ComboFix 09-10-10.02 - Cattie Bullard 10/10/2009 21:00.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1982.1491 [GMT -5:00]
Running from: c:\documents and settings\Cattie Bullard\Desktop\ComboFix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\govured._sy
c:\documents and settings\All Users\Application Data\hetose.sys
c:\documents and settings\All Users\Application Data\itanudyno.lib
c:\documents and settings\All Users\Application Data\mive.com
c:\documents and settings\All Users\Application Data\wasatar.lib
c:\documents and settings\All Users\Application Data\ykuzuxafih.scr
c:\documents and settings\All Users\Application Data\zotakyry.bin
c:\documents and settings\All Users\Application Data\zubo.scr
c:\documents and settings\All Users\Documents\jobyg.com
c:\documents and settings\All Users\Documents\qawiraw.sys
c:\documents and settings\All Users\Documents\ybal._dl
c:\documents and settings\All Users\Documents\zecuxesily.vbs
c:\documents and settings\Cattie Bullard\Application Data\buguwase.lib
c:\documents and settings\Cattie Bullard\Application Data\esobe.pif
c:\documents and settings\Cattie Bullard\Application Data\keqe.com
c:\documents and settings\Cattie Bullard\Cookies\lavoli.reg
c:\documents and settings\Cattie Bullard\Local Settings\Application Data\azyraqoja.vbs
c:\documents and settings\Cattie Bullard\Local Settings\Application Data\ejas._sy
c:\documents and settings\Cattie Bullard\Local Settings\Application Data\lekas.dll
c:\documents and settings\Cattie Bullard\Local Settings\Application Data\tycymuq.dl
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\apunos.lib
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\dejotax.sys
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\eqelaxa.dat
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\himof.ban
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\iwemujo.com
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\lehar.com
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\nuhidape.dl
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\nyvahone.ban
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\vasegiqi._sy
c:\documents and settings\Cattie Bullard\Local Settings\Temporary Internet Files\ynaronul.db
c:\program files\Common Files\aroge.vbs
c:\program files\Common Files\egacywur.bin
c:\windows\atykyhixas.exe
c:\windows\cudozabys.reg
c:\windows\cyfakan.dll
c:\windows\eseqinuno.dl
c:\windows\jusitax._dl
c:\windows\niperuwe.ban
c:\windows\oqowyce._sy
c:\windows\system32\AutoRun.inf
c:\windows\system32\idyqe.dl
c:\windows\system32\kifabibu.dll
c:\windows\system32\lymomutiz.bin
c:\windows\system32\petatusa.dll
c:\windows\system32\pupakijug.dll
c:\windows\system32\ukiki.pif
c:\windows\system32\wbem\proquota.exe
c:\windows\udagugax.bat
c:\windows\ulyny._sy
c:\windows\usyj.ban
c:\windows\ysyhynalek.vbs
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))
.
2009-10-11 02:06 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-11 02:06 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-11 01:38 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-11 01:38 . 2009-10-11 01:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-11 01:38 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-11 01:05 . 2009-10-11 01:05 1152 ----a-w- c:\windows\system32\windrv.sys
2009-10-11 01:05 . 2009-10-11 01:10 -------- d-----w- c:\program files\SpyNoMore
2009-10-11 01:05 . 2009-10-11 01:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-10-11 00:51 . 2009-10-11 00:51 -------- d-----w- c:\program files\Trend Micro
2009-10-11 00:37 . 2009-10-11 00:40 -------- d-----w- c:\program files\myapp
2009-10-11 00:30 . 2009-10-11 00:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-10 23:12 . 2009-10-10 23:12 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-10 21:34 . 2009-10-10 21:34 137 ----a-w- c:\documents and settings\Cattie Bullard\Local Settings\Application Data\fusioncache.dat
2009-10-10 21:34 . 2009-10-10 21:34 -------- d-----w- c:\documents and settings\Cattie Bullard\Local Settings\Application Data\Turbine
2009-10-10 20:20 . 2009-10-10 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\75083326
2009-10-01 19:15 . 2009-10-06 19:40 -------- d-----w- c:\documents and settings\Cattie Bullard\Local Settings\Application Data\WeatherBug
2009-10-01 19:15 . 2009-10-01 19:15 -------- d-----w- c:\program files\AWS
