Jump to content

chafinc

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The IE browser seems to be working perfectly, as does the Mozilla Firefox browser after a re-install. Seems there was a problem that ComboFix corrected. Once Malwarebytes was installed I ran a quick scan and found rootkits and trojans still on the system, but they have been removed and a complete scan and cleanup has been performed. If I knew how to delete this thread I would, but do not see that option here.
  2. OK, so after running ComboFix and creating the log file, the software installed, updated, and ran successfully. I am in the process of performing the scan now and will report back when completed. I have not tried re-installing the Firefox browser and haven't attempted to access Malwarebytes from the IE browser, but I will update the information on that also when the scan is complete. Thanks.
  3. I am in the process of trying to clean up my son's computer. He had (has) the Spyware Guard 2008 infection that I thought was removed by SuperAntiSpyware. After performing that clean-up and subsequently cleaning the registry, I still am unable to even install Malwarebytes. The setup language screen appears, but as soon as I click OK for English, the next screen flashes and then the installation program terminates. I cannot run Mozilla Firefox, and Internet Explorer will not allow any access to sites that are related to Malwarebytes (the browser program simply terminates). I cannot even perform a Google search in IE for a malwarebyte link. Most spyware and scan utilities must be loaded from my laptop and transfered to the desktop machine, as sites for those entities seem to often be blocked by IE also. I have run ComboFix, after renaming Combo-Fix, and the log is below. Does anyone have an idea as to what the problem is and how I might go about fixing this situation? Thanks in advance for any help that you may be able to supply. ________________________________ ComboFix 10-02-20.03 - HP_Administrator 02/20/2010 19:18:18.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1470.1075 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe AV: AOL Antivirus *On-access scanning disabled* (Updated) {164FF91F-F5BD-4B74-A9DC-932CECB1603B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Protect\track.sys c:\documents and settings\All Users\Application Data\winlogon.exe c:\documents and settings\All Users\Application Data\xegyjepyr.vbs c:\documents and settings\All Users\Documents\ibabe.reg c:\documents and settings\HP_Administrator\Application Data\ihyhudunyt.reg c:\documents and settings\HP_Administrator\Cookies\efihakep.sys c:\documents and settings\HP_Administrator\Cookies\izel.com c:\documents and settings\HP_Administrator\Cookies\ozapygikyl.dat c:\documents and settings\HP_Administrator\Cookies\suveserik.inf c:\documents and settings\HP_Administrator\Cookies\syzacyzoly.dl c:\documents and settings\HP_Administrator\Cookies\tyje.lib c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\ebonyjabef.db c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\ejygecehyd.inf c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\ogojil._sy c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\xuzuryver.com c:\windows\behe.inf c:\windows\system32\0caa13c12318b8e396403d736961f840.exe c:\windows\system32\13c691be0411979e819b4178bc915773.exe c:\windows\system32\200921737.dll c:\windows\system32\200921739.dll c:\windows\system32\200921855.dll c:\windows\system32\200921856.dll c:\windows\system32\200922122.dll c:\windows\system32\200922123.dll c:\windows\system32\200922626.dll c:\windows\system32\29660f88ad256614931710de2125143a.exe c:\windows\system32\404Fix.exe c:\windows\system32\4601928509a7c2f1b8d256e0a6e57380.exe c:\windows\system32\4814c37fe1955531e805fc5c6354ac42.exe c:\windows\system32\4dfd400931122ff7e8f0cf4c1c1b3203.exe c:\windows\system32\5277a6147fb5540d57130aeeb3998e0b.exe c:\windows\system32\5ff2c33ba3c4ba7e1e247a8c4e7bdb85.exe c:\windows\system32\7b69689b95cb60e3854d07fa6138e7f9.exe c:\windows\system32\9283cd85b4d16f35d99182dc3c8cf861.exe c:\windows\system32\bfbdeecadacadea.dll c:\windows\system32\dllcache\figaro.sys c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\ihyqyjyf.bat c:\windows\system32\kdpini.dll c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\ps2.bat c:\windows\system32\SIntf16.dll c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\wow257_444.dll c:\windows\system32\WS2Fix.exe c:\windows\vowojefi.vbs D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SOFTYINFORWOW -------\Legacy_WOWSYSTEMCODE -------\Service_softyinforwow -------\Service_wowsystemcode ((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 ))))))))))))))))))))))))))))))) . 