Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log...What next???


  • This topic is locked This topic is locked
2 replies to this topic

#1 cemeterypets

cemeterypets

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 03 November 2010 - 09:23 AM

What is the next step??? Thanks!!

ComboFix 10-11-02.05 - Owner 11/03/2010 8:56.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.176 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))
.

2010-10-13 19:26 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 19:26 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 19:26 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2004-08-26 16:11 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-26 16:11 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-26 16:11 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-26 16:11 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50 . 2010-06-07 13:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29 . 2010-03-31 19:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-09 13:38 . 2004-08-26 16:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2004-08-26 16:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-26 16:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2004-08-26 16:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2004-08-26 16:11 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-26 16:11 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-26 16:12 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-26 16:12 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-26 16:12 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-26 16:12 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 08:23 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-26 16:11 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-26 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-26 16:12 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2006-07-21 407032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-06-27 26112]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-6-10 25214]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-8-17 54512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-06-23 16:24 50776 ----a-w- c:\program files\America Online 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-19 00:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1151419726\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-26 22:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 19:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 22:19 129536 ----a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1151419726\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2010 12:39 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-11-03 c:\windows\Tasks\At1.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At10.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At11.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At12.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At13.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At14.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At15.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At16.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At17.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At18.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At19.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At2.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At20.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At21.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At22.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At23.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At24.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At25.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At26.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At27.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At28.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At29.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At3.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At30.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At31.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At32.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At33.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-02 c:\windows\Tasks\At34.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-02 c:\windows\Tasks\At35.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-02 c:\windows\Tasks\At36.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-02 c:\windows\Tasks\At37.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-02 c:\windows\Tasks\At38.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-02 c:\windows\Tasks\At39.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At4.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\At40.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-02 c:\windows\Tasks\At41.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-02 c:\windows\Tasks\At42.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-02 c:\windows\Tasks\At43.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At44.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At45.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At46.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At47.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At48.job
- c:\windows\system32\bOk6835V.exe [2008-08-18 06:46]

2010-11-03 c:\windows\Tasks\At5.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At6.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At7.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At8.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-03 c:\windows\Tasks\At9.job
- c:\windows\system32\No3kOK5T.exe [2008-08-18 20:22]

2010-11-02 c:\windows\Tasks\doc backup.job
- c:\windows\system32\ntbackup.exe [2001-08-18 12:36]

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 17:39]

2010-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 17:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2D3502EE-9D6D-11D1-86CC-080009B6ACE6} - hxxp://www.cic.co.kane.il.us/codebase/jfbarcode.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\98nu6is1.default\
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-SCRABBLE - c:\progra~1\YAHOO!~1\Scrabble\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 09:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(756)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-03 09:15:55
ComboFix-quarantined-files.txt 2010-11-03 14:15
ComboFix2.txt 2010-07-13 14:58

Pre-Run: 57,009,410,048 bytes free
Post-Run: 57,135,386,624 bytes free

- - End Of File - - 78AB25608EF06AD484DCEF090FAE9D0F

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:46 PM

Posted 11 November 2010 - 11:19 AM

Hello cemeterypets ,

Posted Image

Sorry for the delay. :( What next......what? There is nothing in that log, you ran ComboFix on your own more than once, none of the logs we ask for are posted, and there is no description at all of your problems. :blink: Can you help me out here please? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:46 PM

Posted 17 November 2010 - 10:23 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users