ComboFix 08-05-29.1 - HP_Administrator 2008-06-02 11:24:31.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1503 [GMT -4:00] Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Documents and Settings\HP_Administrator\Application Data\[u]0[/u]000000000t.dat C:\WINDOWS\accesss.exe C:\WINDOWS\astctl32.ocx C:\WINDOWS\avpcc.dll C:\WINDOWS\clrssn.exe C:\WINDOWS\editpad.exe C:\WINDOWS\internet.exe C:\WINDOWS\msconfd.dll C:\WINDOWS\mssys.exe C:\WINDOWS\msupdate.exe C:\WINDOWS\mtwirl32.dll C:\WINDOWS\notepad32.exe C:\WINDOWS\quicken.exe C:\WINDOWS\system32\g67.exe C:\WINDOWS\system32\vbpdtvdp.exe C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\users32.exe C:\WINDOWS\waol.exe C:\WINDOWS\win64.exe C:\WINDOWS\winajbm.dll C:\WINDOWS\window.exe C:\WINDOWS\winmgnt.exe C:\WINDOWS\xplugin.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\HP_Administrator\Application Data\[u]0[/u]000000000t.dat C:\Documents and Settings\LocalService\Application Data\Yapta C:\Documents and Settings\LocalService\Application Data\Yapta\Logs\tagger_log.txt C:\Documents and Settings\LocalService\Application Data\Yapta\settings.xml C:\Program Files\SurfingSoftware C:\Program Files\SurfingSoftware\pcre3.dll C:\Program Files\SurfingSoftware\SurfingSoftware.dat C:\Program Files\SurfingSoftware\uninstall.exe C:\WINDOWS\accesss.exe C:\WINDOWS\astctl32.ocx C:\WINDOWS\avpcc.dll C:\WINDOWS\clrssn.exe C:\WINDOWS\editpad.exe C:\WINDOWS\internet.exe C:\WINDOWS\msconfd.dll C:\WINDOWS\mssys.exe C:\WINDOWS\msupdate.exe C:\WINDOWS\mtwirl32.dll C:\WINDOWS\notepad32.exe C:\WINDOWS\quicken.exe C:\WINDOWS\system32\1026c C:\WINDOWS\system32\acom1 C:\WINDOWS\system32\bTMP C:\WINDOWS\system32\bTMP\autdx2.exe C:\WINDOWS\system32\g67.exe C:\WINDOWS\system32\rev3 C:\WINDOWS\system32\vbpdtvdp.exe C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\vd2 C:\WINDOWS\system32\vntiho18 C:\WINDOWS\users32.exe C:\WINDOWS\waol.exe C:\WINDOWS\win64.exe C:\WINDOWS\winajbm.dll C:\WINDOWS\window.exe C:\WINDOWS\winmgnt.exe C:\WINDOWS\xplugin.dll . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-01 13:43 . 2008-06-01 13:58 d-------- C:\HJT 2008-05-30 03:00 . 2008-05-30 03:00 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-30 01:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-30 01:54 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-30 01:25 . 2008-05-30 01:25 d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-30 01:25 . 2008-05-30 01:27 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-29 23:04 . 2008-05-29 23:05 d-------- C:\Program Files\Panda Security 2008-05-29 20:44 . 2008-05-29 20:46 d-------- C:\Program Files\SUPERAntiSpyware 2008-05-29 20:44 . 2008-05-29 20:44 d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2008-05-29 20:44 . 2008-05-29 20:44 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-29 17:14 . 2008-05-29 20:29 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-29 17:14 . 2008-05-29 17:14 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes 2008-05-29 17:14 . 2008-05-29 17:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-29 17:14 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-29 17:14 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-29 16:54 . 2008-05-29 20:29 d-------- C:\Program Files\Common Files\Download Manager 2008-05-29 16:33 . 2008-05-29 16:33 d-------- C:\Program Files\Enigma Software Group 2008-05-29 15:21 . 2008-05-29 11:45 1,681,135 --a------ C:\SDFix.exe 2008-05-29 14:08 . 2008-06-02 04:46 d-------- C:\Program Files\Spyware Doctor 2008-05-29 14:08 . 2008-05-29 14:08 d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools 2008-05-29 14:08 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-05-29 14:08 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-05-29 14:08 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-05-29 14:08 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-05-29 14:00 . 2008-05-30 15:00 d-------- C:\Program Files\Norton Security Scan 2008-05-29 13:40 . 2008-05-29 13:38 18,473,000 --a------ C:\sdsetup.exe 2008-05-29 13:05 . 2008-05-29 13:05 d-------- C:\Program Files\UnH Solutions 2008-05-29 13:05 . 2008-05-29 13:05 d-------- C:\Documents and Settings\All Users\Application Data\UnH Solutions 2008-05-29 12:44 . 2008-05-29 12:44 d-------- C:\Program Files\Lavasoft 2008-05-29 12:44 . 2008-05-29 20:44 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-29 12:44 . 2008-05-29 12:53 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-29 11:55 . 2008-05-29 11:55 d-------- C:\WINDOWS\ERUNT 2008-05-29 11:48 . 2008-05-29 15:41 d-------- C:\SDFix 2008-05-29 11:25 . 2008-05-29 11:18 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-05-29 11:18 . 2008-05-29 11:26 d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6 2008-05-29 10:28 . 2008-05-29 12:26 d-------- C:\Temp 2008-05-29 09:51 . 2008-05-29 09:51 d-------- C:\Program Files\Common Files\Adobe 2008-05-29 09:50 . 2008-05-29 09:50 d-------- C:\Program Files\Common Files\xing shared 2008-05-10 16:58 . 2008-05-10 16:58 d-------- C:\Program Files\Orb Networks 2008-05-10 16:58 . 