2010-02-21 00:00 . 2010-01-21 15:57 5115824 ----a-w- C:\123.exe.exe 2010-02-20 23:25 . 2010-02-20 23:25 -------- d-----w- c:\windows\system32\NtmsData 2010-02-20 22:59 . 2010-02-20 22:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2010-02-20 22:19 . 2010-02-20 22:19 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2010-02-20 21:41 . 2010-02-20 21:41 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert 2010-02-20 06:12 . 2010-02-20 21:57 -------- d-----w- c:\program files\Spyware Doctor 2010-02-20 06:12 . 2010-02-20 21:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-20 04:16 . 2010-02-20 04:16 1152 ----a-w- c:\windows\system32\windrv.sys 2010-02-20 04:11 . 2010-02-20 04:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GetRightToGo 2010-02-20 03:04 . 2010-02-20 03:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-02-20 03:03 . 2010-02-20 03:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-02-20 02:02 . 2010-02-20 02:02 207888 ----a-w- c:\windows\system32\c6013aed87273f753ef6b990406efb1a.exe 2010-02-20 02:02 . 2010-02-20 02:02 282640 ----a-w- c:\windows\system32\b28da8c42f0606500f3d3abf5b56e780.exe 2010-02-20 02:01 . 2010-02-20 02:01 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-20 21:31 . 2005-12-29 23:27 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-20 04:45 . 2010-02-20 04:45 116224 ------w- c:\windows\system32\a60c988bb1e1da20cebefa41ef0df03c.TMP 2010-02-20 04:37 . 2010-02-20 04:37 116224 ------w- c:\windows\system32\72ce0022f7371ddcc76aba00d0cb05e0.TMP 2010-02-20 04:34 . 2008-10-27 02:05 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-20 02:46 . 2005-09-28 11:08 -------- d-----w- c:\program files\Google 2009-12-24 18:40 . 2008-11-26 03:41 -------- d-----w- c:\program files\Warcraft III 2009-12-21 22:49 . 2009-12-21 22:45 573584 ----a-w- c:\program files\SparkPlayerInstall.exe 2009-12-20 18:09 . 2009-12-20 18:09 162320 ----a-w- c:\windows\E74C3BA29BCCD8BB8D65F179CA96C12.exe 2009-11-26 04:38 . 2009-11-26 04:38 24728496 ----a-w- c:\program files\The Lost Universe Client.rar 2009-11-22 04:35 . 2009-11-22 04:33 16672544 ----a-w- c:\program files\jre-6u17-windows-i586.exe 2009-11-22 04:32 . 2009-11-22 04:32 1257 ----a-w- c:\program files\1258864361048-integrated.jnlp 2009-11-21 03:42 . 2009-11-21 03:42 21065439 ----a-w- c:\program files\Fatal Nation v4 Beta-Client.rar 2009-11-15 03:55 . 2009-11-15 00:41 30582142 ----a-w- c:\program files\DragonScape Installer.exe 2009-11-14 23:45 . 2009-11-14 23:45 66031135 ----a-w- c:\program files\DragonScape v3.zip 2009-10-13 21:47 . 2009-10-13 21:47 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2009-09-20 16:44 . 2009-09-20 16:39 14680064 ----a-w- c:\program files\LostPkz_Client_Version_5.zip 2009-09-20 16:04 . 2009-09-20 16:04 22258314 ----a-w- c:\program files\SeasonScape_v1.rar 2009-09-19 20:09 . 2009-09-19 20:01 9585744 ----a-w- c:\program files\Grinderscape_Client_Of_Wrath.exe 2009-09-19 19:39 . 2009-09-19 19:39 27655859 ----a-w- c:\program files\Pk4Ever Client V3.rar 2009-09-19 17:20 . 2009-09-19 17:20 19395584 ----a-w- c:\program files\GHT Rs HackPack 6[1].1.rar 2009-09-18 22:52 . 2009-09-18 22:52 1374154 ----a-w- c:\program files\wrar390.exe 2009-09-16 03:31 . 2007-11-04 15:41 163 ----a-w- c:\program files\readme.txt 2009-09-16 03:31 . 2007-11-04 15:32 6062 ----a-w- c:\program files\Notice-Please Readme.htm 2009-09-16 03:31 . 2006-01-05 04:28 299008 ----a-w- c:\program files\autofighter.exe 2009-09-16 03:20 . 2009-09-16 03:20 4212344 ----a-w- c:\program files\rs2network_10484.exe 2009-09-16 02:43 . 2009-09-16 02:43 20036872 ----a-w- c:\program files\roguexbeta252.exe 2009-09-16 02:10 . 2009-09-16 02:10 20036536 ----a-w- c:\program files\roguex251beta.exe 2009-09-16 01:47 . 2009-09-16 01:47 25610147 ----a-w- c:\program files\ClientV4.rar 2009-09-16 01:27 . 2009-09-16 01:27 576695 ----a-w- c:\program files\WS_PVP.rar 2009-09-08 02:11 . 2009-09-08 02:09 714528 ----a-w- c:\program files\JavaSetup6u16.exe 2009-07-08 05:09 . 