ComboFix 09-08-04.03 - Compaq_Administrator 05/08/2009 16:16.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.958.566 [GMT 1:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1927043714-2865427238-3503779764-1007
c:\windows\Installer\127fce.msp
c:\windows\Installer\1d5ec1.msi
c:\windows\Installer\2321a.msp
c:\windows\Installer\23221.msp
c:\windows\Installer\263c1d4.msi
c:\windows\Installer\2ff3d8.msi
c:\windows\Installer\301fc.msp
c:\windows\Installer\30214.msp
c:\windows\Installer\31a286.msi
c:\windows\Installer\351c6.msp
c:\windows\Installer\387b4.msi
c:\windows\Installer\39fb06.msi
c:\windows\Installer\39fb09.msi
c:\windows\Installer\45bb3.msi
c:\windows\Installer\45bb9.msi
c:\windows\Installer\45bbf.msi
c:\windows\Installer\45bc6.msi
c:\windows\Installer\45bcc.msi
c:\windows\Installer\45bd6.msi
c:\windows\Installer\45bdc.msi
c:\windows\Installer\45be2.msi
c:\windows\Installer\45be8.msi
c:\windows\Installer\45bee.msi
c:\windows\Installer\45bf5.msi
c:\windows\Installer\45bfd.msi
c:\windows\Installer\45c03.msi
c:\windows\Installer\45c09.msi
c:\windows\Installer\45c0f.msi
c:\windows\Installer\45c15.msi
c:\windows\Installer\45c1b.msi
c:\windows\Installer\45c21.msi
c:\windows\Installer\4688f.msi
c:\windows\Installer\46890.msp
c:\windows\Installer\4c3ee1.msi
c:\windows\Installer\4c3eec.msi
c:\windows\Installer\4c3f47.msi
c:\windows\Installer\551186.msi
c:\windows\Installer\60301a.msi
c:\windows\Installer\626b0b.msi
c:\windows\Installer\6bb48e.msi
c:\windows\Installer\70b7f.msi
c:\windows\Installer\73bd1.msi
c:\windows\Installer\73c2d.msi
c:\windows\Installer\8a6ae.msi
c:\windows\Installer\8a6b4.msi
c:\windows\Installer\8a6ba.msi
c:\windows\Installer\8a6c0.msi
c:\windows\Installer\8a6c6.msi
c:\windows\Installer\8a6cc.msi
c:\windows\Installer\8a6d2.msi
c:\windows\Installer\8a6d8.msi
c:\windows\Installer\8a6de.msi
c:\windows\Installer\8a6e5.msi
c:\windows\Installer\8a6ec.msi
c:\windows\Installer\8a6f3.msi
c:\windows\Installer\8a6fa.msi
c:\windows\Installer\8a700.msi
c:\windows\Installer\8a707.msi
c:\windows\Installer\8a70d.msi
c:\windows\Installer\8a713.msi
c:\windows\Installer\8a719.msi
c:\windows\Installer\8a71f.msi
c:\windows\Installer\8a725.msi
c:\windows\Installer\8a72b.msi
c:\windows\Installer\8a731.msi
c:\windows\Installer\8a737.msi
c:\windows\Installer\8a73d.msi
c:\windows\Installer\8a743.msi
c:\windows\Installer\8a749.msi
c:\windows\Installer\8a750.msi
c:\windows\Installer\944048.msi
c:\windows\Installer\e394b3.msp
c:\windows\Installer\e394ba.msi
c:\windows\kb913800.exe
c:\windows\system32\eybtncyl.ini
c:\windows\system32\ubilofam.ini
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.
