ComboFix 10-04-29.05 - Lou 02/05/2010 0:30.1.2 - x86
Microsoft
Windows Vista
Home Premium 6.0.6002.2.1252.44.1033.18.2037.838 [GMT 1:00]
Running from: c:\users\Lou\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2312294832-2679160596-2828777181-500
c:\$recycle.bin\S-1-5-21-3263774159-3587307793-2732057391-500
C:\Install.exe
c:\users\Lou\AppData\Local\Microsoft\Windows\Temporary Internet Files\4IlokX4rn.jpg
c:\users\Lou\AppData\Local\Microsoft\Windows\Temporary Internet Files\BDt7bJ4.jpg
c:\users\Lou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Oy338ex.jpg
c:\users\Lou\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMFep55.jpg
c:\users\Lou\Desktop\nudetube.com.lnk
c:\users\Lou\Desktop\pornotube.com.lnk
c:\users\Lou\Desktop\youporn.com.lnk
c:\users\Lou\FAVORI~1\_favdata.dat
c:\users\Lou\Favorites\_favdata.dat
c:\windows\system32\KBL.LOG
c:\windows\system32\drivers\gvclsu.sys . . . . failed to delete
Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_gvclsu
-------\Service_gvclsu
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.
2010-05-01 23:41 . 2010-05-01 23:43 -------- d-----w- c:\users\Lou\AppData\Local\temp
2010-05-01 23:41 . 2010-05-01 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-01 23:11 . 2010-05-01 23:11 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2010-04-27 22:21 . 2010-05-01 23:43 823808 ----a-w- c:\windows\system32\drivers\gvclsu.sys
2010-04-27 22:20 . 2010-04-27 22:49 -------- d-sh--w- c:\users\Lou\AppData\Roaming\lowsec
2010-04-27 20:57 . 2010-04-27 20:58 -------- d-----w- c:\program files\Cute Knight Kingdom Demo
2010-04-21 02:12 . 2010-04-21 02:12 32 --s-a-w- c:\users\Lou\AppData\Local\4287020310.dat
2010-04-14 21:57 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 21:57 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 21:57 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 21:56 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 21:56 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 21:56 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 21:54 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 21:54 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 21:54 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 09:44 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 09:44 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 23:17 . 2009-12-12 15:50 -------- d-----w- c:\programdata\Norton
2010-05-01 23:13 . 2007-11-12 06:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-01 23:11 . 2007-11-12 06:57 -------- d-----w- c:\programdata\Symantec
2010-05-01 23:11 . 2008-04-03 05:44 -------- d-----w- c:\program files\Symantec
2010-04-30 21:11 . 2009-01-06 10:20 5972 ----a-w- c:\users\Lou\AppData\Local\d3d9caps.dat
2010-04-27 22:29 . 2008-07-31 12:36 -------- d-----w- c:\users\Lou\AppData\Roaming\uTorrent
2010-04-27 22:29 . 2009-07-13 15:01 -------- d-----w- c:\programdata\pdf995
2010-04-27 03:07 . 2009-07-13 15:01 60 ----a-w- c:\windows\wpd99.drv
2010-04-26 19:13 . 2008-04-03 21:36 -------- d-----w- c:\users\Lou\AppData\Roaming\Skype
2010-04-26 19:05 . 2008-04-03 21:39 -------- d-----w- c:\users\Lou\AppData\Roaming\skypePM
2010-04-15 06:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-15 00:10 . 2007-11-12 08:38 -------- d-----w- c:\programdata\Microsoft Help
2010-03-23 20:49 . 2009-09-24 14:38 -------- d-----w- c:\users\Lou\AppData\Roaming\gtk-2.0
2010-03-22 22:59 . 2010-03-22 22:59 -------- d-----w- c:\users\Lou\AppData\Roaming\Malwarebytes
2010-03-22 22:58 . 2010-03-22 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-22 22:58 . 2010-03-22 22:58 -------- d-----w- c:\programdata\Malwarebytes
2010-03-22 22:41 . 2010-03-05 00:35 -------- d-----w- c:\users\Lou\AppData\Roaming\WinShell
2010-03-22 22:41 . 2010-01-21 00:41 -------- d-----w- c:\users\Lou\AppData\Roaming\Dev-Cpp
2010-03-05 00:35 . 2010-03-05 00:35 -------- d-----w- c:\program files\WinShell
2010-03-04 23:55 . 2010-02-24 13:31 -------- d-----w- c:\program files\MiKTeX 2.8
2010-03-04 16:46 . 2008-04-29 21:59 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-25 11:58 . 2008-04-03 04:54 86720 ----a-w- c:\users\Lou\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 11:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 11:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 11:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 11:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 03:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 03:00 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 03:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-02-25 01:05 293376 ----a-w- c:\windows\system32\browserchoice.exe
2006-05-03 10:06 . 2008-06-10 22:55 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2008-06-10 22:55 31232 --sh--r- c:\windows\System32\msfDX.dll
2007-12-17 13:43 . 2008-06-10 22:55 27648 --sh--w- c:\windows\System32\Smab0.dll
2008-12-21 01:36 . 2008-12-11 09:55 82534432 --sha-w- c:\windows\System32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-01-26 2633976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-28 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-01 148888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-12 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
c:\users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ac,57,38,9a,c0,34,ca,01
R2 gupdate1c9d35331ba1844;Google Update Service (gupdate1c9d35331ba1844);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 22:44]
2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 22:44]
2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{A7F3F3D5-62F7-427C-B5D4-201B298E7C61}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Presario&pf=laptopuInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: o2.co.uk\*.broadband
FF - ProfilePath - c:\users\Lou\AppData\Roaming\Mozilla\Firefox\Profiles\i1isjn8p.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.bing.com/search?FORM=IEFM1&q=FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=BjZGF2FMESTW56WkCqVBcQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-UDC Integration - (no file)
AddRemove-ZoneAlarm - c:\program files\Zone Labs\ZoneAlarm\zauninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-02 00:43
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1b476100-cbd2-4db2-b7ed-0c4b02c3bd76}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001b38
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{28334827-7b80-4bb6-8eaf-ed54843cddaf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e0016d3
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{80c093d6-5573-47c3-ba18-68bd130342b3}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:15000000
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9571ea11-e5d0-4799-81ce-26613d24a134}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b9b091aa-3f61-4407-8f4f-838ad2721c82}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11001f3a
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2732)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\O2\bin\sprtsvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2010-05-02 00:53:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-01 23:53
Pre-Run: 74,452,357,120 bytes free
Post-Run: 76,932,231,168 bytes free
- - End Of File - - 105A59C67F67732A5570E946279330B1