Page 6 of 9 FirstFirst ... 23456789 LastLast
Results 51 to 60 of 88

Thread: PWS:win32/zbot.gen!AC after downloading Free File Opener

  1. #51
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Hi JonTom,

    file extension box was already unticked.

    renamed ComboFix,and it warned me about changing the file extension from .exe to .com (may make it unstable it said). followed instructions.

    It ran until the bit before the dashes start coming across the screen below the writing about it scanning. The hard drive light stopped flashing, but then the screen went into screen saver (forgot to disable before hand) so I couldn't see what was happening, just that the hard drive light wasn't flashing. After 10 mins or so the laptop tried to standby, however it got stuck. The mouse arrow still moved but nothing happened. I shut it down with the power button.

    thanks JonTom,

    sarah

  2. #52
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    If you use this machine for any financial transactions, and if you have not already done so, please use an uninfected machine to change all of your passwords.

    In the meantime I am conferring with others about your system issues. I'll get back to you as soon as I can.
    Proud Graduate of the WTT Classroom

  3. #53
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Lets try this:

    Delete the copy of Combofix on your desktop as you did before and download a new copy to your desktop.

    Once Combofix is on your desktop, disable all of you security (and you screensaver).


    • Click on your START button and then on RUN.
    • A run box will open.
    • Copy and paste the following command into the run box:


    Combofix /nombr


    • Click on OK.
    • Allow Combofix to run unhindered.
    • If Combofix completes its run, please post the log in your next reply.
    Proud Graduate of the WTT Classroom

  4. #54
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Says it cannot find that file, or something to that effect.

  5. #55
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Keep meaning to say: Avira says it is out of date and my computer is at risk: do you remember I told you it wouldn't update due to some of the programs I have on here? so am wondering whether to do something about this now, so I dont get more malware on here, what do you think?

    thanks

  6. #56
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    I wonder if there is some antimalware on here that I am not disabling? In the tray is Zone Alarm and Avira. I have checked that spybot is not on. Could there be a MS prog or something else that I haven't not allowed to show in tray, that is running, and therefore stopping ComboFix?

  7. #57
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    or something to that effect
    Please post the exact message.

    Could there be a MS prog or something else that I haven't not allowed to show in tray, that is running, and therefore stopping ComboFix?
    I do not believe so since Combofix also crashes when in safe mode (all non essential processes are disabled in safe mode).

    Please provide a screenshot of the opened Documents and Settings tree opened from WinDirStat.

    Remove your outdated Avira then download and install one of the following:

    1. Security programs


      • I have provided links to two trusted programs (just choose one).





      Once you have installed the program open it, update it and perform a full system scan.

      If anything is detected let me know (post the log) along with a new OTL scan.
    Proud Graduate of the WTT Classroom

  8. #58
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    Well the angels have finished singing alehula cos I've had a fright when pev.3XE wanted to enter my trusted zone. Checked, and found it is part of ComboFix, and then it took another 15mins of me holding my breath to come up with.... (fanfare):

