Log-cbf-03-24-09
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Log-cbf-03-24-09 as PDF for free.
More details
- Words: 1,677
- Pages: 10
ComboFix 09-03-19.02 - HP_Owner 2009-03-24 1:55:16.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.194 [GMT -4:00] Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe AV: BitDefender Antivirus *On-access scanning disabled* (Updated) FW: BitDefender Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\HP_Owner\Application Data\ICROSO~1.NET c:\documents and settings\HP_Owner\Application Data\SKS~1 c:\program files\Common Files\asks~1 c:\program files\outlook c:\program files\pasystem c:\program files\pasystem\support.dat c:\program files\pasystem\Uninstall.exe c:\program files\wintouch c:\program files\wintouch\wintouch.cfg c:\program files\wintouch\WinTouch.exe c:\program files\wintouch\WTUninstaller.exe c:\temp\1cb c:\temp\1cb\syscheck.log c:\temp\tn3 c:\windows\icroso~1 c:\windows\mbols~1 c:\windows\rayiou.exe ----- BITS: Possible infected sites ----hxxp://82.98.235.205 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))) . 2100-02-23 14:35 . 2001-02-22 09:54 768 --a--c--c:\program files\x73_lut.dat 2100-02-08 16:03 . 2001-05-11 11:39 53,248 --a-----c:\program files\ACMonitor_X73.exe 2009-03-23 16:06 . 2009-03-23 16:06 d-------c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-03-23 15:30 . 2009-03-23 15:30 d-------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-03-23 15:29 . 2009-03-23 15:29 d-------c:\program files\SUPERAntiSpyware
2009-03-23 15:29 . 2009-03-23 15:29 d-------c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com 2009-03-23 15:24 . 2009-03-23 15:24 d-------c:\program files\Common Files\Wise Installation Wizard 2009-03-22 19:47 . 2009-03-22 19:47 d-------c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-03-22 16:19 . 2009-03-22 16:19 d-------c:\documents and settings\HP_Owner\Application Data\Malwarebytes 2009-03-22 15:09 . 2009-03-22 16:19 d-------c:\program files\Malwarebytes' Anti-Malware 2009-03-22 15:09 . 2009-03-22 15:09 d-------c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-22 15:09 . 2009-02-11 10:19 38,496 --a-----c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-22 15:09 . 2009-02-11 10:19 15,504 --a-----c:\windows\system32\drivers\mbam.sys 2009-03-22 13:18 . 2008-06-19 16:24 28,544 --a-----c:\windows\system32\drivers\pavboot.sys 2009-03-22 13:17 . 2009-03-22 13:17 d-------c:\program files\Panda Security 2009-03-22 11:46 . 2009-03-22 11:46 1,982 ---hs---c:\windows\system32\tenugizu.dll 2009-03-22 11:46 . 2009-03-22 11:46 1,982 ---hs---c:\windows\system32\sefewana.dll 2009-03-22 11:46 . 2009-03-22 11:50 1,982 --a-----c:\windows\system32\ronihuni.dll 2009-03-22 11:46 . 2009-03-22 11:50 1,982 --a-----c:\windows\system32\midogiru.dll 2009-03-22 11:46 . 2009-03-22 11:50 1,982 --a-----c:\windows\system32\gujayiwo.dll 2009-03-20 12:19 . 2009-03-20 12:19 d-------c:\program files\Prevx 2009-03-20 12:19 . 2009-03-24 00:09 d-------c:\documents and settings\All Users\Application Data\PrevxCSI 2009-03-20 12:19 . 2009-03-20 12:19 22,536 --a-----c:\windows\system32\drivers\pxscan.sys 2009-03-20 04:54 . 2009-03-20 04:54 1,982 ---hs---c:\windows\system32\bamukitu.dll 2009-03-20 04:54 . 2009-03-20 04:54 1,982 ---hs---c:\windows\system32\bamezafu.dll 2009-03-16 00:01 . 2009-03-16 00:02 d-------c:\windows\system32\Adobe 2009-03-14 15:01 . 2009-03-14 15:01 d-------c:\program files\MSXML 4.0 2009-03-14 12:54 . 2009-03-14 12:54 d-------c:\program files\Trend Micro 2009-03-14 10:49 . 2009-03-14 10:49 d-------c:\documents and settings\Administrator\Application Data\Bitdefender 2009-03-14 10:48 . 2005-07-16 02:30 d-------c:\documents and settings\Administrator\WINDOWS 2009-03-14 10:48 . 2005-07-16 02:55 d-------c:\documents and settings\Administrator\Application Data\Symantec 2009-03-14 10:48 . 2005-07-16 02:45 d-------c:\documents and settings\Administrator\Application Data\SampleView 2009-03-14 10:48 . 2005-07-16 02:51 d-------c:\documents and settings\Administrator\Application Data\InterMute 2009-03-14 10:48 . 2005-07-16 02:29 d-------c:\documents and settings\Administrator\Application Data\Apple Computer 2009-03-14 10:48 . 2009-03-23 14:37 d-------c:\documents and settings\Administrator 2009-03-14 10:02 . 2009-03-14 10:02 d-------c:\documents and settings\HP_Owner\Application Data\Uniblue
