ComboFix 09-07-31.02 - Jorge 08/02/2009 0:07.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2365 [GMT -4:00]
Running from: c:\documents and settings\Jorge\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jorge\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
file zipped: c:\windows\system32\drivers\aqr7ngji.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jorge\Application Data\Azureus
c:\documents and settings\Jorge\Application Data\Azureus\.certs
c:\documents and settings\Jorge\Application Data\Azureus\.keystore
c:\documents and settings\Jorge\Application Data\Azureus\.lock
c:\documents and settings\Jorge\Application Data\Azureus\active\0F87FCBC6C11DB6CCF933DD9F71C603A91104F6F.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\0F87FCBC6C11DB6CCF933DD9F71C603A91104F6F.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\2B6BECACCC1C91E726D50A987EB7B28D51848E9C.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\2B6BECACCC1C91E726D50A987EB7B28D51848E9C.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\3BBF9E5AAE5335BB90D5A76981234E8576EE3B92.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\3BBF9E5AAE5335BB90D5A76981234E8576EE3B92.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\65F3D2913EE0336142E650EAC86D1FDE4EB54EA6.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\65F3D2913EE0336142E650EAC86D1FDE4EB54EA6.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\83D7B4C976CD523A2FB4D86FA921BA88299CFCCC.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\83D7B4C976CD523A2FB4D86FA921BA88299CFCCC.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\B18FA81D74FFF8A0815AB312FDEA4A4BABA33C3A.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\BB71BD84B1A22BDF4960483DAED04D76E8AB016B.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\BB71BD84B1A22BDF4960483DAED04D76E8AB016B.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\cache.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\D4B65E3C70D988512A118C9D40DC8E7A1BB47BDD.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\D4B65E3C70D988512A118C9D40DC8E7A1BB47BDD.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\azureus.config
c:\documents and settings\Jorge\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Jorge\Application Data\Azureus\azureus.statistics
c:\documents and settings\Jorge\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Jorge\Application Data\Azureus\banips.config
c:\documents and settings\Jorge\Application Data\Azureus\banips.config.bak
c:\documents and settings\Jorge\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\block.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\general.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\version.dat
c:\documents and settings\Jorge\Application Data\Azureus\downloads.config
c:\documents and settings\Jorge\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Jorge\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50593.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50594.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50595.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50596.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50597.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50598.tmp
c:\documents and settings\Jorge\Application Data\Azureus\torrents\AZU20239.tmp
c:\documents and settings\Jorge\Application Data\Azureus\torrents\AZU6640.tmp
c:\documents and settings\Jorge\Application Data\Azureus\torrents\Chris_Rock___Kill_The_Messenger___HBO_Special.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\Darkwing_Duck__All_Seasons__1_2_amp_3__Complete.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\DivxITAMenInBlack.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\Music_Bob_Marley___The_Very_Best_Of_legend.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\Radiohead___IN_RAINBOWS__FULL_.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\TheBrownBunnyUNRATEDLiMiTEDDVDRiPXViDHLS.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\True_Blood_S02E01_HDTV_XviD_NoTV.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\True_Blood_S02E02_HDTV_XviD_NoTV__saimex_com_.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\True_Blood_S02E03_HDTV_XviD_NoTV__.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\VA_Forgetting_Sarah_Marshall_OST__2008___Mp3_.torrent
c:\documents and settings\Jorge\Application Data\Azureus\tracker.config
c:\documents and settings\Jorge\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Jorge\Application Data\Azureus\update.log
c:\documents and settings\Jorge\Application Data\Azureus\update.properties
c:\program files\Azureus
c:\program files\Azureus\plugins\azplugins\azplugins_2.1.1.jar
c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar
c:\program files\Azureus\plugins\azupdater\plugin.properties
c:\program files\Azureus\plugins\azupdater\Updater.jar
c:\program files\Azureus\Uninstall.exe
H:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_aqr7ngji
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-08-02 03:57 . 2009-08-02 04:16 -------- d-----w- c:\windows\system32\wbem\Logs
2009-08-02 03:47 . 2009-08-02 03:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-02 03:46 . 2009-08-02 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-02 03:46 . 2009-08-02 03:46 152576 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-28 04:19 . 2009-07-28 04:19 -------- d-----w- C:\rsit
