ComboFix 10-07-23.02 - Ian 07/23/2010 22:58:52.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.263 [GMT -5:00]
Running from: c:\documents and settings\ian\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\ian\My Documents\Downloads\CFscript.txt
FILE ::
"c:\windows\Dvemanesu.bin"
"c:\windows\Isifobubobo.dat"
"c:\windows\system32\charkrnl.dll"
"c:\windows\system32\drivers\xfdkcrk.sys"
"c:\windows\system32\Spool\prtprocs\w32x86\C79u1m.dll"
"c:\windows\system32\Spool\prtprocs\w32x86\o31m93w7u.dll"
"c:\windows\system32\Spool\prtprocs\w32x86\uOCE93kU9.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\ian\Local Settings\Application Data\bpjuvqknk
c:\windows\Dvemanesu.bin
c:\windows\Isifobubobo.dat
c:\windows\system32\charkrnl.dll
c:\windows\system32\drivers\xfdkcrk.sys
c:\windows\system32\Spool\prtprocs\w32x86\C79u1m.dll
c:\windows\system32\Spool\prtprocs\w32x86\o31m93w7u.dll
c:\windows\system32\Spool\prtprocs\w32x86\uOCE93kU9.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_xfdkcrk
-------\Service_xfdkcrk
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.
2010-07-24 04:06 . 2010-07-24 04:06 50176 ----a-w- c:\windows\system32\ernel32.dll
2010-07-24 04:06 . 2010-06-23 02:39 50176 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\c9sKUO3.dll
2010-07-24 02:00 . 2010-07-24 02:00 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-22 11:35 . 2010-07-22 11:35 47616 ----a-w- c:\windows\system32\bootetup.dll
2010-07-21 06:41 . 2010-06-23 02:39 50176 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\yW5uO.dll
2010-07-21 05:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 05:45 . 2010-07-23 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 05:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 02:15 . 2010-07-20 02:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-20 02:15 . 2010-07-20 02:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 13:55 . 2010-06-21 00:38 -------- d-----w- c:\documents and settings\ian\Application Data\uTorrent
2010-07-04 02:45 . 2010-05-30 03:25 -------- d-----w- c:\program files\SopCast
2010-06-23 02:39 . 2010-06-23 02:39 50176 ----a-w- c:\documents and settings\ian\Application Data\f00fa74b.exe
2010-06-23 02:39 . 2010-06-23 02:39 50176 ----a-w- c:\documents and settings\ian\Application Data\f00fa74b.exe
2010-06-21 01:19 . 2010-06-21 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-21 01:11 . 2010-06-21 01:11 25214 ----a-r- c:\documents and settings\ian\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2010-06-21 01:11 . 2010-06-21 01:11 25214 ----a-r- c:\documents and settings\ian\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2010-06-21 01:11 . 2010-06-21 01:11 25214 ----a-r- c:\documents and settings\ian\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2010-06-21 01:11 . 2010-06-21 01:11 25214 ----a-r- c:\documents and settings\ian\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2010-06-21 01:11 . 2010-06-21 01:11 25214 ----a-r- c:\documents and settings\ian\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2010-06-21 01:11 . 2010-06-21 01:11 25214 ----a-r- c:\documents and settings\ian\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2010-05-30 05:51 . 2010-05-30 05:51 40960 ----a-w- c:\windows\charkrnl.dll
2010-05-30 05:51 . 2010-05-30 05:51 4 ----a-w- c:\documents and settings\LocalService\Application Data\czyiwa.dat
2010-05-30 05:49 . 2008-07-09 14:39 -------- d-----w- c:\program files\Google
2010-05-30 05:46 . 2010-05-30 05:46 -------- d-----w- c:\program files\Bing Bar Installer
2010-05-30 05:46 . 2010-05-30 05:46 -------- d-----w- c:\program files\Microsoft
2010-05-30 05:46 . 2010-05-30 05:46 -------- d-----w- c:\program files\MSN Toolbar
2010-05-30 02:48 . 2010-05-30 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2010-05-28 05:00 . 2010-05-28 05:00 503808 ----a-w- c:\documents and settings\ian\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-396609c6-n\msvcp71.dll
2010-05-28 05:00 . 2010-05-28 05:00 348160 ----a-w- c:\documents and settings\ian\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-396609c6-n\msvcr71.dll
2010-05-28 05:00 . 2010-05-28 05:00 499712 ----a-w- c:\documents and settings\ian\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-396609c6-n\jmc.dll
2010-05-07 22:22 . 2009-12-25 21:04 68648 ----a-w- c:\documents and settings\ian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 04:18 . 2009-10-04 03:44 32 ----a-w- c:\windows\msocreg32.dat
.
(((((((((((((((((((((((((((((
SnapShot@2010-07-24_01.42.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-24 04:05 . 2010-07-24 04:05 16384 c:\windows\temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-21 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-07 149280]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-12-01 33280]
"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2008-06-13 525592]
"WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2008-08-27 124184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
VPN Client.lnk - c:\windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-2-1 6144]
WinZip Quick Pick.lnk - c:\program files\Winzip\WZQKPICK.EXE [2010-4-5 494920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"=
"c:\\Program Files\\Sierra Wireless Inc\\WebUpdater\\SwiApiMux.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\spoolsv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2/25/2010 11:59 AM 1047880]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [10/10/2007 9:58 AM 43640]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [3/26/2007 3:18 PM 20352]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 11:18 AM 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 8:23 PM 135664]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [11/20/2008 11:07 PM 113152]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/20/2010 8:22 PM 14424]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 3:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 3:36 PM 142976]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\urvpndrv.sys --> c:\windows\system32\DRIVERS\urvpndrv.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-07-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
2010-07-24 c:\windows\Tasks\f00fa74b.job
- c:\documents and settings\ian\Application Data\f00fa74b.exe [2010-06-23 02:39]
2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 01:23]
2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 01:23]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090899367-2975912428-2353060782-1009Core.job
- c:\documents and settings\ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-21 00:55]
2010-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2090899367-2975912428-2353060782-1009UA.job
- c:\documents and settings\ian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-21 00:55]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
LSP: bmnet.dll
DPF: {7D12A6AE-8F73-4FFF-824B-41EEE98AB37B} -
hxxp://10.102.72.66/hrs/download/Setup.cabDPF: {D7967FA2-F1F9-420D-A49E-9249309056A2} -
hxxps://216.163.10.130/hrs/download/Setup.cabDPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} -
hxxps://nstr.triadhospitalsinc.com/vpns/scripts/nsload.ocxFF - ProfilePath - c:\documents and settings\ian\Application Data\Mozilla\Firefox\Profiles\w5z8jv77.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - plugin: c:\documents and settings\ian\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-23 23:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x820C5EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8513f28
\Driver\ACPI -> ACPI.sys @ 0xf8386cb8
\Driver\atapi -> atapi.sys @ 0xf8238852
\Driver\iaStor -> iaStor.sys @ 0xf816eb58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf806ebb0
PacketIndicateHandler -> NDIS.sys @ 0xf807ba21
SendHandler -> NDIS.sys @ 0xf805987b
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(1420)
c:\windows\system32\WININET.dll
c:\windows\system32\bmnet.dll
- - - - - - - > 'explorer.exe'(1024)
c:\windows\system32\WININET.dll
c:\windows\system32\bmnet.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\AGRSMMSG.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-23 23:16:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 04:16
ComboFix2.txt 2010-07-24 01:45
Pre-Run: 8,075,800,576 bytes free
Post-Run: 7,963,373,568 bytes free
- - End Of File - - 48F5193B742BA92FB5742B1D37C2A42E