Thread: Problem with Deewoo
View Single Post
Old 12-06-2008, 12:25 PM   #5 (permalink)
inka_bala
Registered User
 
Join Date: Dec 2008
Posts: 13
OS: XP


Re: Problem with Deewoo
Completed the ComboFix scan and i am attaching the log.
Thanks
Bala


ComboFix 08-12-06.01 - HP_Administrator 2008-12-06 13:57:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.484 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\winlogon.exe
c:\documents and settings\Guest\Favorites\Online Security Test.url
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\Narmna\Application Data\gadcom
c:\documents and settings\Narmna\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Narmna\Start Menu\Programs\Startup\Deewoo.lnk
c:\program files\webhancer
c:\program files\webhancer\Programs\license.txt
c:\program files\webhancer\Programs\readme.txt
c:\program files\webhancer\Programs\sporder.dll
c:\program files\webhancer\Programs\webhdll.dll
c:\program files\webhancer\Programs\whagent.exe
c:\program files\webhancer\Programs\whagent.ini
c:\program files\webhancer\Programs\whinstaller.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\IE4 Error Log.txt
c:\windows\system32\~.exe
c:\windows\system32\binanuye.dll
c:\windows\system32\Cache
c:\windows\system32\gicnzi.dll
c:\windows\system32\gside.exe
c:\windows\system32\jlrmvvum.dll
c:\windows\system32\kcntnkdm.exe
c:\windows\system32\kdkkcy.dll
c:\windows\system32\ljJYRICu.dll
c:\windows\system32\marewugo.dll
c:\windows\system32\msnav32.ax
c:\windows\system32\ooqxfcww.ini
c:\windows\system32\pkygtajs.dll
c:\windows\system32\rreerrby.ini
c:\windows\system32\TDSSllvuuxbo.log
c:\windows\system32\TDSSmoqbavhk.dll
c:\windows\system32\TDSSmycibslx.dll
c:\windows\system32\TDSSqqabnbgi.dat
c:\windows\system32\tomatofi.dll
c:\windows\system32\uCIRYJjl.ini
c:\windows\system32\uCIRYJjl.ini2
c:\windows\system32\wedusoha.dll
c:\windows\system32\winpfz33.sys
c:\windows\system32\wwcfxqoo.dll
c:\windows\system32\ybrreerr.dll
c:\windows\system32\zxdnt3d.cfg
c:\windows\Tasks\qhsylxhi.job
D:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI
-------\Legacy_NPF
-------\Legacy_TDSSSERV.SYS
-------\Service_FCI
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-06 11:28 . 2008-12-06 11:28 250 --a------ c:\windows\gmer.ini
2008-12-06 00:13 . 2008-12-06 00:13 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 22:05 . 2008-12-04 22:05 232,960 --a------ c:\windows\system32\jssksdtb.exe
2008-12-03 14:29 . 2008-12-03 14:29 142,336 --a------ c:\windows\enayidadotibuxer.dll
2008-12-03 14:20 . 2008-12-03 14:20 64,859 --a------ c:\windows\system32\huqcrjqrfckhpzl.exe
2008-12-03 14:19 . 2008-12-03 14:19 153,427 --a------ c:\windows\system32\g83.exe
2008-12-03 13:51 . 2008-12-03 13:51 39,424 --a------ c:\windows\Igepubizebufisa.dll
2008-12-03 13:51 . 2008-12-03 13:51 39,424 --a------ C:\bflkwx.exe
2008-12-03 13:50 . 2008-12-03 13:50 40,448 --a------ C:\fjytg.exe
2008-12-03 13:35 . 2008-12-03 13:35 <DIR> d-------- c:\windows\system32\VC
2008-12-03 13:35 . 2008-12-03 13:35 <DIR> d-------- c:\windows\system32\uv9
2008-12-03 13:35 . 2008-12-03 13:35 <DIR> d-------- c:\windows\system32\ki3
2008-12-03 13:35 . 2008-12-03 13:35 <DIR> d-------- c:\windows\system32\dv
2008-12-03 13:35 . 2008-12-03 13:35 <DIR> d-------- c:\windows\system32\bin
2008-12-03 13:35 . 2008-12-03 13:35 <DIR> d-------- c:\temp\DIV55
2008-12-03 13:35 . 2008-12-03 13:50 47,598 --a------ c:\windows\system32\ttmdkzqjehfp.exe
2008-12-02 22:21 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-11-15 21:22 . 2008-07-26 10:25 627,864 --a------ c:\windows\system32\drivers\lvrs.sys
2008-11-15 21:22 . 2008-07-26 10:23 195,096 --a------ c:\windows\system32\lvci11801048.dll
2008-11-12 07:29 . 2008-10-24 06:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 07:26 . 2008-09-04 12:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 19:13 --------- d-----w c:\program files\CyberPower PowerPanel Personal Edition
2008-12-06 19:12 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-06 19:12 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2008-12-06 05:06 --------- d-----w c:\program files\HP Games
2008-12-06 05:05 --------- d-----w c:\program files\Java
2008-12-05 02:34 --------- d-----w c:\program files\NCH Swift Sound
2008-12-05 02:34 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2008-12-05 02:27 --------- d-----w c:\program files\Easy Internet signup
2008-12-05 02:26 --------- d-----w c:\program files\DNA
2008-12-05 02:11 --------- d-----w c:\program files\Samsung
2008-12-05 01:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 02:23 --------- d-----w c:\program files\Common Files\LogiShrd
2008-11-16 02:20 --------- d-----w c:\program files\Logitech
2008-11-16 02:20 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-11-13 21:39 --------- d-----w c:\program files\McAfee
2008-11-13 02:37 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-09 10:16 --------- d-----w c:\program files\DivX
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 14:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 22:30 --------- d-----w c:\documents and settings\Guest\Application Data\Teleca
2008-10-16 01:27 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Teleca
2008-10-13 02:09 --------- d-----w c:\documents and settings\Narmna\Application Data\Teleca
2008-10-13 02:07 --------- d-----w c:\program files\Common Files\Teleca Shared
2008-10-13 02:07 --------- d-----w c:\documents and settings\All Users\Application Data\Teleca
2008-10-13 02:07 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-10-13 02:06 --------- d-----w c:\program files\Sony Ericsson
2008-06-17 21:03 66,376 ----a-w c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2007-12-28 00:41 66,376 ----a-w c:\documents and settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-06-14 18:37 49,465 ----a-w c:\program files\moviepass Terms.html
2005-12-24 06:16 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-08-09 23:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080920080810\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2006-10-19 262144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\progra~1\common~1\instal~1\update~1\issch.exe" [2004-07-27 81920]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2008-07-04 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"sealmon"="c:\program files\SealedMedia\sealmon.exe" [2006-12-19 291984]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-04 185896]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Hkecinagogutages"="c:\windows\Igepubizebufisa.dll" [2008-12-03 39424]
"Cgucegifopaniy"="c:\windows\enayidadotibuxer.dll" [2008-12-03 142336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 c:\windows\sm56hlpr.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-07-31 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-09-28 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Deewoo.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 NEOFLTR_510_10673;Juniper Networks TDI Filter Driver (NEOFLTR_510_10673);\??\c:\windows\system32\Drivers\NEOFLTR_510_10673.SYS [2006-05-02 57063]
S1 z520mdmm;z520mdmm;c:\windows\system32\drivers\z520mdmm.sys []
S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\DRIVERS\P1001Vid.sys [2005-12-18 311684]
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