2009-10-01 19:15 . 2009-10-01 19:15 -------- d-----w- c:\documents and settings\Cattie Bullard\Application Data\WeatherBug
2009-09-28 13:59 . 2009-09-28 13:59 -------- d-----w- c:\program files\Perfect World Entertainment
2009-09-28 12:32 . 2009-09-28 13:47 -------- d-----w- c:\documents and settings\Cattie Bullard\Application Data\GetRightToGo
2009-09-28 10:13 . 2009-09-28 10:13 -------- d-----w- c:\documents and settings\Cattie Bullard\Application Data\Malwarebytes
2009-09-28 10:13 . 2009-09-28 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 09:14 . 2009-09-28 09:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Verizon
2009-09-28 09:09 . 2009-09-28 09:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-28 08:15 . 2009-09-28 08:15 18261 ----a-w- c:\windows\womydiqika.dat
2009-09-28 08:15 . 2009-09-28 08:15 12870 ----a-w- c:\documents and settings\Cattie Bullard\Local Settings\Application Data\yvupo.dat
2009-09-28 08:15 . 2009-09-28 08:15 12762 ----a-w- c:\program files\Common Files\adixe.dat
2009-09-26 23:16 . 2009-09-26 23:16 -------- d-----w- c:\documents and settings\Cattie Bullard\Local Settings\Application Data\Turbine,_Inc
2009-09-26 23:14 . 2009-09-26 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2009-09-26 23:14 . 2009-10-10 21:23 -------- d-----w- c:\program files\Turbine
2009-09-26 22:42 . 2009-09-28 08:13 -------- d-----w- c:\documents and settings\Cattie Bullard\Local Settings\Application Data\PMB Files
2009-09-26 22:41 . 2009-10-10 22:43 -------- d-----w- c:\program files\Pando Networks
2009-09-15 12:41 . 2009-10-08 03:18 45 ----a-w- c:\documents and settings\Cattie Bullard\jagex_runescape_preferences2.dat
2009-09-15 04:54 . 2009-09-15 04:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-09-15 04:42 . 2009-09-15 04:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-09-15 04:41 . 2009-09-15 04:48 -------- d-----w- c:\program files\DivX
2009-09-14 19:54 . 2009-09-14 19:55 -------- d-----w- c:\documents and settings\Cattie Bullard\Application Data\Move Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 02:08 . 2009-07-11 20:31 500256 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-11 02:08 . 2009-07-11 20:31 46700 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-11 02:08 . 2009-07-11 20:31 333788 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-11 02:08 . 2009-07-11 20:31 27082528 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-08 04:01 . 2008-07-28 08:47 38 -c--a-w- c:\documents and settings\Cattie Bullard\jagex_runescape_preferences.dat
2009-10-02 11:35 . 2008-06-19 17:31 -------- d-----w- c:\program files\World of Warcraft
2009-09-28 09:01 . 2009-09-10 12:28 120 ----a-w- c:\windows\Mgogabamomigob.dat
2009-09-28 08:15 . 2009-09-28 08:15 12224 ----a-w- c:\program files\Common Files\cevobefet.db
2009-09-15 04:54 . 2008-04-23 21:29 -------- d-----w- c:\program files\Google
2009-09-15 04:32 . 2009-08-04 02:15 -------- d-----w- c:\program files\Oberon Media
2009-09-15 04:30 . 2009-07-03 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-08-31 02:33 . 2009-08-25 17:50 -------- d-----w- c:\program files\World of Warcraft Public Test
2009-08-28 01:30 . 2008-06-19 17:31 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-25 06:10 . 2009-03-28 08:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-25 05:53 . 2009-08-25 04:49 -------- d-----w- c:\documents and settings\Cattie Bullard\Application Data\Gamelab
2009-08-22 15:28 . 2008-06-13 18:09 35552 ----a-w- c:\documents and settings\Cattie Bullard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 13:00 . 2009-08-19 16:22 -------- d-----w- c:\program files\Microsoft Games
2009-08-19 23:57 . 2009-08-19 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-18 19:43 . 2009-08-18 19:43 -------- d-----w- c:\program files\Hidden Expedition Titanic
2009-08-18 18:32 . 2009-08-18 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-18 18:32 . 2009-08-18 18:32 -------- d-----w- c:\program files\BFG
2009-08-15 08:07 . 2009-08-15 08:07 -------- d-----w- c:\program files\MSBuild
2009-08-15 08:07 . 2009-08-15 08:07 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 09:11 . 2009-08-09 09:11 17411 ----a-w- c:\documents and settings\All Users\Application Data\agijudo.dat
2009-08-09 09:11 . 2009-08-09 09:11 17041 ----a-w- c:\windows\uvoh.bin
2009-08-09 09:11 . 2009-08-09 09:11 16232 ----a-w- c:\windows\cazufanu.bin