2009-07-08 05:09 704778 ----a-w- c:\program files\Out of the Shadows 2280.w3x 2009-07-05 19:53 . 2009-07-05 19:53 1781351 ----a-w- c:\program files\iEvonyClient.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}] 2009-03-20 21:55 249856 ----a-w- c:\program files\My.Freeze.com NetAssistant\NetAssistant.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-20 2012912] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408] "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768] "D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2006-11-16 1880064] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "ZboardTray"="c:\program files\Ideazon\Zboard Software\Driver\ZboardTray.exe" [2005-05-02 380928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-02-20 04:34 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard] 2003-09-03 12:14 49152 ----a-w- c:\windows\system32\Winlognotif.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk] backup=c:\windows\pss\APC UPS Status.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler] 2005-11-30 15:40 8808 ----a-w- c:\program files\Common Files\AOL\1180120668\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2005-11-03 03:01 50792 ----a-w- c:\program files\Common Files\AOL\1180120668\ee\aolsoftware.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\WINDOWS\\system32\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "67:UDP"= 67:UDP:DHCP Discovery Service R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 66632] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/15/2006 10:58 PM 472832] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 12872] S1 xreijetp;xreijetp;\??\c:\windows\system32\drivers\xreijetp.sys --> c:\windows\system32\drivers\xreijetp.sys [?] S1 zwiiqzdx;zwiiqzdx;\??\c:\windows\system32\drivers\zwiiqzdx.sys --> c:\windows\system32\drivers\zwiiqzdx.sys [?] S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\iMSPCLOj.sys [?] S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [8/17/2008 1:09 PM 29824] S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [8/17/2008 1:09 PM 41344] S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [8/17/2008 1:09 PM 39936] S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [8/17/2008 1:09 PM 59776] S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [8/16/2008 1:50 PM 101248] S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [8/16/2008 1:49 PM 73856] . Contents of the 'Scheduled Tasks' folder 2009-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 02:46] 2010-01-06 c:\windows\Tasks\World of Warcraft.job - c:\worldo~1\Launcher.exe [2006-10-03 23:14] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.pokerstars.net/ uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - hxxp://static.zangocash.com/cab/Zango/ie/bridge-c17.cab . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) Notify-eccdddedffdcbcccd - (no file) MSConfigStartUp-CTFMON - (no file) MSConfigStartUp-HPBootOp - c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu AddRemove-HP Document Viewer - c:\program files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe AddRemove-HP Game Console - c:\program files\WildTangent\Apps\hpuninstall.exe AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe AddRemove-HP Photo & Imaging - c:\program files\HP\Digital Imaging\uninstall\hpzscr01.exe AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\HP\Digital Imaging\eSupport\hpzscr01.exe AddRemove-Mall Tycoon - c:\program files\Take2 Interactive\Mall Tycoon\Uninst.isu AddRemove-{33D6CC28-9F75-4d1b-A11D-98895B3A3729} - c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe AddRemove-{5B79CFD1-6845-4158-9D7D-6BE89DF2C135} - c:\program files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe AddRemove-{C83A12B9-B31B-461A-BBD4-CE9B988094F1} - c:\program files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe AddRemove-{EB57A16E-500D-43d7-85B9-FBE279EBBA6E} - c:\program files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-20 19:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\3b5712655bbaca15f2f8db60e6a9c715.sys 39936 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\3b5712655bbaca15f2f8db60e6a9c715] "ImagePath"="system32\3b5712655bbaca15f2f8db60e6a9c715.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(664) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1888) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\AOL\1180120668\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\UAService7.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-02-20 19:29:11 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-21 00:29 Pre-Run: 149,098,143,744 bytes free Post-Run: 149,378,609,152 bytes free - - End Of File - - 39209211ECA21B60D08232342273ED3E