2009-03-14 10:00 . 2009-03-14 16:19 d--h-c--c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2009-03-14 03:36 . 2009-03-14 03:36 164 --a-----c:\windows\install.dat 2009-03-13 09:11 . 2009-03-23 23:13 121 --a-----c:\windows\bdagent.INI 2009-03-12 11:08 . 2009-03-24 02:09 81,984 --a-----c:\windows\system32\bdod.bin 2009-03-12 07:03 . 2009-03-12 07:03 850 --a-----c:\windows\system32\ProductTweaks.xml 2009-03-12 07:03 . 2009-03-12 07:03 385 --a-----c:\windows\system32\user_gensett.xml 2009-03-12 06:50 . 2009-03-12 06:50 d-------c:\windows\system32\logs 2009-03-12 06:50 . 2009-03-12 06:50 d-------c:\documents and settings\HP_Owner\Application Data\BitDefender 2009-03-12 06:50 . 2009-03-12 06:50 d-------C:\Binaries 2009-03-12 06:49 . 2009-03-12 06:50 d-------c:\program files\BitDefender 2009-03-12 06:49 . 2009-03-15 00:04 d-------c:\documents and settings\All Users\Application Data\BitDefender 2009-03-12 06:48 . 2009-03-12 06:50 d-------c:\program files\Common Files\BitDefender 2009-03-12 06:13 . 2009-03-12 06:13 d-------c:\windows\BDOSCAN8 2009-03-11 19:43 . 2009-03-11 19:44 d-------c:\windows\system32\drivers\UMDF 2009-03-07 02:19 . 2009-03-07 02:19 d-------c:\program files\Outsim 2009-03-06 19:22 . 2009-03-06 19:22 d-------c:\documents and settings\HP_Owner\Application Data\ESET 2009-03-06 18:59 . 2009-03-06 19:14 d-------c:\program files\Your Uninstaller 2008 2009-03-06 18:59 . 2009-03-06 18:59 d-------c:\documents and settings\HP_Owner\Application Data\URSoft 2009-03-03 02:19 . 2009-03-03 02:20 d-------c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-24 06:07 --------d-----w c:\program files\cFosSpeed 2009-03-24 03:15 7,344 -c--a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat 2009-03-22 18:45 --------d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-20 17:18 --------d-----w c:\documents and settings\HP_Owner\Application Data\Thinstall 2009-03-09 13:40 --------d-----w c:\documents and settings\HP_Owner\Application Data\AdobeUM 2009-03-07 06:20 --------d-----w c:\program files\Image-Line 2009-03-07 04:38 --------d-----w c:\program files\sims 2009-03-06 23:38 --------d-----w c:\program files\Google 2009-03-03 06:20 --------d-----w c:\program files\iTunes 2009-03-03 06:19 --------d-----w c:\program files\iPod 2009-03-03 06:19 --------d-----w c:\program files\Common Files\Apple 2009-03-02 04:59 --------d-----w c:\program files\QuickTime 2009-03-02 04:44 --------d-----w c:\program files\Bonjour 2009-02-24 23:23 --------d-----w c:\program files\Apple Software Update 2009-02-22 22:25 --------d-----w c:\program files\Quicken 2009-02-21 16:14 --------d--h--w c:\program files\InstallShield Installation Information 2009-02-21 16:13 --------d-----w c:\documents and settings\All
Users\Application Data\Intuit 2009-02-20 20:52 --------d-----w c:\program files\BearFlix 2009-02-13 19:51 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-13 19:51 --------d-----w c:\program files\Java 2009-02-10 17:02 787,672 ----a-w c:\windows\system32\drivers\cfosspeed.sys 2009-02-10 17:02 290,008 ----a-w c:\windows\system32\cfosspeed.dll 2009-02-09 11:46 57,344 ----a-w c:\windows\system32\tgacjcllz.exe 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-09 05:26 --------d-----w c:\documents and settings\HP_Owner\Application Data\Graboid Inc 2009-02-09 02:33 --------d-----w c:\program files\Common Files\Symantec Shared 2009-02-09 01:14 --------d-----w c:\program files\CCleaner 2009-02-07 12:06 --------d-----w c:\documents and settings\HP_Owner\Application Data\Hide IP NG 2009-02-06 03:13 --------d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-06 02:58 --------d-----w c:\documents and settings\All Users\Application Data\PCSettings 2009-02-04 00:59 --------d-----w c:\documents and settings\HP_Owner\Application Data\MozillaControl 2009-02-04 00:23 --------d-----w c:\documents and settings\HP_Owner\Application Data\DivX 2009-02-03 21:03 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys 2009-02-03 18:42 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=HewlettPackard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe 2009-02-03 18:42 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=HewlettPackard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe 2009-02-02 22:29 --------d-----w c:\documents and settings\HP_Owner\Application Data\Symantec 2009-02-02 19:43 --------d-----w c:\program files\Easy Internet signup 2009-02-02 02:35 --------d-----w c:\program files\DivX 2009-02-01 21:56 --------d-----w c:\program files\Common Files\xing shared 2009-02-01 21:55 --------d-----w c:\program files\Common Files\Real 2009-01-25 23:46 --------d-----w c:\documents and settings\All Users\Application Data\AOL 2009-01-17 02:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2008-10-24 00:40 291,255 ---ha-r c:\program files\Norton2009Reset.exe 2006-10-19 18:50 774,144 -c--a-w c:\program files\RngInterstitial.dll 2001-07-26 20:58 47 -c--a-w c:\program files\ACMonitor_X73.ini 2001-07-05 16:46 8,116 -c--a-w c:\program files\OSLO3071b2.USB 2001-05-08 20:36 114,688 -c--a-w c:\program files\lxarscan.dll 2001-04-23 18:22 1,437 -c--a-w c:\program files\gtx73.ini 2008-12-16 21:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll . ------- Sigcheck ------2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2008-08-14 05:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe 2008-08-14 17:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe 2008-08-14 06:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe 2004-08-04 00:00 2180992 ce218bc7088681faa06633e218596ca7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e c:\windows\$NtUninstallKB931784$\ntoskrnl.exe 2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe 2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe 2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 Cache\i386\ntoskrnl.exe 2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe 2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\system32\ntoskrnl.exe 2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\system32\dllcache\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 253,952 2004-10-15 03:54:32 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe ----a-w 253,952 2004-10-15 03:54:32 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
c:\windows\Driver
-c--a-w 3,305,472 2006-07-26 17:48:14 files\BearShare\bak\BearShare.exe -c--a-w 9,904,128 2005-07-15 12:50:28 files\BearShare\BearShare.exe
c:\program
-c--a-w 180,269 2005-07-16 06:19:08 Files\Real\Update_OB\bak\realsched.exe ----a-w 198,160 2009-02-01 21:55:18 Files\Real\Update_OB\realsched.exe
c:\program files\Common
-c--a-w 59,040 2006-04-13 20:20:52 Files\Symantec Shared\bak\ccApp.exe
c:\program files\Common
c:\program
c:\program files\Common
-c--a-w 163,576 2006-10-17 18:04:21 c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe ----a-w 245,760 2005-02-26 05:34:02 Boot Optimizer\bak\HPBootOp.exe ----a-w 245,760 2005-02-26 05:34:02 Boot Optimizer\HPBootOp.exe
c:\program files\Hewlett-Packard\HP
----a-w 229,952 2006-09-12 08:58:54 files\iTunes\bak\iTunesHelper.exe ----a-w 290,088 2009-01-06 18:06:36 files\iTunes\iTunesHelper.exe
c:\program
----a-w
c:\program
282,624 2006-09-01 22:57:48
c:\program files\Hewlett-Packard\HP
c:\program
files\QuickTime\bak\qttask.exe ----a-w 413,696 2009-01-05 21:18:48 files\QuickTime\QTTask.exe -c--a-w 4,621,816 2006-09-13 18:17:28 files\Yahoo!\Messenger\bak\YahooMessenger.exe ----a-w 4,670,704 2007-08-30 21:43:18 files\Yahoo!\Messenger\YahooMessenger.exe
c:\program c:\program c:\program
. ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~2.EXE" [2007-08-30 4670704] "SkinClockLite"="c:\program files\Clock Tray Skins Lite\ClockTraySkins.exe" [200601-14 335360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-13 136600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-0201 198160] "cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2009-02-10 876760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984] c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] M-Audio MobilePre Control Panel Launcher.lnk - c:\program files\M-Audio MobilePre\MPTask.exe [2004-03-04 61440] SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2009-03-13 73728] Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-07-16 45056] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecut eHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] e:\program files 2\MSN Messenger\msnmsgr.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pilokudito] c:\windows\system32\kiwasuge.dll [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorized Applications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"= "c:\\Program Files\\Prevx\\prevx.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-22 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-03-20 22536] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-03-20 4150840] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-02-03 104328] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx
REG_MULTI_SZ
scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2 \{5e9a6dc6-1fc0-11dd-bc7c-0011d8ee0256}] \shell\Setup\command - setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2 \{d4b15676-bd7d-11d9-b88c-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contents of the 'Scheduled Tasks' folder 2009-03-24 c:\windows\Tasks\A49B1A6E90708B1A.job - c:\docume~1\hp_owner\applic~1\funkbl~1\trust cake test.exe [] 2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-03-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [] . - - - - ORPHANS REMOVED - - - ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file) . ------- Supplementary Scan ------. uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavili on&pf=desktop uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/se arch/search.html uInternet Settings,ProxyOverride = hxxp://www.rapidshare.com;plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.lo cal uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: {96B88382-7DBD-429E-9BA8-1C286429DD51} = 205.152.37.23,205.152.150.23 FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\84a0kmrw.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll ---- FIREFOX POLICIES ---FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 02:04:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------[HKEY_USERS\S-1-5-21-2131075598-3171249966-12550735911009\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - > 'winlogon.exe'(1088) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes -----------------------. c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\cFosSpeed\spd.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\iPod\bin\iPodService.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe c:\program files\InterMute\SpySubtract\SpySub.exe