2009-07-22 13:44 . 2009-07-22 13:44 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-21 03:12 . 2009-07-21 03:12 -------- d-----w- c:\documents and settings\Jorge\dwhelper
2009-07-17 17:01 . 2009-07-17 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 07:02 . 2009-07-15 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-12 15:40 . 2009-07-12 15:42 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-07-12 15:40 . 2009-07-12 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-07-12 15:31 . 2009-07-12 15:47 -------- d-----w- c:\documents and settings\Jorge\Application Data\DAEMON Tools Pro
2009-07-12 14:38 . 2009-07-12 14:38 -------- d-----w- c:\program files\PowerISO
2009-07-11 18:06 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-10 23:16 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-10 22:39 . 2009-07-10 22:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 22:39 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-10 22:38 . 2009-07-10 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-10 22:38 . 2009-07-10 22:38 -------- d-----w- c:\program files\Lavasoft
2009-07-09 23:07 . 2009-08-01 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-09 02:32 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2009-07-09 01:33 . 2009-07-09 01:33 87264 ----a-w- c:\documents and settings\Jorge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 01:32 . 2009-07-09 01:32 -------- d-----w- c:\documents and settings\Jorge\Local Settings\Application Data\Identities
2009-07-09 01:32 . 2009-07-09 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-09 01:15 . 2009-07-09 01:15 -------- d-----w- c:\documents and settings\Jorge\Application Data\Malwarebytes
2009-07-09 01:14 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 01:14 . 2009-07-09 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 01:14 . 2009-07-09 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 01:14 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 17:31 . 2009-07-08 17:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-08 17:30 . 2009-07-09 01:22 -------- d-----w- c:\documents and settings\Jorge\Application Data\Messenger
2009-07-05 19:04 . 2009-07-05 19:04 -------- d-----w- c:\documents and settings\Dad\Application Data\Windows Desktop Search
2009-07-05 19:03 . 2009-07-05 19:03 -------- d-sh--w- c:\documents and settings\Dad\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 04:18 . 2007-02-18 05:19 -------- d-----w- c:\documents and settings\Jorge\Application Data\stickies
2009-08-02 04:17 . 2009-03-20 16:05 117760 ----a-w- c:\documents and settings\Jorge\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-02 03:46 . 2005-03-03 05:39 -------- d-----w- c:\program files\Java
2009-08-02 03:41 . 2008-09-14 22:07 -------- d-----w- c:\program files\CCleaner
2009-08-02 01:58 . 2009-07-01 17:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-01 23:33 . 2005-09-19 02:05 -------- d-----w- c:\program files\WinTV
2009-08-01 00:08 . 2009-06-19 17:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 11:42 . 2008-12-19 03:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-22 13:49 . 2006-11-14 20:20 -------- d-----w- c:\program files\iTunes
2009-07-22 13:48 . 2005-09-15 16:50 -------- d-----w- c:\program files\iPod
2009-07-22 13:48 . 2007-10-27 22:33 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 15:31 . 2006-02-27 04:30 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-12 01:41 . 2005-03-03 01:59 -------- d-----w- c:\program files\Google
2009-07-12 01:39 . 2005-03-03 01:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-12 01:37 . 2009-06-19 17:13 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-09 16:17 . 2009-06-19 19:02 -------- d-----w- c:\program files\Symantec
2009-07-09 16:17 . 2009-06-19 19:03 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-09 16:17 . 2009-06-19 19:03 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-09 16:17 . 2007-03-30 16:26 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-09 16:17 . 2007-03-30 16:26 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-09 00:09 . 2005-03-02 13:40 -------- d-----w- c:\program files\Temp
2009-07-03 17:09 . 2004-12-07 21:37 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 17:59 . 2005-03-03 06:26 -------- d-----w- c:\documents and settings\Jorge\Application Data\Aim
2009-07-01 17:30 . 2009-07-01 17:30 -------- d-----w- c:\documents and settings\Jorge\Application Data\Thunderbird
2009-06-24 20:09 . 2009-06-24 20:09 127872 ----a-w- c:\documents and settings\Jorge\Application Data\Move Networks\uninstall.exe
2009-06-24 20:09 . 2007-03-28 17:25 -------- d--h--w- c:\documents and settings\Jorge\Application Data\Move Networks
2009-06-24 20:09 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Jorge\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-24 20:09 . 2009-06-24 20:09 1686272 ----a-w- c:\documents and settings\Jorge\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-06-20 04:07 . 2006-11-14 20:19 -------- d-----w- c:\program files\QuickTime
2009-06-20 02:56 . 2007-08-24 16:46 -------- d-----w- c:\program files\AIM6
2009-06-20 02:27 . 2006-09-14 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-20 02:26 . 2005-10-19 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-19 19:05 . 2009-06-19 19:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-19 19:05 . 2009-06-19 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 18:58 . 2008-06-02 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-19 17:50 . 2009-06-19 17:50 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-19 17:50 . 2009-06-19 17:14 -------- d-----w- c:\program files\Microsoft