  4. I am in the process of trying to clean up my son's computer. He had (has) the Spyware Guard 2008 infection that I thought was removed by SuperAntiSpyware. After performing that clean-up and subsequently cleaning the registry, I still am unable to even install Malwarebytes. The setup language screen appears, but as soon as I click OK for English, the next screen flashes and then the installation program terminates. I cannot run Mozilla Firefox, and Internet Explorer will not allow any access to sites that are related to Malwarebytes (the browser program simply terminates). I cannot even perform a Google search in IE for a malwarebyte link. Most spyware and scan utilities must be loaded from my laptop and transfered to the desktop machine, as sites for those entities seem to often be blocked by IE also. I have run ComboFix, after renaming Combo-Fix, and the log is below. Does anyone have an idea as to what the problem is and how I might go about fixing this situation? Thanks in advance for any help that you may be able to supply. ________________________________ ComboFix 10-02-20.03 - HP_Administrator 02/20/2010 19:18:18.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1470.1075 [GMT -5:00] Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe AV: AOL Antivirus *On-access scanning disabled* (Updated) {164FF91F-F5BD-4B74-A9DC-932CECB1603B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Protect\track.sys c:\documents and settings\All Users\Application Data\winlogon.exe c:\documents and settings\All Users\Application Data\xegyjepyr.vbs c:\documents and settings\All Users\Documents\ibabe.reg c:\documents and settings\HP_Administrator\Application Data\ihyhudunyt.reg c:\documents and settings\HP_Administrator\Cookies\efihakep.sys c:\documents and settings\HP_Administrator\Cookies\izel.com c:\documents and settings\HP_Administrator\Cookies\ozapygikyl.dat c:\documents and settings\HP_Administrator\Cookies\suveserik.inf c:\documents and settings\HP_Administrator\Cookies\syzacyzoly.dl c:\documents and settings\HP_Administrator\Cookies\tyje.lib c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\ebonyjabef.db c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\ejygecehyd.inf c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\ogojil._sy c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\xuzuryver.com c:\windows\behe.inf c:\windows\system32\0caa13c12318b8e396403d736961f840.exe c:\windows\system32\13c691be0411979e819b4178bc915773.exe c:\windows\system32\200921737.dll c:\windows\system32\200921739.dll c:\windows\system32\200921855.dll c:\windows\system32\200921856.dll c:\windows\system32\200922122.dll c:\windows\system32\200922123.dll c:\windows\system32\200922626.dll c:\windows\system32\29660f88ad256614931710de2125143a.exe c:\windows\system32\404Fix.exe c:\windows\system32\4601928509a7c2f1b8d256e0a6e57380.exe c:\windows\system32\4814c37fe1955531e805fc5c6354ac42.exe c:\windows\system32\4dfd400931122ff7e8f0cf4c1c1b3203.exe c:\windows\system32\5277a6147fb5540d57130aeeb3998e0b.exe c:\windows\system32\5ff2c33ba3c4ba7e1e247a8c4e7bdb85.exe c:\windows\system32\7b69689b95cb60e3854d07fa6138e7f9.exe c:\windows\system32\9283cd85b4d16f35d99182dc3c8cf861.exe c:\windows\system32\bfbdeecadacadea.dll c:\windows\system32\dllcache\figaro.sys c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\ihyqyjyf.bat c:\windows\system32\kdpini.dll c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\ps2.bat c:\windows\system32\SIntf16.dll c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\wow257_444.dll c:\windows\system32\WS2Fix.exe c:\windows\vowojefi.vbs D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SOFTYINFORWOW -------\Legacy_WOWSYSTEMCODE -------\Service_softyinforwow -------\Service_wowsystemcode ((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 ))))))))))))))))))))))))))))))) . 2010-02-21 00:00 . 2010-01-21 15:57 5115824 ----a-w- C:\123.exe.exe 2010-02-20 23:25 . 