\program files\nLite
2010-06-30 08:28 . 2010-04-26 17:17 -------- d-----w- c:\program files\Microsoft Works
2010-06-25 18:04 . 2010-06-25 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-06-25 15:34 . 2010-06-25 15:33 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\Vso
2010-06-25 15:33 . 2010-06-25 15:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-25 15:33 . 2010-06-25 15:33 47360 ----a-w- c:\documents and settings\ale---xxx\Application Data\pcouffin.sys
2010-06-25 15:33 . 2010-06-25 15:33 47360 ----a-w- c:\documents and settings\ale---xxx\Application Data\pcouffin.sys
2010-06-25 15:33 . 2010-06-25 15:33 -------- d-----w- c:\program files\VSO
2010-05-28 22:55 . 2010-05-28 22:55 503808 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18868e93-n\msvcp71.dll
2010-05-28 22:55 . 2010-05-28 22:55 61440 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4fa0f48e-n\decora-sse.dll
2010-05-28 22:55 . 2010-05-28 22:55 499712 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18868e93-n\jmc.dll
2010-05-28 22:55 . 2010-05-28 22:55 348160 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18868e93-n\msvcr71.dll
2010-05-28 22:55 . 2010-05-28 22:55 12800 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4fa0f48e-n\decora-d3d.dll
2010-05-20 07:46 . 2010-05-20 07:25 52224 ----a-w- c:\windows\ipuninst.exe
2004-10-01 12:00 . 2010-04-26 17:02 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE8"="advpack.dll" [2009-11-05 128512]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^raid_tool.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\raid_tool.exe.lnk
backup=c:\windows\pss\raid_tool.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-28 18:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-07-12 08:33 1581056 ----a-r- c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 08:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 14:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Strong Dc++ 2.02\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Tzopcast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Tzopcast\\Tzopcast.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Jocuri\\MONOPOLY\\Monopoly.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Programe\\kituri\\NRPG RatioMaster.exe"=
"d:\\Jocuri\\STEAM\\steamapps\\shade_alex\\counter-strike\\hl.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [4/26/2010 6:36 AM 75904]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ALE---~1\LOCALS~1\Temp\SVX2.tmp --> c:\docume~1\ALE---~1\LOCALS~1\Temp\SVX2.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/26/2010 7:58 PM 697328]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ale---xxx\Application Data\Mozilla\Firefox\Profiles\1iziyp5k.default\
FF - prefs.js: browser.startup.homepage - www.google.ro
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- Firefox POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Mkey.exe - c:\program files\MKey\Mkey.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 17:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ALE---~1\LOCALS~1\Temp\SVX2.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-16  17:24:34 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-16 14:24

Pre-Run: 6,254,882,816 bytes free
Post-Run: 6,289,113,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8617B1B6C59B5F54AE10CD6F6F0B0D36

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4436

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/16/2010 6:42:16 PM
mbam-log-2010-08-16 (18-42-16).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|)
Objects scanned: 198865
Time elapsed: 37 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\ale---xxx\msgvn.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-3071634982-0830670934-050293930-9477\nissan.exe.vir (Worm.Autorun. -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048697.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048698.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048715.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048716.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049947.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049941.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049942.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049943.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049948.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP96\A0046210.Exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP99\A0048564.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP99\A0048565.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Programe\kituri\BaDBoYv4.2\BaDBoYv4.2.exe (Trojan.Armin) -> Quarantined and deleted successfully.

Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 12:23:20 AM, on 8/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\v2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\iste10.exe
C:\Documents and Settings\Florynaaa\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccmiptyns] C:\WINDOWS\System32\ccmiptyns.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ccmiptyns] C:\Documents and Settings\Florynaaa\ccmiptyns.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{661491D6-829A-46D0-A3EB-C319312F5A82}: NameServer = 213.154.124.1 193.231.252.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7658 bytes

O4 - HKLM\..\Run: [ccmiptyns] C:\WINDOWS\System32\ccmiptyns.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ccmiptyns] C:\Documents and Settings\Florynaaa\ccmiptyns.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe

File::
C:\Documents and Settings\Florynaaa\LOCAL Settings\Temp\lsass.exe
C:\Documents and Settings\Florynaaa\LOCAL Settings\Temp\v2.exe
C:\Documents and Settings\Florynaaa\LOCAL Settings\Temp\iste10.exe
C:\Documents and Settings\Florynaaa\ccmiptyns.exe