2008-12-06 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 20:49]

2007-09-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2008-04-13 19:12]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2008-12-02 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-11-28 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{06412a7f-0639-4fcf-9c62-9b318a1668bc} - c:\windows\system32\kdkkcy.dll
BHO-{0F885C29-0C27-49C1-9B0A-BC852E0B4B67} - c:\windows\system32\ljJYRICu.dll
BHO-{3316144A-1DC4-9F2D-B7B8-8D80548F27CB} - c:\windows\system32\vpxjbkvbijppsfs.dll
BHO-{50fff566-7e06-4b5e-a218-ed5b79c2268d} - c:\windows\system32\marewugo.dll
WebBrowser-{A057A204-BACC-4D26-9A9E-3AF287E2699B} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-PCDrProfiler - (no file)
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\PURen-us.dll - c:\windows\Downloaded Program Files\MsnPUpld.dll
O16 -: {7A7BA269-2D21-4B33-B60A-8510A1865D5F}
hxxp://public2.uploader.officelive.com/_layouts/1033/wh/ActiveX/MsnPUpld.cab
c:\windows\Downloaded Program Files\MsnPUpld.inf
FireFox -: Profile - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zl1u72e5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 14:15:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\windows\system32\snmp.exe
c:\windows\system32\dllhost.exe
c:\program files\Lexmark X6100 Series\lxbfbmon.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCMTR.EXE
c:\windows\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2008-12-06 14:19:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 19:19:26

Pre-Run: 129,838,059,520 bytes free
Post-Run: 152,021,291,008 bytes free

308 --- E O F --- 2008-11-13 02:40:28
Attached Files
File Type: txt ComboFixlog.txt (19.0 KB, 1 views)
Last edited by sUBs; 12-06-2008 at 12:29 PM.
inka_bala is offline