Thread: Well I think I got a Virus or two.
View Single Post
Old 06-26-2009, 08:37 PM   #3 (permalink)
Gatsu3
Registered User
 
Join Date: Jun 2009
Posts: 5
OS: windows xp


Re: Well I think I got a Virus or two.
Hi Clark. Thanks for the help my friend. Anyway I ran ComboFix and here are the results.

ComboFix 09-06-26.02 - Jason 06/26/2009 21:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1691 [GMT -4:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\sys
c:\program files\sys\sys.dll
c:\program files\sys\sys.sys
c:\windows\mstre19.exe
c:\windows\pp10.exe
c:\windows\system32\comrepl.exe
c:\windows\system32\ICON.ico
c:\windows\system32\Nx.exe
c:\windows\system32\uninstall.exe
c:\windows\system32\vmss

----- BITS: Possible infected sites -----

hxxp://download.esd.intuit.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Legacy_ZESOFT
-------\Service_sys
-------\Service_sysdrv


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-24 21:15 . 2009-06-24 21:15 2 ----a-w- c:\windows\010112010146118114.dat
2009-06-24 21:15 . 2009-06-24 21:15 2 ----a-w- c:\windows\0101120101465749.dat
2009-06-24 21:15 . 2009-06-24 21:15 1 ---h--w- c:\windows\jmmark2.dat
2009-06-05 11:50 . 2009-06-05 11:51 -------- d-----w- c:\program files\iTunes
2009-06-05 11:47 . 2009-06-05 11:48 -------- d-----w- c:\program files\QuickTime
2009-06-05 11:39 . 2009-06-05 11:39 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 02:08 . 2004-07-24 18:50 34638 ----a-w- c:\windows\system32\tablet.dat
2009-06-26 03:52 . 2005-12-17 15:12 -------- d-----w- c:\documents and settings\Jason\Application Data\uTorrent
2009-06-26 02:44 . 2009-04-03 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-25 06:33 . 2004-05-31 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 06:33 . 2007-05-06 05:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-25 05:25 . 2004-05-31 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-07 03:27 . 2007-07-12 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 11:51 . 2005-12-18 18:00 -------- d-----w- c:\program files\iPod
2009-06-05 11:50 . 2007-07-12 13:26 -------- d-----w- c:\program files\Common Files\Apple
2009-05-29 17:36 . 2009-03-13 04:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 17:36 . 2007-11-12 16:45 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 10:15 . 2004-05-13 05:36 -------- d-----w- c:\program files\Java
2009-05-28 10:14 . 2009-04-18 03:06 152576 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-15 20:32 . 2005-10-24 03:57 -------- d-----w- c:\program files\Google
2009-05-15 11:55 . 2008-03-24 14:34 -------- d-----w- c:\program files\Safari
2009-05-09 23:06 . 2006-06-02 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\documents and settings\Jason\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\program files\TweetDeck
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-05 03:03 . 2009-05-05 03:04 38208 ----a-w- c:\documents and settings\Jason\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-20 13:14 . 2004-05-17 20:09 105392 -c--a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 01:20 . 2009-04-05 01:20 625808 ----a-w- c:\documents and settings\All Users\SPL8B3.tmp
2004-12-01 01:05 . 2004-12-01 00:54 56 --sh--r- c:\windows\SYSTEM32\AB831A40EF.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"uTorrent"="c:\documents and settings\Jason\Desktop\SHORT CUTS\utorrent.exe" [2009-02-10 270128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-25 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-25 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-06-01 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-24 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2004-7-24 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-06-25 06:33 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk
backup=c:\windows\pss\Alias SketchBook Snapshot.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Jason\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\Jason\\Desktop\\downloaded stuff\\junk\\sysreset\\sysreset\\mirc.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdncoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnjswx.exe"=
"c:\\Documents and Settings\\Jason\\Desktop\\SHORT CUTS\\utorrent.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"8085:TCP"= 8085:TCP:sys

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 55024]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdnserv.exe [1/23/2009 8:16 PM 98984]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 3:41 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [4/7/2007 4:47 PM 106808]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S2 gupdate1c9b47866f1d12e;Google Update Service (gupdate1c9b47866f1d12e);c:\program files\Google\Update\GoogleUpdate.exe [4/3/2009 12:22 PM 133104]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 SaiH8000;SaiH8000;c:\windows\SYSTEM32\DRIVERS\SaiH8000.sys [1/14/2006 2:55 PM 56576]
S3 SaiHFF0C;SaiHFF0C;c:\windows\SYSTEM32\DRIVERS\SaiHFF0C.sys [1/14/2006 3:01 PM 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\SYSTEM32\DRIVERS\saiuFF0C.sys [1/14/2006 3:02 PM 19584]
S4 Tcddtubrigi;Tcddtubrigi; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-06-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-02 16:21]

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 16:22]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A1450971-8DAD-C128-C95C-CD57D58120A7} - c:\windows\System32\sopk.dll
BHO-{BFC14857-82C0-8E4D-CB7A-AAC86A8B29C5} - c:\windows\system32\pflwgjz.dll
HKCU-Run-µTorrent - c:\documents and settings\Jason\Desktop\utorrent.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-EPSON Stylus C88 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
HKLM-Run-q3Ef34V - defmeng.exe
HKLM-Explorer_Run-Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\%s - c:\program files\Video ActiveX Object\isamonitor.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: aintitcool.com\www
Trusted Zone: cinescape.com\www
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\default.mu9\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.earthlink.net/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\default.mu9\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 22:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-675346501-1902649665-3199300156-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\lxdncoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\progra~1\Allume\StuffIt\MXTask.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\SYSTEM32\Tablet.exe
c:\windows\SYSTEM32\UAService7.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\Allume\StuffIt\MXTask.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-27 22:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-27 02:31

Pre-Run: 11,316,764,672 bytes free
Post-Run: 11,710,468,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

291 --- E O F --- 2008-01-09 07:07
Gatsu3 is offline