2008-05-12 22:44 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 15:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-01 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-05-30 22:06 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM 2008-05-30 19:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-30 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-29 15:49 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire 2008-05-29 15:07 --------- d-----w C:\Program Files\LimeWire 2008-05-29 14:07 --------- d-----w C:\Program Files\Google 2008-05-29 13:55 --------- d-----w C:\Program Files\Real 2008-05-29 13:50 --------- d-----w C:\Program Files\Common Files\Real 2008-05-26 13:55 --------- d-----w C:\Program Files\Quicken 2008-04-26 09:33 --------- d-----w C:\Program Files\VoiceDialIt 2.0 for PalmOS 2008-04-25 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-25 21:32 --------- d-----w C:\Program Files\Common Files\Epocrates 2008-04-25 19:31 --------- d-----w C:\Program Files\Palm 2008-04-25 19:23 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-13 23:55 --------- d-----w C:\Program Files\WMR11 2008-04-13 23:52 --------- d-----w C:\Program Files\WinPcap 2007-03-26 00:59 5,495 ----a-w C:\Program Files\[u]0[/u]x0409.ini 2007-03-26 00:59 3,674,624 ----a-w C:\Program Files\PCmover.msi 2007-03-01 12:30 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-01_ 1.38.56.20 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-01 05:33:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-02 15:29:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 17:16 68856] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 00:01 67584] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 07:54 16010240 C:\WINDOWS\RTHDCPL.EXE] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 11:36 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 11:40 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 22:30 139264] "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152] "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 12:05 90112] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 01:34 249856] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 21:18 49152] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-29 09:49 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-05-19 15:34 1106344] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-05-19 15:39 1848150] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-05-19 15:34 126976] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2007-10-30 22:57 1095256] "HotSync"="C:\Program Files\PalmSource\Desktop\HotSync.exe" [ ] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240] C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ Calendar Creator Scheduler.lnk - C:\Program Files\Calendar Creator 4.0\CCSCHED.EXE [2007-03-01 12:01:44 97280] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-27 00:11:01 125624] HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 18:28:08 1392640] HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2008-01-03 18:28:08 1392640] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 21:40:44 282624] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Adapter 5.1.3214] C:\Documents and Settings\HP_Administrator\Application Data\kyzys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2008-03-31 21:54 507904 C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] --a------ 2008-01-23 15:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\HP Rhapsody\\rhapsody.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service S3 LLUSBFLT;LLUSBFLT;C:\WINDOWS\system32\drivers\llusbflt.sys [2006-05-03 09:19] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 13:31] S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2006-05-03 09:19] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N] \Shell\AutoRun\command - N:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26d0e56a-bf99-11db-9c3b-001731a59835}] \Shell\AutoRun\command - N:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d00a662-0ac0-11dc-9c51-001731a59835}] \Shell\AutoRun\command - L:\JDSecure\Windows\JDSecure31.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc0eb74a-b31a-11dc-9c75-001731a59835}] \Shell\AutoRun\command - N:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-05-31 05:01:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job" - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16 "2008-05-30 22:11:35 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 11:30:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\searchindexer.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\Program Files\DISC\DiscStreamHub.exe C:\hp\KBD\kbd.exe C:\WINDOWS\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\searchprotocolhost.exe . ************************************************************************** . Completion time: 2008-06-02 11:36:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-02 15:36:01 ComboFix2.txt 2008-06-01 05:39:24 Pre-Run: 27,439,112,192 bytes free Post-Run: 27,436,417,024 bytes free 301 --- E O F --- 2008-05-30 07:02:39