ComboFix 10-03-06.01 - Gin Lin 03/06/2010 16:30:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.596 [GMT -5:00]
Running from: C:\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\GINLIN~1\LOCALS~1\Temp\csrss.exe
c:\docume~1\GINLIN~1\LOCALS~1\Temp\lsass.exe
c:\docume~1\GINLIN~1\LOCALS~1\Temp\services.exe
c:\docume~1\GINLIN~1\LOCALS~1\Temp\svchost.exe
c:\documents and settings\Gin Lin\Application Data\avp.ico
c:\documents and settings\Gin Lin\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk
c:\documents and settings\Gin Lin\Start Menu\Programs\AntiVirus Plus
c:\documents and settings\Gin Lin\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk
c:\documents and settings\Gin Lin\Start Menu\Programs\AntiVirus Plus\EULA.url
c:\documents and settings\Gin Lin\Start Menu\Programs\AntiVirus Plus\Uninstall.lnk
c:\program files\Windows NT\Accessories\svchost.exe
c:\windows\system32\certstore.dat
c:\windows\system32\config\systemprofile\Application Data\AntiVirus Plus
c:\windows\system32\config\systemprofile\Application Data\avp.ico
c:\windows\system32\ctfmon .exe
c:\windows\system32\jefizaya.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\pehuraba.exe
c:\windows\system32\repozuyi.dll
c:\windows\system32\rundll32 .exe
c:\windows\system32\sdra64.exe
c:\windows\system32\systeminfo3.dll
c:\windows\system32\tolufobi.dll
c:\windows\system32\wibivuje.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\Tasks\bjvkwroo.job
c:\windows\Tasks\vrweqslf.job
c:\windows\zAdBHO.dll
F:\autorun.inf
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_IAS
-------\Legacy_IPRIP
-------\Legacy_SEAGATE
-------\Legacy_SSHNAS
-------\Service_6to4
-------\Service_Iprip
-------\Service_SSHNAS
((((((((((((((((((((((((( Files Created from 2010-02-06 to 2010-03-06 )))))))))))))))))))))))))))))))
.
2010-03-06 21:48 . 2010-03-06 21:48 -------- d-----w- c:\windows\LastGood
2010-03-06 19:41 . 2010-03-06 19:41 -------- d-----w- c:\program files\PowerISO
2010-03-06 09:45 . 2010-03-06 09:45 5136 ----a-w- c:\windows\system32\f_lock.dll
2010-03-04 22:49 . 2010-03-04 22:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-02 03:34 . 2010-03-02 03:34 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-02-28 22:10 . 2010-03-01 22:57 0 ----a-w- c:\windows\system32\drivers\iownfsr.sys
2010-02-28 21:02 . 2010-02-28 21:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-02-27 19:50 . 2010-02-27 20:07 0 ----a-w- c:\windows\system32\drivers\rqapxbyw.sys
2010-02-08 14:59 . 2010-02-08 14:59 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-02-05 18:06 . 2010-02-05 18:06 -------- d-----w- C:\Your PC Protector
2010-02-05 17:53 . 2010-03-03 00:54 -------- d-----w- c:\program files\schtml
2010-02-05 04:12 . 2010-02-05 04:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-02-05 02:12 . 2010-02-05 02:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-05 02:10 . 2010-02-05 18:08 0 ----a-w- c:\windows\system32\41.exe.vir
2010-02-05 02:08 . 2010-02-05 02:08 327168 ----a-w- C:\sivc.exe
2010-02-05 01:42 . 2010-02-05 01:47 132608 ----a-w- c:\windows\system32\usbdrv.exe
2010-02-05 01:42 . 2010-02-05 01:47 10240 ----a-w- c:\windows\system32\launch.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 21:17 . 2010-02-05 18:49 4121277 ----a-r- C:\ComboFix.exe
2010-03-06 06:38 . 2004-09-24 13:37 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-05 20:20 . 2009-11-18 17:49 -------- d-----w- c:\program files\iTunes
2010-03-03 00:59 . 2007-05-17 03:06 -------- d-----w- c:\program files\Windows Defender
2010-03-03 00:50 . 2003-08-02 00:54 -------- d-----w- c:\program files\QuickTime
2010-02-27 20:01 . 2009-09-30 02:39 -------- d-----w- c:\documents and settings\Gin Lin\Application Data\BitTorrent
2010-02-27 19:43 . 2009-10-24 06:27 -------- d-----w- c:\documents and settings\Gin Lin\Application Data\Vso
2010-02-27 17:13 . 2010-01-30 05:51 -------- d-----w- c:\documents and settings\Gin Lin\Application Data\vlc
2010-02-27 17:11 . 2009-11-28 19:45 -------- d-----w- c:\documents and settings\Gin Lin\Application Data\dvdcss
2010-02-26 15:53 . 2010-01-31 21:32 -------- d-----w- c:\documents and settings\Gin Lin\Application Data\Any Video Converter Professional
2010-02-11 02:27 . 2009-09-30 02:39 -------- d-----w- c:\program files\BitTorrent
2010-02-05 20:36 . 2009-06-28 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 19:42 . 2010-02-05 19:42 -------- d-----w- c:\program files\trend micro
2010-02-05 04:15 . 2003-08-23 17:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-31 21:35 . 2010-01-31 21:32 -------- d-----w- c:\program files\Any Video Converter Professional
2010-01-31 21:07 . 2010-01-31 21:00 -------- d-----w- c:\program files\1-Click YouTube Downloader
2010-01-31 05:12 . 2003-05-20 04:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 05:08 . 2003-07-09 22:15 -------- d-----w- c:\program files\Elaborate Bytes
2010-01-30 05:48 . 2010-01-30 05:48 -------- d-----w- c:\program files\VideoLAN
2010-01-25 19:52 . 2010-01-25 19:52 -------- d-----w- c:\program files\DerivaGem
2010-01-23 21:22 . 2010-01-23 21:22 -------- d-----w- c:\program files\Cheetah Burner
