------- Supplementary Scan -------
.
uStart Page = google.com/
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {D6F8E87F-492C-45F4-B83E-0C1AA6076ACD} = 202.188.0.133,202.188.1.5
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 09:08:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\KONGFE~1.KON\LOCALS~1\Temp\lucene-8f1fcbf021dcd382c7e990dd6e7ba569-commit.lock 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(792)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
e:\storm code\Storm Codec\stormliv.exe
e:\nero 7\InCD\InCDsrv.exe
e:\storm code\Storm Codec\stMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
d:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-12-20 9:25:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-20 01:25:26
ComboFix2.txt 2008-12-19 18:11:07
Pre-Run: 2,605,367,296 bytes free
Post-Run: 2,596,540,416 bytes free
259 --- E O F --- 2008-07-23 14:31:47
.
uStart Page = google.com/
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {D6F8E87F-492C-45F4-B83E-0C1AA6076ACD} = 202.188.0.133,202.188.1.5
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 09:08:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\KONGFE~1.KON\LOCALS~1\Temp\lucene-8f1fcbf021dcd382c7e990dd6e7ba569-commit.lock 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(792)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
e:\storm code\Storm Codec\stormliv.exe
e:\nero 7\InCD\InCDsrv.exe
e:\storm code\Storm Codec\stMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
d:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-12-20 9:25:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-20 01:25:26
ComboFix2.txt 2008-12-19 18:11:07
Pre-Run: 2,605,367,296 bytes free
Post-Run: 2,596,540,416 bytes free
259 --- E O F --- 2008-07-23 14:31:47