c:\hp\KBD\KBD.exe . ************************************************************************** . Completion time: 2009-03-24 2:17:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-24 06:17:02 Pre-Run: 50,131,456,000 bytes free Post-Run: 50,037,760,000 bytes free 334
--- E O F ---
2009-03-24 05:29:59
2009-03-23 15:29 . 2009-03-23 15:29
2009-03-14 10:00 . 2009-03-14 16:19
Users\Application Data\Intuit 2009-02-20 20:52 --------d-----w c:\program files\BearFlix 2009-02-13 19:51 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-13 19:51 --------d-----w c:\program files\Java 2009-02-10 17:02 787,672 ----a-w c:\windows\system32\drivers\cfosspeed.sys 2009-02-10 17:02 290,008 ----a-w c:\windows\system32\cfosspeed.dll 2009-02-09 11:46 57,344 ----a-w c:\windows\system32\tgacjcllz.exe 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-09 05:26 --------d-----w c:\documents and settings\HP_Owner\Application Data\Graboid Inc 2009-02-09 02:33 --------d-----w c:\program files\Common Files\Symantec Shared 2009-02-09 01:14 --------d-----w c:\program files\CCleaner 2009-02-07 12:06 --------d-----w c:\documents and settings\HP_Owner\Application Data\Hide IP NG 2009-02-06 03:13 --------d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-06 02:58 --------d-----w c:\documents and settings\All Users\Application Data\PCSettings 2009-02-04 00:59 --------d-----w c:\documents and settings\HP_Owner\Application Data\MozillaControl 2009-02-04 00:23 --------d-----w c:\documents and settings\HP_Owner\Application Data\DivX 2009-02-03 21:03 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys 2009-02-03 18:42 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=HewlettPackard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe 2009-02-03 18:42 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=HewlettPackard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe 2009-02-02 22:29 --------d-----w c:\documents and settings\HP_Owner\Application Data\Symantec 2009-02-02 19:43 --------d-----w c:\program files\Easy Internet signup 2009-02-02 02:35 --------d-----w c:\program files\DivX 2009-02-01 21:56 --------d-----w c:\program files\Common Files\xing shared 2009-02-01 21:55 --------d-----w c:\program files\Common Files\Real 2009-01-25 23:46 --------d-----w c:\documents and settings\All Users\Application Data\AOL 2009-01-17 02:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2008-10-24 00:40 291,255 ---ha-r c:\program files\Norton2009Reset.exe 2006-10-19 18:50 774,144 -c--a-w c:\program files\RngInterstitial.dll 2001-07-26 20:58 47 -c--a-w c:\program files\ACMonitor_X73.ini 2001-07-05 16:46 8,116 -c--a-w c:\program files\OSLO3071b2.USB 2001-05-08 20:36 114,688 -c--a-w c:\program files\lxarscan.dll 2001-04-23 18:22 1,437 -c--a-w c:\program files\gtx73.ini 2008-12-16 21:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll . ------- Sigcheck ------2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe 2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe 2008-08-14 05:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe 2008-08-14 17:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe 2008-08-14 06:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe 2004-08-04 00:00 2180992 ce218bc7088681faa06633e218596ca7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe 2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e c:\windows\$NtUninstallKB931784$\ntoskrnl.exe 2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe 2007-02-28 05:10 2180352 582a8dbaa58c3b1f176eb2817daee77c c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe 2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 Cache\i386\ntoskrnl.exe 2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe 2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\system32\ntoskrnl.exe 2008-08-14 06:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\system32\dllcache\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 253,952 2004-10-15 03:54:32 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe ----a-w 253,952 2004-10-15 03:54:32 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
c:\windows\Driver
