Combo Fix:
ComboFix 10-09-09.04 - Administrator 09/11/2010 15:14:43.2.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3038 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"c:\windows\Iceqahaqevemite.dat"
"c:\windows\Mratumejabive.bin"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Heather Lutz\Application Data\64dlls.exe
c:\documents and settings\Heather Lutz\Application Data\intel64.exe
c:\documents and settings\Heather Lutz\Application Data\Kernel32.exe
c:\documents and settings\Heather Lutz\Application Data\localsys64.exe
c:\documents and settings\Heather Lutz\Application Data\ntos.exe
c:\documents and settings\Heather Lutz\Application Data\oembios.exe
c:\documents and settings\Heather Lutz\Application Data\sdra64.exe
c:\documents and settings\Heather Lutz\Application Data\sdra73.exe
c:\documents and settings\Heather Lutz\Application Data\swin32.exe
c:\documents and settings\Heather Lutz\Application Data\twex.exe
c:\documents and settings\Heather Lutz\Application Data\twext.exe
c:\documents and settings\Heather Lutz\Application Data\wsnpoema.exe
c:\documents and settings\Michael Bryant\Application Data\1530834A405C118A974E9E21BEE11923
c:\documents and settings\Michael Bryant\Application Data\1530834A405C118A974E9E21BEE11923\newsecureapp70700.exe
c:\documents and settings\Michael Bryant\Local Settings\Application Data\vtkaog
c:\windows\Iceqahaqevemite.dat
c:\windows\Mratumejabive.bin
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.
2010-09-11 13:19 . 2010-09-11 13:19 -------- d-----w- c:\windows\LastGood
2010-09-08 22:07 . 2010-09-08 22:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity
2010-09-01 20:00 . 2010-09-11 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-09-01 20:00 . 2010-09-01 20:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2010-09-01 20:00 . 2010-09-01 20:00 -------- d-----w- c:\program files\CCleaner
2010-09-01 19:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-01 02:38 . 2010-07-09 14:26 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-09-01 02:38 . 2010-07-02 14:25 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-09-01 02:38 . 2010-07-02 14:25 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-31 14:09 . 2010-08-31 14:09 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-31 01:30 . 2010-08-31 01:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-08-26 23:35 . 2010-09-11 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-26 23:35 . 2010-08-26 23:35 -------- d-----w- c:\program files\Alwil Software
2010-08-26 23:29 . 2010-08-26 23:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-26 22:03 . 2010-08-26 22:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-26 22:01 . 2010-08-26 22:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-26 19:44 . 2010-08-26 19:44 45116 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-15 12:46 . 2010-08-15 12:46 -------- d-----w- c:\documents and settings\Natalie Lutz\Local Settings\Application Data\Conduit
2010-08-15 12:46 . 2010-08-15 12:46 -------- d-----w- c:\documents and settings\Natalie Lutz\Local Settings\Application Data\XfireXO
2010-08-14 21:48 . 2010-08-14 21:48 -------- d-----w- c:\documents and settings\Katy Lutz\Local Settings\Application Data\Conduit
2010-08-14 21:48 . 2010-08-14 21:48 -------- d-----w- c:\documents and settings\Katy Lutz\Local Settings\Application Data\XfireXO
2010-08-14 11:52 . 2010-09-07 22:24 -------- d-----w- c:\program files\StepMania
2010-08-13 21:55 . 2010-08-13 21:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
2010-08-13 16:28 . 2010-08-13 16:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\XfireXO
2010-08-13 06:21 . 2010-08-13 06:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 18:56 . 2009-04-04 01:12 -------- d-----w- c:\documents and settings\Michael Bryant\Application Data\DNA
2010-09-11 17:49 . 2009-04-03 23:47 -------- d-----w- c:\program files\Steam
2010-09-11 14:33 . 2010-02-28 04:44 -------- d-----w- c:\documents and settings\Michael Bryant\Application Data\Audacity
2010-09-11 13:46 . 2009-04-04 01:04 -------- d-----w- c:\documents and settings\Michael Bryant\Application Data\LimeWire
2010-09-11 13:44 . 2009-04-04 01:12 -------- d-----w- c:\program files\DNA
2010-09-11 13:29 . 2010-07-17 23:52 -------- d-----w- c:\program files\XfireXO
2010-09-11 13:19 . 2009-03-26 03:44 -------- d-----w- c:\program files\McAfee
2010-09-11 03:01 . 2009-04-01 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-11 02:57 . 2010-01-15 22:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-11 02:55 . 2009-03-26 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-01 20:00 . 2009-04-25 18:16 -------- d-----w- c:\program files\Yahoo!