ComboFix 10-08-16.04 - Florynaaa 08/17/2010  15:44:25.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.292 [GMT 3:00]
Running from: c:\documents and settings\Florynaaa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Florynaaa\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active


FILE ::
"c:\documents and settings\Florynaaa\ccmiptyns.exe"
"c:\documents and settings\Florynaaa\LOCAL Settings\Temp\iste10.exe"
"c:\documents and settings\Florynaaa\LOCAL Settings\Temp\lsass.exe"
"c:\documents and settings\Florynaaa\LOCAL Settings\Temp\v2.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
c:\documents and settings\Florynaaa\Application Data\chrtmp
c:\documents and settings\Florynaaa\ccmiptyns.exe
c:\documents and settings\Florynaaa\LOCAL Settings\Temp\iste10.exe
c:\documents and settings\Florynaaa\LOCAL Settings\Temp\lsass.exe
c:\documents and settings\Florynaaa\LOCAL Settings\Temp\v2.exe
c:\documents and settings\Florynaaa\msgvn.exe
c:\windows\system32\msssc.dll

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0009530.sys
.
(((((((((((((((((((((((((   Files Created from 2010-07-17 to 2010-08-17  )))))))))))))))))))))))))))))))
.

2010-08-16 10:29 . 2010-08-16 10:29 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\ESET
2010-08-16 10:29 . 2010-08-16 10:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-08-14 19:02 . 2010-08-15 16:27 33792 ----a-w- c:\windows\system32\ccmiptyns.exe
2010-08-13 15:20 . 2008-04-13 20:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-13 15:20 . 2001-08-17 09:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-08-13 15:20 . 2001-08-17 09:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2010-08-13 09:57 . 2010-08-16 16:12 10 ----a-w- c:\windows\popcinfo.dat
2010-08-13 09:57 . 2010-08-13 09:57 -------- d-----w- c:\program files\PopCap Games
2010-08-03 20:30 . 2008-04-13 20:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2010-08-03 20:30 . 2008-04-13 20:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2010-08-03 20:29 . 2008-04-13 20:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2010-08-03 20:29 . 2008-04-13 20:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2010-08-03 20:29 . 2008-04-14 01:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-08-03 20:29 . 2008-04-14 01:42 151552 ----a-w- c:\windows\system32\irftp.exe
2010-08-03 20:29 . 2008-04-14 01:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-03 20:29 . 2008-04-14 01:42 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-08-03 20:29 . 2008-04-14 01:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-08-03 20:29 . 2008-04-14 01:41 28160 ----a-w- c:\windows\system32\irmon.dll
2010-08-03 20:29 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\bthenum.sys
2010-08-03 20:29 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2010-08-03 20:29 . 2008-04-13 20:16 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys
2010-08-03 20:29 . 2008-04-13 20:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2010-08-03 20:28 . 2010-08-03 20:28 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\IsolatedStorage
2010-08-03 20:28 . 2010-08-03 20:28 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\HP
2010-08-03 20:28 . 2010-08-03 20:28 132 ----a-w- c:\documents and settings\Florynaaa\Local Settings\Application Data\fusioncache.dat
2010-08-03 20:27 . 2010-08-17 12:50 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\ApplicationHistory
2010-08-03 20:19 . 2010-08-03 20:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-03 20:19 . 2010-08-03 20:19 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\skypePM
2010-08-03 18:56 . 2010-08-03 18:56 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\Yahoo
2010-08-03 18:56 . 2010-08-03 18:56 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Yahoo!
2010-08-03 16:19 . 2008-04-13 20:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-08-03 16:19 . 2008-04-13 20:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-08-03 16:19 . 2008-04-13 20:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-08-03 16:19 . 2008-04-13 20:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-08-03 16:19 . 2008-04-13 20:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-08-03 16:19 . 2008-04-13 20:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-08-03 16:18 . 2008-04-13 20:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-08-03 16:18 . 2008-04-13 20:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-08-03 16:18 . 2008-04-13 20:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-03 16:18 . 2008-04-13 20:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-08-03 16:18 . 2008-04-13 20:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-08-03 16:18 . 2008-04-13 20:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-08-03 16:18 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-08-03 16:18 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-08-03 16:18 . 2008-04-14 01:42 53760 ----a-w- c:\windows\vfwwdm32.dll
2010-08-03 15:57 . 2010-08-03 15:57 -------- d-----w- c:\program files\Common Files\HP