-c--a-w 3,305,472 2006-07-26 17:48:14 files\BearShare\bak\BearShare.exe -c--a-w 9,904,128 2005-07-15 12:50:28 files\BearShare\BearShare.exe
c:\program
-c--a-w 180,269 2005-07-16 06:19:08 Files\Real\Update_OB\bak\realsched.exe ----a-w 198,160 2009-02-01 21:55:18 Files\Real\Update_OB\realsched.exe
c:\program files\Common
-c--a-w 59,040 2006-04-13 20:20:52 Files\Symantec Shared\bak\ccApp.exe
c:\program files\Common
c:\program
c:\program files\Common
-c--a-w 163,576 2006-10-17 18:04:21 c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe ----a-w 245,760 2005-02-26 05:34:02 Boot Optimizer\bak\HPBootOp.exe ----a-w 245,760 2005-02-26 05:34:02 Boot Optimizer\HPBootOp.exe
c:\program files\Hewlett-Packard\HP
----a-w 229,952 2006-09-12 08:58:54 files\iTunes\bak\iTunesHelper.exe ----a-w 290,088 2009-01-06 18:06:36 files\iTunes\iTunesHelper.exe
c:\program
----a-w
c:\program
282,624 2006-09-01 22:57:48
c:\program files\Hewlett-Packard\HP
c:\program
files\QuickTime\bak\qttask.exe ----a-w 413,696 2009-01-05 21:18:48 files\QuickTime\QTTask.exe -c--a-w 4,621,816 2006-09-13 18:17:28 files\Yahoo!\Messenger\bak\YahooMessenger.exe ----a-w 4,670,704 2007-08-30 21:43:18 files\Yahoo!\Messenger\YahooMessenger.exe
c:\program c:\program c:\program
. ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~2.EXE" [2007-08-30 4670704] "SkinClockLite"="c:\program files\Clock Tray Skins Lite\ClockTraySkins.exe" [200601-14 335360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-13 136600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-0201 198160] "cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2009-02-10 876760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984] c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] M-Audio MobilePre Control Panel Launcher.lnk - c:\program files\M-Audio MobilePre\MPTask.exe [2004-03-04 61440] SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2009-03-13 73728] Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-07-16 45056] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecut eHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] e:\program files 2\MSN Messenger\msnmsgr.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pilokudito] c:\windows\system32\kiwasuge.dll [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authorized Applications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"= "c:\\Program Files\\Prevx\\prevx.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-22 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-03-20 22536] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-03-20 4150840] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-02-03 104328] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx
REG_MULTI_SZ
scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2 \{5e9a6dc6-1fc0-11dd-bc7c-0011d8ee0256}] \shell\Setup\command - setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2 \{d4b15676-bd7d-11d9-b88c-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contents of the 'Scheduled Tasks' folder 2009-03-24 c:\windows\Tasks\A49B1A6E90708B1A.job - c:\docume~1\hp_owner\applic~1\funkbl~1\trust cake test.exe [] 2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] 2009-03-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [] . - - - - ORPHANS REMOVED - - - ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file) . ------- Supplementary Scan ------. uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavili on&pf=desktop uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/se arch/search.html uInternet Settings,ProxyOverride = hxxp://www.rapidshare.com;plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.lo cal uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html TCP: {96B88382-7DBD-429E-9BA8-1C286429DD51} = 205.152.37.23,205.152.150.23 FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\84a0kmrw.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll ---- FIREFOX POLICIES ---FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 02:04:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------[HKEY_USERS\S-1-5-21-2131075598-3171249966-12550735911009\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - > 'winlogon.exe'(1088) c:\program files\SUPERAntiSpyware\SASWINLO.dll . ------------------------ Other Running Processes -----------------------. c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\cFosSpeed\spd.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\iPod\bin\iPodService.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe c:\program files\InterMute\SpySubtract\SpySub.exe
c:\hp\KBD\KBD.exe . ************************************************************************** . Completion time: 2009-03-24 2:17:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-24 06:17:02 Pre-Run: 50,131,456,000 bytes free Post-Run: 50,037,760,000 bytes free 334
--- E O F ---
2009-03-24 05:29:59