2010-08-26 21:51 . 2009-03-26 03:50 50056 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-15 12:46 . 2009-04-01 20:25 50056 ----a-w- c:\documents and settings\Natalie Lutz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-14 21:47 . 2009-04-01 20:57 50056 ----a-w- c:\documents and settings\Katy Lutz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 23:28 . 2009-04-04 01:13 -------- d-----w- c:\documents and settings\Michael Bryant\Application Data\BitTorrent
2010-08-03 13:59 . 2009-04-03 23:43 50056 ----a-w- c:\documents and settings\Michael Bryant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 13:59 . 2010-08-03 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2010-08-03 13:57 . 2010-08-03 13:57 65536 ----a-r- c:\documents and settings\Michael Bryant\Application Data\Microsoft\Installer\{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}\ARPPRODUCTICON.exe
2010-08-03 13:56 . 2010-08-03 13:56 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-08-03 13:56 . 2009-03-26 03:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-18 18:19 . 2010-07-18 18:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2010-07-17 23:52 . 2010-07-17 23:52 -------- d-----w- c:\program files\Conduit
2010-07-17 23:45 . 2010-07-17 23:45 -------- d-----w- c:\program files\Z8Games
2010-07-17 13:22 . 2009-07-27 02:05 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-07-17 13:22 . 2009-06-13 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-07-17 13:21 . 2009-07-27 02:05 -------- d-----w- c:\program files\ParetoLogic
2010-07-17 13:21 . 2009-06-13 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-07-15 19:18 . 2009-03-26 03:45 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-03 13:16 . 2010-05-08 22:11 99 ----a-w- c:\documents and settings\Katy Lutz\jagex_runescape_preferences2.dat
2010-07-03 13:00 . 2010-05-08 22:10 46 ----a-w- c:\documents and settings\Katy Lutz\jagex_runescape_preferences.dat
2010-06-30 12:31 . 2008-04-25 16:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:14 . 2008-04-25 16:16 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 20:50 . 2010-06-22 20:50 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb1E.tmp.exe
2010-06-21 15:27 . 2008-04-25 16:16 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 00:12 . 2009-04-04 21:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-19 00:11 . 2009-04-04 12:37 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-17 14:03 . 2008-04-25 16:16 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-04-25 16:16 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
------- Sigcheck -------
[-] 2008-04-14 . 6BA2B344AD063BB35ADA1D33EFF8FA2B . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 9AB873E5C3DE27BCDEA5343EA6EA95CB . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-09-11 13:29 2735200 ----a-w- c:\program files\XfireXO\tbXfi1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfi1.dll" [2010-09-11 2735200]
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater6"="c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-04-04 2521464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-19 864112]
"iPodVideoConverter_upgrade"="c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe" [2009-09-08 503808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\Michael Bryant\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-10 139776]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-26 03:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\d3m0nc1aw\\team fortress classic\\hl.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/4/2009 8:37 AM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
S2 0120501284211202mcinstcleanup;McAfee Application Installer Cleanup (0120501284211202);c:\windows\TEMP\012050~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\012050~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 4:16 PM 135664]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:11]
2010-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2010-09-11 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4251465998.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 20:16]
2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 20:16]
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-26 16:22]
2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-26 16:22]
2010-08-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
2009-12-29 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
http://www.yahoo.com/ext/search/search.html
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vo.mcbh.org/MLWebCacheCleaner.cab
DPF: {C53BDC3D-19A0-4062-BF34-0897A4E6A6A2} - hxxp://www.wildpockets.com/common/WildPocketsLoader-15079.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-09-11 15:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-8834206-3494891491-1703734855-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,c9,27,6c,9f,bf,e6,4f,9a,b2,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,c9,27,6c,9f,bf,e6,4f,9a,b2,ed,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2010-09-11 15:24:43
ComboFix-quarantined-files.txt 2010-09-11 19:24
ComboFix2.txt 2010-09-11 13:19
Pre-Run: 462,568,198,144 bytes free
Post-Run: 462,562,418,688 bytes free
- - End Of File - - 5D90D107D018EFAD6E353E1D7872B32D