2010-02-20 23:25 -------- d-----w- c:\windows\system32\NtmsData 2010-02-20 22:59 . 2010-02-20 22:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla 2010-02-20 22:19 . 2010-02-20 22:19 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2010-02-20 21:41 . 2010-02-20 21:41 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert 2010-02-20 06:12 . 2010-02-20 21:57 -------- d-----w- c:\program files\Spyware Doctor 2010-02-20 06:12 . 2010-02-20 21:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-20 04:16 . 2010-02-20 04:16 1152 ----a-w- c:\windows\system32\windrv.sys 2010-02-20 04:11 . 2010-02-20 04:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GetRightToGo 2010-02-20 03:04 . 2010-02-20 03:04 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-02-20 03:03 . 2010-02-20 03:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-02-20 02:02 . 2010-02-20 02:02 207888 ----a-w- c:\windows\system32\c6013aed87273f753ef6b990406efb1a.exe 2010-02-20 02:02 . 2010-02-20 02:02 282640 ----a-w- c:\windows\system32\b28da8c42f0606500f3d3abf5b56e780.exe 2010-02-20 02:01 . 2010-02-20 02:01 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-20 21:31 . 2005-12-29 23:27 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-20 04:45 . 2010-02-20 04:45 116224 ------w- c:\windows\system32\a60c988bb1e1da20cebefa41ef0df03c.TMP 2010-02-20 04:37 . 2010-02-20 04:37 116224 ------w- c:\windows\system32\72ce0022f7371ddcc76aba00d0cb05e0.TMP 2010-02-20 04:34 . 2008-10-27 02:05 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-20 02:46 . 2005-09-28 11:08 -------- d-----w- c:\program files\Google 2009-12-24 18:40 . 2008-11-26 03:41 -------- d-----w- c:\program files\Warcraft III 2009-12-21 22:49 . 2009-12-21 22:45 573584 ----a-w- c:\program files\SparkPlayerInstall.exe 2009-12-20 18:09 . 2009-12-20 18:09 162320 ----a-w- c:\windows\E74C3BA29BCCD8BB8D65F179CA96C12.exe 2009-11-26 04:38 . 2009-11-26 04:38 24728496 ----a-w- c:\program files\The Lost Universe Client.rar 2009-11-22 04:35 . 2009-11-22 04:33 16672544 ----a-w- c:\program files\jre-6u17-windows-i586.exe 2009-11-22 04:32 . 2009-11-22 04:32 1257 ----a-w- c:\program files\1258864361048-integrated.jnlp 2009-11-21 03:42 . 2009-11-21 03:42 21065439 ----a-w- c:\program files\Fatal Nation v4 Beta-Client.rar 2009-11-15 03:55 . 2009-11-15 00:41 30582142 ----a-w- c:\program files\DragonScape Installer.exe 2009-11-14 23:45 . 2009-11-14 23:45 66031135 ----a-w- c:\program files\DragonScape v3.zip 2009-10-13 21:47 . 2009-10-13 21:47 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2009-09-20 16:44 . 2009-09-20 16:39 14680064 ----a-w- c:\program files\LostPkz_Client_Version_5.zip 2009-09-20 16:04 . 2009-09-20 16:04 22258314 ----a-w- c:\program files\SeasonScape_v1.rar 2009-09-19 20:09 . 2009-09-19 20:01 9585744 ----a-w- c:\program files\Grinderscape_Client_Of_Wrath.exe 2009-09-19 19:39 . 2009-09-19 19:39 27655859 ----a-w- c:\program files\Pk4Ever Client V3.rar 2009-09-19 17:20 . 2009-09-19 17:20 19395584 ----a-w- c:\program files\GHT Rs HackPack 6[1].1.rar 2009-09-18 22:52 . 2009-09-18 22:52 1374154 ----a-w- c:\program files\wrar390.exe 2009-09-16 03:31 . 2007-11-04 15:41 163 ----a-w- c:\program files\readme.txt 2009-09-16 03:31 . 2007-11-04 15:32 6062 ----a-w- c:\program files\Notice-Please Readme.htm 2009-09-16 03:31 . 2006-01-05 04:28 299008 ----a-w- c:\program files\autofighter.exe 2009-09-16 03:20 . 2009-09-16 03:20 4212344 ----a-w- c:\program files\rs2network_10484.exe 2009-09-16 02:43 . 2009-09-16 02:43 20036872 ----a-w- c:\program files\roguexbeta252.exe 2009-09-16 02:10 . 2009-09-16 02:10 20036536 ----a-w- c:\program files\roguex251beta.exe 2009-09-16 01:47 . 2009-09-16 01:47 25610147 ----a-w- c:\program files\ClientV4.rar 2009-09-16 01:27 . 2009-09-16 01:27 576695 ----a-w- c:\program files\WS_PVP.rar 2009-09-08 02:11 . 2009-09-08 02:09 714528 ----a-w- c:\program files\JavaSetup6u16.exe 2009-07-08 05:09 . 2009-07-08 05:09 704778 ----a-w- c:\program files\Out of the Shadows 2280.w3x 2009-07-05 19:53 . 2009-07-05 19:53 1781351 ----a-w- c:\program files\iEvonyClient.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}] 2009-03-20 21:55 249856 ----a-w- c:\program files\My.Freeze.com NetAssistant\NetAssistant.