2010-08-03 15:55 . 2010-08-03 15:55 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-03 15:55 . 2010-08-03 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-08-03 15:55 . 2004-05-11 07:53 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2010-08-03 15:55 . 2004-05-11 07:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-08-03 15:55 . 2004-05-11 07:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-08-03 15:55 . 2004-05-11 07:53 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-08-03 15:55 . 2004-05-11 07:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-08-03 15:55 . 2004-05-11 07:53 1230336 ----a-r- c:\windows\system32\MSXML4.dll
2010-08-03 15:54 . 2010-08-03 15:54 45056 ----a-r- c:\documents and settings\Florynaaa\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2010-08-03 15:53 . 2010-08-03 15:53 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-03 15:52 . 2010-08-03 15:52 -------- d-----w- c:\windows\system32\URTTEMP
2010-08-03 15:50 . 2004-06-21 20:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-08-03 15:50 . 2004-06-21 20:02 51088 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-08-03 15:50 . 2004-06-21 20:02 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-08-03 15:49 . 2008-04-13 20:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-03 15:49 . 2008-04-13 20:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-03 15:49 . 2008-04-13 20:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-03 15:49 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-03 15:49 . 2008-04-13 20:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-08-03 15:49 . 2008-04-13 20:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-08-03 15:48 . 2004-03-18 13:55 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-08-03 15:48 . 2004-03-18 13:39 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-08-03 15:48 . 2004-03-18 13:39 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-08-03 15:48 . 2004-03-18 13:38 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-08-03 15:48 . 2004-03-18 13:56 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-08-03 15:48 . 2004-03-18 13:53 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-08-03 15:47 . 2010-08-03 15:59 -------- d-----w- c:\program files\HP
2010-08-03 15:44 . 2010-08-03 16:04 104257 ----a-w- c:\windows\hpoins04.dat
2010-08-03 15:44 . 2004-06-21 20:02 17176 ------w- c:\windows\hpomdl04.dat
2010-08-03 15:32 . 2010-08-03 15:33 -------- d-----w- c:\program files\Java
2010-08-03 15:32 . 2010-08-03 15:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-03 15:30 . 2010-08-03 20:20 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Skype
2010-08-03 15:29 . 2010-08-03 15:29 -------- d-----w- c:\program files\Common Files\Skype
2010-08-03 15:29 . 2010-08-03 15:30 -------- d-----r- c:\program files\Skype
2010-08-03 15:29 . 2010-08-03 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-03 15:27 . 2010-08-03 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-03 15:27 . 2010-04-20 13:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-08-03 15:26 . 2010-08-03 15:27 -------- d-----w- c:\program files\Yahoo!
2010-08-03 15:25 . 2010-08-03 15:26 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Hamachi
2010-08-03 15:25 . 2010-08-03 15:25 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-08-03 15:25 . 2010-08-03 15:25 -------- d-----w- c:\program files\Hamachi
2010-08-03 15:22 . 2010-08-03 15:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-03 15:18 . 2010-08-03 15:18 -------- d-----w- c:\program files\StrongDC++
2010-08-03 15:16 . 2010-08-03 15:23 -------- d-----w- C:\Temp
2010-08-03 15:16 . 2010-08-03 15:16 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Syntrillium
2010-08-03 15:16 . 2001-10-19 11:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-08-03 15:16 . 2001-10-19 11:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-08-03 15:16 . 2001-10-19 11:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-08-03 15:16 . 2001-10-19 11:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-08-03 15:15 . 2010-08-03 15:17 -------- d-----w- c:\program files\coolpro2
2010-08-03 15:03 . 2001-08-17 12:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-08-03 15:03 . 2008-04-13 23:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-03 15:01 . 2010-08-03 16:00 -------- d-sh--w- c:\windows\Installer
2010-08-03 15:01 . 2008-04-14 11:00 61440 -c--a-w- c:\windows\system32\dllcache\spcplui.dll
2010-08-03 15:01 . 2008-04-14 11:00 77824 -c--a-w- c:\windows\system32\dllcache\spcommon.dll
2010-08-03 15:01 . 2008-04-14 11:00 774144 -c--a-w- c:\windows\system32\dllcache\spttseng.dll
2010-08-03 15:01 . 2008-04-14 11:00 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 19:57 . 2010-08-03 13:51 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\uTorrent
2010-08-05 15:32 . 2010-08-03 12:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-03 18:00 . 2010-08-03 13:39 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\BSplayer
2010-08-03 15:23 . 2010-08-03 13:30 68456 ----a-w- c:\documents and settings\Florynaaa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 15:21 . 2010-08-03 13:38 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-03 15:07 . 2010-08-03 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-03 14:59 . 2010-08-03 14:59 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\vlc
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\program files\Genius