2009-08-05 09:11 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 07:18 . 2004-08-10 17:51 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 08:19 . 2009-07-10 08:19 88576 --sha-w- c:\windows\system32\danipowu.dll
2009-07-10 05:33 . 2009-07-10 05:33 116224 --sha-w- c:\windows\system32\gufavudu.dll
2009-07-10 20:20 . 2009-07-10 20:20 51200 --sha-w- c:\windows\system32\hajifagu.dll
2009-07-10 20:19 . 2009-07-10 20:19 1011609 --sha-w- c:\windows\system32\kufoluru.exe
2009-07-10 05:33 . 2009-07-10 05:33 116224 --sha-w- c:\windows\system32\mivajuyi.dll
2009-07-10 20:19 . 2009-07-10 20:19 51200 --sha-w- c:\windows\system32\pujosove.dll
2009-07-10 20:19 . 2009-07-10 20:19 88576 --sha-w- c:\windows\system32\rigitaza.dll
2009-07-10 08:19 . 2009-07-10 08:19 69120 --sha-w- c:\windows\system32\vufewuta.dll
2009-07-10 08:19 . 2009-07-10 08:19 1011343 --sha-w- c:\windows\system32\zupejaku.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04d8cda3-e187-4eec-af8f-c14587672208}]
2009-07-10 20:20 51200 --sha-w- c:\windows\system32\hajifagu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-23 98304]
"Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2009-10-10 472568]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2009-10-11 1067472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Raxco\\PerfectDisk2008\\PD91Agent.exe"=
"c:\\Program Files\\Raxco\\PerfectDisk2008\\PD91Engine.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard downloader
"3724:TCP"= 3724:TCP:blizzard downloader
"57991:TCP"= 57991:TCP:Pando Media Booster
"57991:UDP"= 57991:UDP:Pando Media Booster
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 4:58 PM 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe [11/14/2008 6:28 PM 4937752]
R3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 4:58 PM 910600]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [4/22/2009 10:38 AM 170736]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 6:28 PM 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 6:28 PM 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 6:28 PM 27376]
S2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [9/26/2009 6:14 PM 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [9/26/2009 6:14 PM 218608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-10 c:\windows\Tasks\User_Feed_Synchronization-{34CD53BE-07A6-4108-B6CE-D8E418EA34BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://onlinecinema.org/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page =
hxxp://www.google.comuInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: &Search
DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} -
hxxp://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cabDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} -
hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABDPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} -
hxxp://lads.myspace.com/upload/MySpaceUploader2.cabDPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} -
hxxp://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cabDPF: {D40F5876-A494-4124-8161-82625BB28C06} -
hxxp://absolutist.com/online/chocolatier2/Chocolatier2Web.1.0.0.10.cabDPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} -
hxxp://absolutist.com/online/dress_shop_hop/DressShopHopWeb.1.0.0.7.cabDPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} -
hxxp://absolutist.com/online/chocolatier-decadence-by-design/Chocolatier3Web.1.0.0.6.cab.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-vavozuzaga - petatusa.dll
SharedTaskScheduler-{8d857778-6ec2-4c6a-94c4-99dc52c8a74b} - (no file)
SharedTaskScheduler-{9149d14b-7624-4393-915e-8d23e7cd7239} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-10 21:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2096645506-828190138-1039861506-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2368)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Verizon\Verizon Internet Security Suite\Fws.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Verizon\VSP\VerizonServicepoint.exe
.
**************************************************************************
.
Completion time: 2009-10-11 21:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-11 02:16
Pre-Run: 95,330,439,168 bytes free
Post-Run: 95,427,751,936 bytes free
275 --- E O F --- 2009-09-17 08:01