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-20 2012912] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-08 39408] "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="sm56hlpr.exe" [2005-01-24 544768] "D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2006-11-16 1880064] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "ZboardTray"="c:\program files\Ideazon\Zboard Software\Driver\ZboardTray.exe" [2005-05-02 380928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-02-20 04:34 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard] 2003-09-03 12:14 49152 ----a-w- c:\windows\system32\Winlognotif.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk] backup=c:\windows\pss\APC UPS Status.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler] 2005-11-30 15:40 8808 ----a-w- c:\program files\Common Files\AOL\1180120668\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2005-11-03 03:01 50792 ----a-w- c:\program files\Common Files\AOL\1180120668\ee\aolsoftware.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\WINDOWS\\system32\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "67:UDP"= 67:UDP:DHCP Discovery Service R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 66632] R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [10/15/2006 10:58 PM 472832] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 12872] S1 xreijetp;xreijetp;\??\c:\windows\system32\drivers\xreijetp.sys --> c:\windows\system32\drivers\xreijetp.sys [?] S1 zwiiqzdx;zwiiqzdx;\??\c:\windows\system32\drivers\zwiiqzdx.sys --> c:\windows\system32\drivers\zwiiqzdx.sys [?] S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\iMSPCLOj.sys [?] S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [8/17/2008 1:09 PM 29824] S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [8/17/2008 1:09 PM 41344] S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [8/17/2008 1:09 PM 39936] S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [8/17/2008 1:09 PM 59776] S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [8/16/2008 1:50 PM 101248] S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [8/16/2008 1:49 PM 73856] . Contents of the 'Scheduled Tasks' folder 2009-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 02:46] 2010-01-06 c:\windows\Tasks\World of Warcraft.job - c:\worldo~1\Launcher.exe [2006-10-03 23:14] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.pokerstars.net/ uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - hxxp://static.zangocash.com/cab/Zango/ie/bridge-c17.cab . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) Notify-eccdddedffdcbcccd - (no file) MSConfigStartUp-CTFMON - (no file) MSConfigStartUp-HPBootOp - c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu AddRemove-HP Document Viewer - c:\program files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe AddRemove-HP Game Console - c:\program files\WildTangent\Apps\hpuninstall.exe AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe AddRemove-HP Photo & Imaging - c:\program files\HP\Digital Imaging\uninstall\hpzscr01.exe AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\HP\Digital Imaging\eSupport\hpzscr01.exe AddRemove-Mall Tycoon - c:\program files\Take2 Interactive\Mall Tycoon\Uninst.isu AddRemove-{33D6CC28-9F75-4d1b-A11D-98895B3A3729} - c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe AddRemove-{5B79CFD1-6845-4158-9D7D-6BE89DF2C135} - c:\program files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe AddRemove-{C83A12B9-B31B-461A-BBD4-CE9B988094F1} - c:\program files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe AddRemove-{EB57A16E-500D-43d7-85B9-FBE279EBBA6E} - c:\program files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-20 19:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\3b5712655bbaca15f2f8db60e6a9c715.sys 39936 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\3b5712655bbaca15f2f8db60e6a9c715] "ImagePath"="system32\3b5712655bbaca15f2f8db60e6a9c715.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(664) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1888) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\AOL\1180120668\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\windows\system32\UAService7.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-02-20 19:29:11 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-21 00:29 Pre-Run: 149,098,143,744 bytes free Post-Run: 149,378,609,152 bytes free - - End Of File - - 39209211ECA21B60D08232342273ED3E
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.