2010-01-14 16:12 . 2009-10-03 08:04 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 21:07 . 2009-06-28 17:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-06-28 17:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 20:34 . 2007-12-12 21:55 32092 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-26 00:21 . 2003-07-23 03:12 31920 -c--a-w- c:\documents and settings\Gin Lin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-26 00:15 . 2009-12-26 00:16 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-12-21 19:14 . 2004-09-24 13:37 916480 ----a-w- c:\windows\system32\wininet.dll
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
1601-01-01 00:03 . 1601-01-01 00:03 71168 --sha-w- c:\windows\SYSTEM32\farewoka.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\SYSTEM32\jelukahu.exe
1601-01-01 00:03 . 1601-01-01 00:03 53248 --sha-w- c:\windows\SYSTEM32\nizefipu.dll
1601-01-01 00:03 . 1601-01-01 00:03 47104 --sha-w- c:\windows\SYSTEM32\pegojehe.dll
1601-01-01 00:03 . 1601-01-01 00:03 53248 --sha-w- c:\windows\SYSTEM32\razusula.dll
1601-01-01 00:03 . 1601-01-01 00:03 45568 --sha-w- c:\windows\SYSTEM32\rukurole.dll
.
Code:
<pre>
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Canon\Canon IJ Network Scan Utility\cnmnsut .exe
c:\program files\Canon\MyPrinter\bjmyprt .exe
c:\program files\Canon\SolutionMenu\cnslmain .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\ssbkgdupdate .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\QuickTime\qttask .exe
c:\program files\ScanSoft\OmniPageSE4\opwarese4 .exe
c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr .exe
c:\program files\Windows Defender\msascui .exe
c:\program files\Yahoo!\Search Protection\searchprotection .exe
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\wrtmon .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [N/A]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [N/A]
"Aim6"="" [N/A]
"Remote System Protection"="c:\windows\system32\eanih24.dll" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tevuligako"="waleguti.dll" [N/A]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-10-28 257440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"mslivemsn"="c:\program files\Windows NT\Accessories\svchost.exe" [N/A]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-8-12 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\f_lock]
2010-03-06 09:45 5136 ----a-w- c:\windows\SYSTEM32\f_lock.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Seagate\\SeagateManager\\FreeAgent Status\\stxmenumgr .exe"=
"c:\\Program Files\\Panasonic\\LUMIXSimpleViewer\\PhLeAutoRun.exe"=
"c:\\Program Files\\Canon\\MyPrinter\\bjmyprt .exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56810:TCP"= 56810:TCP:Pando P2P TCP Listening Port
"56810:UDP"= 56810:UDP:Pando P2P UDP Listening Port
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [6/30/2005 10:27 AM 6097]
R2 ASFAgent;ASF Agent;c:\program files\intel\ASF Agent\ASFAgent.exe [5/8/2002 9:51 AM 212992]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 4:05 PM 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 4:06 PM 23744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/27/2007 1:07 PM 24652]
S2 usbdevice;usbdevice;c:\windows\SYSTEM32\launch.exe [2/4/2010 8:42 PM 10240]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [6/30/2005 10:27 AM 299923]
.
Contents of the 'Scheduled Tasks' folder
2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{6852B72C-3D41-4E41-9234-DB4CC4C454B2}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
mWindow Title =
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {6416C78A-E810-445C-8712-1785809FA433} - hxxps://newyork.access.credit-suisse.com/CitrixLogonPoint/NewYork/EPAClient/EPAClient.exe
FF - ProfilePath - c:\documents and settings\Gin Lin\Application Data\Mozilla\Firefox\Profiles\ajhr3vkm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Gin Lin\Application Data\Mozilla\plugins\np29DAA979-0AA1-42A4-A0A9-FDCAC3752F6E.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_external - 1
FF - user.js: browser.link.open_newwindow - 1
.
- - - - ORPHANS REMOVED - - - -
BHO-{93c4ec67-e601-4fea-a561-276cc05efe25} - hatemeva.dll
AddRemove-AntiVirus Plus - c:\windows\system32\config\systemprofile\Application Data\AntiVirus Plus\AntiVirus Plus.55530.dll
AddRemove-HijackThis - c:\hjt\HijackThis.exe
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 17:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,d5,0e,1f,21,18,c2,46,91,97,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,d5,0e,1f,21,18,c2,46,91,97,f9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\f_lock.dll
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Dell\Dell File Manager\CTDFM.DLL
c:\program files\Dell\Dell File Manager\DFMHK.dll
c:\program files\Dell\Dell File Manager\CTDFMRES.DLL
c:\program files\Microsoft Office\Office10\msohev.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\fxssvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-06 17:49:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-06 22:49
ComboFix2.txt 2010-02-05 19:41
ComboFix3.txt 2007-07-16 23:01
Pre-Run: 44,959,502,336 bytes free
Post-Run: 45,198,880,768 bytes free
- - End Of File - - B5F8AE6D908D35936DE0D817534DC3FC