2009-06-19 17:14 . 2009-06-19 17:14 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-19 16:03 . 2008-06-12 05:08 -------- d-----w- c:\program files\Microsoft Works
2009-06-16 14:36 . 2003-07-16 20:47 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2003-07-16 20:28 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Jorge\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-05 15:42 . 2009-04-15 13:23 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2007-10-27 22:33 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2005-03-02 21:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 05:36 . 2009-06-20 02:26 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-20 02:26 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-20 02:26 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-20 02:26 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-20 02:26 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-20 02:26 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-20 02:26 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-20 02:26 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-12 19:12 . 2005-03-02 22:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2003-07-16 20:32 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-17 16:01 . 2009-07-12 14:38 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-01_00.35.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-02 04:15 . 2009-08-02 04:15 16384 c:\windows\TEMP\Perflib_Perfdata_444.dat
+ 2009-08-02 03:47 . 2009-08-02 03:46 148888 c:\windows\system32\javaws.exe
+ 2009-08-02 03:47 . 2009-08-02 03:46 144792 c:\windows\system32\javaw.exe
+ 2009-08-02 03:47 . 2009-08-02 03:46 144792 c:\windows\system32\java.exe
+ 2009-08-02 03:46 . 2009-08-02 03:46 536576 c:\windows\Installer\5d7ff2f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-29 1830128]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-02-26 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-02 148888]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]
c:\documents and settings\Jorge\Start Menu\Programs\Startup\
Citrus Alarm Clock.lnk - c:\program files\Citrus Alarm Clock\Citrus Alarm Clock.exe [2008-10-7 326656]
Stickies.lnk - c:\program files\stickies\stickies.exe [2007-1-22 700416]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-09 12:37 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mtg17\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\rc6987\\day of defeat\\hl.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129682049\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129682049\\ee\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\gokutrunks86\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\oddworld abes oddysee demo\\AbeDemo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\buccaneer demo\\Buccaneer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\battlestations pacific - demo\\bspdemo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:froxen throne
"6112:UDP"= 6112:UDP:froxen throne
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/10/2009 07:16 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 03:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 03:07 PM 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/16/2008 01:46 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 03:07 PM 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S2 MicrosoftCorporationsr;Microsoftkeysd;"c:\windows\System32\systemwin32s.exe" -netsvcs --> c:\windows\System32\systemwin32s.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2/26/2009 09:02 AM 23888]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [2/27/2008 11:09 PM 815104]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/13/2006 12:51 AM 41088]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrv10910
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-08-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-16 06:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {11AD0565-448A-4FCA-88A9-3912D0E5BD0F} = 192.168.1.1
DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} -
hxxps://register.resnet.stonybrook.edu/CAT/CNICAT.cabDPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} -
hxxp://pdc.resnet.stonybrook.edu/webinst.cabFF - ProfilePath - c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\wo1s66px.default\
FF - prefs.js: browser.startup.homepage -
www.igoogle.comFF - plugin: c:\documents and settings\Jorge\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-02 00:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-299502267-436374069-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:39,75,f0,48,7b,01,2a,f4,8a,16,ba,0d,2d,dc,46,2f,f3,ce,88,a5,39,82,d2,
e8,cc,15,43,c2,30,05,ea,d4,a7,17,cb,6b,b8,c4,7b,3a,d8,e0,f4,33,ec,29,06,dd,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
[HKEY_USERS\S-1-5-21-299502267-436374069-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:55,84,17,28,7d,08,68,45,c6,75,91,a8,23,ac,a8,7f,2c,bc,5c,40,77,
5f,f4,62,e4,60,86,c8,cf,b2,f8,fc,59,b7,d1,62,24,d6,8d,e4,cc,cf,76,76,bb,23,\
"rkeysecu"=hex:b7,6a,cc,a8,bf,69,cc,ec,64,61,71,99,c7,40,fd,bb
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{80ae9b22-8b20-11d9-a214-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\??\\Volume{80ae9b23-8b20-11d9-a214-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,53,00,41,00,4d,00,\
"\\??\\Volume{80ae9b24-8b20-11d9-a214-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\D:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,53,00,41,00,4d,00,53,00,55,00,4e,00,47,00,5f,00,43,\
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,43,00,5f,00,44,00,56,00,44,00,2b,\
"\\??\\Volume{80ae9b26-8b20-11d9-a214-806d6172696f}"=hex:4a,b1,4a,b1,00,7e,00,
00,00,00,00,00
"\\DosDevices\\C:"=hex:4a,b1,4a,b1,00,7e,00,00,00,00,00,00
"\\??\\Volume{5c77b07d-90e8-11d9-8475-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{669c2486-9fc6-11d9-847c-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{bd1c94cd-36dc-11da-853f-00111128372c}"=hex:d0,96,7f,14,00,7e,00,
00,00,00,00,00
"\\??\\Volume{089fd790-4bc3-11da-86f9-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{b9767c2a-4bf7-11da-86fd-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{c7fbee00-4bf8-11da-86fe-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{35301dba-4c01-11da-86ff-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\H:"=hex:46,c6,6a,5b,00,7e,00,00,00,00,00,00
"\\??\\Volume{35301dbb-4c01-11da-86ff-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\I:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{55f52dc4-4c04-11da-8702-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{55f52dc5-4c04-11da-8702-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{69ed86a1-65df-11da-8710-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{5d866ea2-8d24-11da-8732-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{bc5e6138-91d2-11da-8735-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{72897b9a-a64d-11da-8743-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{99315a2e-a6fc-11da-8745-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{250cf2ba-a74a-11da-8747-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{441248aa-fb02-11da-8777-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{8fc4a277-58e6-11db-87a7-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4c5e2db0-5c93-11db-87a8-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2f428340-684e-11db-87ab-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e3e5317f-7dea-11db-87b3-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e3e53194-7dea-11db-87b3-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ead2ea85-8971-11db-87b7-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ca0bdeb4-ab40-11db-87bf-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a41101e3-b231-11db-87c0-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4d1f899c-b8e2-11db-87cb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,55,00,53,00,42,00,53,00,54,00,4f,00,52,00,23,00,43,00,64,00,52,00,6f,00,\
"\\??\\Volume{4d1f899d-b8e2-11db-87cb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a9a25c73-bf0f-11db-87ce-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{84feedfe-d2c6-11db-87d0-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{f7a65ca4-f69d-11db-87db-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{08f1e270-896e-11dc-883e-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{968bba06-9171-11dc-8843-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4328a59a-10b6-11dd-88d1-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4affc534-1e55-11dd-9380-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\??\\Volume{ed47b9ba-26ba-11dd-9389-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{910ab220-27a4-11dd-938a-00111128372c}"=hex:88,55,53,02,00,7e,00,
00,00,00,00,00
"\\??\\Volume{910ab221-27a4-11dd-938a-00111128372c}"=hex:09,88,15,7c,00,7e,00,
00,00,00,00,00
"\\??\\Volume{e97a2d72-51bd-11dd-93a4-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ee89526f-628a-11dd-93a8-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{9a032f87-6876-11dd-93ab-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{06706a5e-7cf6-11dd-93b7-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6f6beb99-7f3a-11dd-93b8-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6f6beb9e-7f3a-11dd-93b8-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ab7fc37d-8e3f-11dd-93bf-00111128372c}"=hex:8a,79,9c,8f,00,7e,00,
00,00,00,00,00
"\\??\\Volume{5781dd91-b0db-11dd-93cf-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{17590a8f-eaac-11dd-93de-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{bfd64600-fea6-11dd-a595-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e76ed83a-0485-11de-a597-00111128372c}"=hex:46,c6,6a,5b,00,7e,00,
00,00,00,00,00
"\\??\\Volume{e76ed83b-0485-11de-a597-00111128372c}"=hex:4c,0f,85,28,00,7e,00,
00,00,00,00,00
"\\??\\Volume{55ff2871-1631-11de-a5ac-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{55ff296c-1631-11de-a5ac-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a520cb31-2a9f-11de-a5b9-00111128372c}"=hex:22,9b,dd,ac,00,7e,00,
00,00,00,00,00
"\\??\\Volume{a476a798-6efa-11de-a5eb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{a476a799-6efa-11de-a5eb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{a476a79a-6efa-11de-a5eb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,45,00,44,00,53,\
"\\??\\Volume{334efa17-75a4-11de-a5ed-00111128372c}"=hex:7c,ea,3e,52,00,7e,00,
00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\WINSPOOL.DRV
- - - - - - - > 'explorer.exe'(1608)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-02 0:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 04:24
ComboFix2.txt 2009-08-01 00:45
Pre-Run: 112,575,979,520 bytes free
Post-Run: 112,498,106,368 bytes free
Current=5 Default=5 Failed=2 LastKnownGood=1 Sets=1,2,3,4,5
543 --- E O F --- 2009-07-31 12:19