2009-08-05 13:45 . 2009-08-05 13:44 404737 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-08-05 13:45 . 2008-12-05 10:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-08-04 05:12 . 2009-08-04 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-08-04 05:12 . 2009-08-04 05:12 -------- d-----w- c:\program files\RegCure
2009-08-03 17:36 . 2009-08-03 17:36 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-08-03 17:24 . 2009-08-03 17:24 -------- d-----w- c:\program files\Secunia
2009-08-02 17:32 . 2009-08-02 17:32 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-08-02 17:32 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 17:32 . 2009-08-02 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 17:32 . 2009-08-02 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-02 17:32 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 17:01 . 2009-08-03 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-29 17:00 . 2009-07-29 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-25 17:58 . 2009-07-25 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-25 17:57 . 2009-07-26 07:13 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-25 17:57 . 2009-07-25 17:57 -------- d-----w- c:\program files\Common Files\iS3
2009-07-22 14:26 . 2009-07-22 14:26 592947 -c--a-w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-07-22 14:26 . 2009-07-22 14:26 595765 -c--a-w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-07-22 14:26 . 2009-07-22 14:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}
2009-07-21 16:04 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-21 16:04 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 13:45 . 2009-06-25 04:42 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-04 05:01 . 2009-03-04 15:51 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Spotify
2009-08-03 17:49 . 2008-07-08 19:05 -------- d-----w- c:\program files\Norton Security Scan
2009-08-03 17:37 . 2008-12-30 13:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-03 17:37 . 2006-09-01 12:30 -------- d-----w- c:\program files\Java
2009-08-02 18:46 . 2008-01-14 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-02 17:00 . 2006-09-01 13:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-02 16:36 . 2008-12-29 17:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 17:00 . 2006-09-01 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-28 13:01 . 2008-07-03 16:06 34 ----a-w- c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences.dat
2009-07-26 05:46 . 2009-07-26 05:39 21832 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-20 09:36 . 2009-07-22 14:25 262424 -c--a-w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll
2009-07-20 09:36 . 2009-07-22 14:25 254232 -c--a-w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll
2009-07-20 09:36 . 2009-07-22 14:25 872728 -c--a-w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
2009-07-20 09:36 . 2009-07-22 14:25 205080 -c--a-w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll
2009-07-20 09:34 . 2009-07-22 14:25 295656 -c--a-w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\stbrunwlm.exe
2009-07-20 09:34 . 2009-07-22 14:25 295328 -c--a-w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\stbrewlm.exe
2009-07-20 09:34 . 2009-07-22 14:25 295896 -c--a-w- c:\documents and settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\OFFLINE\mFileBagIDE.dll\bag\stbreaim.exe
2009-06-25 04:41 . 2009-06-25 04:41 -------- d-----w- c:\program files\Avira
2009-06-25 04:41 . 2009-06-25 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-21 06:57 . 2009-06-21 06:55 -------- d-----w- c:\program files\NetMeter
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2007-01-21 09:47 . 2007-01-21 09:47 251 -c--a-w- c:\program files\wt3d.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-06-25 1578736]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"O2"="c:\program files\O2\bin\sprtcmd.exe" [2008-03-28 198184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-03 148888]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Firaxis Game\\Sid Meyer's Railroad!\\RailRoads.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25/06/2009 05:42 108289]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 13:20 12648]
.
Contents of the 'Scheduled Tasks' folder
2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2009-08-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
2009-08-05 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
2009-08-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
- - - - ORPHANS REMOVED - - - -
BHO-{20569631-FE5F-4B6D-9D76-4F45DDC7BE75} - (no file)
BHO-{2B434974-D3AC-4880-B315-2FB21D7628A4} - (no file)
BHO-{F3027024-83EF-4B69-8B8C-6EE088F389DE} - (no file)
BHO-{f6f4d585-4d96-4efd-b069-403dea40538e} - (no file)
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop
IE: &Search - ?p=ZJfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\467j5zb9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://webmail.netidentity.com/webmail/driver?nimlet=showlogin
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 16:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3764)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-05 16:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-05 15:29
Pre-Run: 120,548,429,824 bytes free
Post-Run: 120,433,541,120 bytes free
302 --- E O F --- 2008-12-21 05:00