2010-08-03 14:54 . 2010-08-03 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 14:53 . 2010-08-03 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 14:50 . 2010-08-03 14:46 -------- d-----w- c:\program files\Common Files\LightScribe
2010-08-03 14:45 . 2010-08-03 14:41 -------- d-----w- c:\program files\Ahead
2010-08-03 14:41 . 2010-08-03 14:41 -------- d-----w- c:\program files\Common Files\Ahead
2010-08-03 14:40 . 2010-08-03 14:40 -------- d-----w- c:\program files\CyberLink
2010-08-03 14:40 . 2010-08-03 14:40 -------- d-----w- c:\program files\CyberLink DVD Solution
2010-08-03 14:32 . 2010-08-03 14:32 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-03 14:08 . 2010-08-03 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-08-03 14:08 . 2010-08-03 14:08 -------- d-----w- c:\program files\MSBuild
2010-08-03 14:07 . 2010-08-03 14:07 -------- d-----w- c:\program files\Microsoft.NET
2010-08-03 14:06 . 2010-08-03 14:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-03 13:57 . 2010-08-03 13:56 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Winamp
2010-08-03 13:56 . 2010-08-03 13:56 -------- d-----w- c:\program files\Winamp
2010-08-03 13:55 . 2010-08-03 13:55 0 ----a-w- c:\windows\nsreg.dat
2010-08-03 13:54 . 2010-08-03 13:54 -------- d-----w- c:\program files\Switch Off
2010-08-03 13:53 . 2010-08-03 13:53 -------- d-----w- c:\program files\ESET
2010-08-03 13:53 . 2010-08-03 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\program files\uTorrent
2010-08-03 13:51 . 2010-08-03 13:51 -------- d-----w- c:\program files\WhereIsIt
2010-08-03 13:51 . 2010-08-03 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WhereIsIt
2010-08-03 13:42 . 2010-08-03 13:42 -------- d-----w- c:\program files\VideoLAN
2010-08-03 13:40 . 2010-08-03 13:40 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-03 13:39 . 2010-08-03 13:39 -------- d-----w- c:\program files\Webteh
2010-08-03 13:39 . 2010-08-03 13:39 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\BSplayer Pro
2010-08-03 13:36 . 2010-08-03 13:36 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-03 13:36 . 2010-08-03 13:36 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\DAEMON Tools
2010-08-03 13:30 . 2010-08-03 13:30 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\ATI
2010-08-03 13:28 . 2010-08-03 12:53 -------- d-----w- c:\program files\ATI Technologies
2010-08-03 13:12 . 2010-08-03 13:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-03 13:12 . 2010-08-03 13:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-03 13:07 . 2010-08-03 13:07 -------- d-----w- c:\program files\ASUS
2010-08-03 12:42 . 2010-08-03 12:42 -------- d-----w- c:\program files\Analog Devices
2010-08-03 12:34 . 2010-08-03 12:34 -------- d-----w- c:\program files\Intel
2010-08-03 12:25 . 2010-08-03 12:25 -------- d-----w- c:\program files\microsoft frontpage
2010-08-03 12:21 . 2010-08-03 12:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-03 12:20 . 2010-08-03 12:20 -------- d-----w- c:\program files\Windows Media Connect 2
2004-10-01 12:00 . 2010-08-03 14:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE8"="advpack.dll" [2009-11-05 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [8/3/2010 5:55 PM 276930]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/3/2010 4:36 PM 717296]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Florynaaa\Application Data\Mozilla\Firefox\Profiles\eyx5tynl.default\
FF - prefs.js: browser.startup.homepage - www.google.ro

---- Firefox POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-M1000Mnt - M1000Rmv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 15:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\rundll32.exe
c:\windows\WebCam\M1000\M1000Mnt.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-17  15:53:19 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-17 12:53

Pre-Run: 13,017,628,672 bytes free
Post-Run: 13,151,350,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 75BF038EC6A5D64ABBC12E67D93BECF5

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4439

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/17/2010 4:31:29 PM
mbam-log-2010-08-17 (16-31-29).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 185493
Time elapsed: 28 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Florynaaa\ccmiptyns.exe.vir (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Florynaaa\msgvn.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir (Rootkit.Patched) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010526.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010527.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010537.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010538.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011540.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011541.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011582.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011583.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015839.sys (Rootkit.Patched) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015840.sys (Rootkit.Patched) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015841.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015842.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015883.sys (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccmiptyns.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.