    ComboFix 12-03-31.03 - 1 Sarah 02/04/2012 9:40.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1005 [GMT 1:00]
    Running from: c:\documents and settings\1 Sarah\Desktop\ComboFix.exe
    Command switches used :: /nombr
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\1 Sarah\Application Data\Desktopicon
    c:\documents and settings\1 Sarah\Application Data\Desktopicon\eBay.ico
    c:\documents and settings\1 Sarah\Application Data\Desktopicon\uninst.exe
    c:\documents and settings\1 Sarah\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\program files\IBM\Updater\ucstartup.exe
    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\system32\CF11881.exe
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\pwdmon.dll
    c:\windows\system32\regobj.dll
    c:\windows\system32\TPAPSLOG.LOG
    c:\windows\system32\TPHDLOG0.LOG
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_npf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-29 17:50 . 2012-03-29 17:50 -------- d-----w- c:\program files\WinDirStat
    2012-03-28 17:59 . 2012-03-28 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2012-03-27 22:34 . 2012-03-27 22:34 -------- d-----w- c:\program files\ESET
    2012-03-25 14:07 . 2012-03-25 14:07 -------- dc----w- C:\_OTL
    2012-03-18 02:28 . 2012-03-18 02:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2012-03-17 22:44 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-03-17 22:41 . 2012-03-17 22:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
    2012-03-17 18:34 . 2012-03-17 18:34 -------- d-----w- c:\program files\ERUNT
    2012-03-17 08:39 . 2012-03-17 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-03 09:22 . 1980-01-01 07:00 1860096 ------w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-20 18:26 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2004-08-09 17:51 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
    2009-03-11 19:23 . 2009-03-11 19:15 69076264 -c--a-w- c:\program files\iTunesSetup.exe
    2009-02-22 20:52 . 2009-02-22 20:52 270128 -c--a-w- c:\program files\utorrent.exe
    2006-10-17 19:52 . 2006-10-17 19:52 2855080 -c----w- c:\program files\aawsepersonal.exe
    2005-11-01 12:14 . 2005-11-01 12:12 1148416 -c----w- c:\program files\PA082.exe
    2012-01-10 14:18 . 2012-01-10 14:18 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TpShocks"="TpShocks.exe" [2005-01-24 106496]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
    "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
    "TP4EX"="tp4ex.exe" [2004-11-12 40960]
    "QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 135168]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 212992]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-24 281768]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
    "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-01 273544]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\1 Sarah\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2004-11-04 16:51 108636 ------w- c:\program files\IBM fingerprint software\psfus.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
    2005-03-18 10:07 262144 ------w- c:\windows\system32\QConGina.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2004-08-13 03:11 24576 ------w- c:\windows\system32\tphklock.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
    "c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
    "c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\explorer.exe"= %windir%\explorer.exe
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [15/08/2005 20:07 14208]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/04/2010 21:31 136360]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 15:44 27016]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 15:44 497280]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12/08/2011 18:13 87040]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24/12/2010 21:20 27632]
    R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [15/08/2005 20:07 6016]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15/02/2012 14:30 158856]
    S3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\drivers\HDvidv.sys [24/09/2011 21:22 285952]
    S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [24/09/2011 21:22 103720]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [24/12/2009 21:59 13224]
    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [13/11/2007 16:50 106624]
    S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [09/10/2007 13:53 59648]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [30/12/2011 14:27 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 19:01 21248]
    S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys --> c:\windows\system32\DRIVERS\glauiad.sys [?]
    S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [15/08/2005 20:27 12288]
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [26/01/2011 18:00 235648]
    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [04/05/2011 21:16 86824]
    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [04/05/2011 21:16 15016]
    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [04/05/2011 21:16 114600]
    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [04/05/2011 21:16 108328]
    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [04/05/2011 21:16 26024]
    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [04/05/2011 21:16 104616]
    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [04/05/2011 21:16 109736]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [31/12/2009 14:28 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 14:54 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 14:54 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [31/12/2009 14:28 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 14:54 98568]
    S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [23/09/2010 12:09 83880]
    S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [23/09/2010 12:09 15016]
    S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [23/09/2010 12:09 110632]
    S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [23/09/2010 12:09 104616]
    S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [23/09/2010 12:09 25512]
    S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [23/09/2010 12:09 100648]
    S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [23/09/2010 12:09 110120]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [04/05/2011 20:24 155344]
    S4 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [02/04/2009 16:52 543744]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/10/2009 08:42 133104]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19/10/2009 08:42 133104]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
    .
    2012-04-02 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-08-15 08:00]
    .
    2012-04-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3694052557-2359500833-1512941615-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
    .
    2012-03-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3694052557-2359500833-1512941615-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.saynoto0870.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\documents and settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2516768&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.saynoto0870.com/numbersearch.php
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-UC_Start - c:\program files\IBM\Updater\\ucstartup.exe
    AddRemove-eBay Icon - c:\documents and settings\1 Sarah\Application Data\Desktopicon\uninst.exe
    AddRemove-{27310A4F-6A97-43C0-928C-FE5313B9949B} - c:\documents and settings\All Users\Application Data\{5BD198FE-6337-4D45-AAF8-F81D83B87D05}\FFOv2011-8_Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-02 09:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(712)
    c:\program files\IBM fingerprint software\psfus.dll
    c:\program files\Common Files\Virtual Token\psutil.dll
    c:\windows\system32\tphklock.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    - - - - - - - > 'lsass.exe'(768)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    - - - - - - - > 'explorer.exe'(4056)
    c:\windows\system32\WININET.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Virtual Token\vtserver.exe
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\System32\QCONSVC.EXE
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\System32\TPHDEXLG.EXE
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\TpShocks.exe
    c:\windows\system32\rundll32.exe
    c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-02 10:25:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-02 09:25
    .
    Pre-Run: 1,439,768,576 bytes free
    Post-Run: 1,326,112,768 bytes free
    .
    - - End Of File - - 624A43909A18EB03BE1736D6FBC8BA6C

  9. #59
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    what I did was copy/paste the command into run and an extra space at the end (I had the middle one in before) came up and it ran!! phew!!

    after log came up I opened firefox and got this msg: firefox is not currentl set as your default browser...

    It has been set for years, so I wonder how it got unset during or after running combofix - is this normal?

    do you still want screen print of docs and settings?

  10. #60
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Great job with Combofix

    is this normal?
    Yes. You can select firefox as your default browser once we are done.

    do you still want screen print of docs and settings?
    Yes please, along with the following:

    Do you recognise the following file: c:\program files\PA082.exe ?


    1. Please scan the following files





      • On the page you'll find a "Choose File" button.
      • Click on the Choose File button.
      • In the File Upload window which opens, copy and paste this into the File Name box.



      c:\program files\PA082.exe


      • Next, click the Open button.
      • Then click the "Send File" button just below.
      • This will scan the file. Please be patient.
      • If you get a message saying File has already been analyzed: click Reanalyze file now.


      Post the link to the Virus total results page in your next reply along with the link to the documents and settings screenshot.
    Proud Graduate of the WTT Classroom

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •