ComboFix 09-09-13.04 - Declan 13/09/2009 22:15.1.2 - NTFSx86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.353.1033.18.1014.298 [GMT 1:00] Running from: c:\users\Declan\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-655246962-777229395-1854717134-500 c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500 c:\programdata\Microsoft\Windows\Start Menu\Programs\Contraviro c:\programdata\Microsoft\Windows\Start Menu\Programs\Contraviro.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Contraviro\Activate Contraviro.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Contraviro\Contraviro.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Contraviro\How to Activate Contraviro.lnk c:\windows\system32\hkcmd .exe c:\windows\system32\igfxpers .exe c:\windows\system32\igfxtray .exe c:\windows\system32\lphcg44j0ep3c .exe c:\windows\system32\rthdvcpl .exe . ((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 ))))))))))))))))))))))))))))))) . 2009-09-13 21:34 . 2009-09-13 21:34 -------- d-----w- c:\users\Declan\AppData\Local\temp 2009-09-13 19:22 . 2009-09-13 19:22 288768 ----a-w- C:\RootLogThing.exe 2009-09-13 16:29 . 2009-09-13 16:29 -------- d-----w- c:\users\Declan\AppData\Roaming\PixelMetrics 2009-09-13 16:29 . 2009-09-13 16:29 -------- d-----w- c:\program files\CaptureWiz 2009-09-13 15:38 . 2009-09-13 15:38 -------- d-----w- C:\$AVG8.VAULT$ 2009-09-13 15:07 . 2009-09-13 15:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-13 15:07 . 2009-09-13 15:07 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-13 15:07 . 2009-09-13 15:07 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-13 15:07 . 2009-09-13 15:07 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-13 15:06 . 2009-09-13 15:06 -------- d-----w- c:\windows\system32\drivers\Avg 2009-09-13 15:05 . 2009-09-13 15:05 -------- d-----w- c:\program files\AVG 2009-09-13 15:05 . 2009-09-13 15:05 -------- d-----w- c:\programdata\avg8 2009-09-13 14:11 . 2009-09-13 14:11 -------- d-----w- c:\users\Declan\AppData\Roaming\AVG8 2009-09-13 13:52 . 2009-07-28 20:09 23552 ----a-w- c:\windows\system32\drivers\tdifw_drv.sys 2009-09-13 13:39 . 2009-09-13 13:39 -------- d-----w- c:\users\Declan\AppData\Roaming\GeoVid 2009-09-13 13:38 . 2009-09-13 13:38 -------- d-----w- c:\program files\Common Files\fmm 2009-09-13 13:38 . 2009-09-13 13:38 -------- d-----w- c:\programdata\GeoVid 2009-09-13 13:38 . 2009-09-13 13:38 -------- d-----w- c:\program files\Common Files\GeoVid 2009-09-13 13:38 . 2005-06-07 15:11 60416 ----a-w- c:\windows\system32\dsetup.dll 2009-09-13 13:38 . 2009-09-13 13:38 -------- d-----w- c:\program files\GeoVid 2009-09-12 18:35 . 2009-09-12 18:35 -------- d-----w- c:\users\Declan\AppData\Local\DVD_Detective_Software 2009-09-12 17:58 . 2009-09-12 17:58 -------- d-----w- c:\program files\DVD Detective Software 2009-09-11 19:20 . 2009-09-11 19:20 -------- d-----w- c:\users\Declan\AppData\Roaming\dvdcss 2009-09-11 18:04 . 2009-09-11 18:04 -------- d-----w- c:\users\Declan\AppData\Roaming\AVS4YOU 2009-09-11 18:03 . 2009-09-11 18:03 -------- d-----w- c:\programdata\AVS4YOU 2009-09-11 17:57 . 2009-09-11 18:01 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-09-11 17:55 . 2009-09-11 18:02 -------- d-----w- c:\program files\AVS4YOU 2009-09-11 17:55 . 2008-08-13 10:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-09-11 17:55 . 2008-08-13 10:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-09-11 05:18 . 2009-09-11 05:18 -------- d-----w- c:\program files\7-Zip 2009-09-11 00:49 . 2009-09-11 00:49 -------- d-----w- c:\program files\MarkAny 2009-09-11 00:18 . 2009-09-11 00:53 -------- d-----w- c:\users\Declan\AppData\Local\Downloaded Installations 2009-09-10 23:33 . 2009-09-10 23:35 -------- d-----w- c:\program files\FoneFunShop S8000 Debrand Pack 2009-09-10 23:12 . 2009-09-10 23:12 -------- d-----w- c:\users\Declan\{c4c68fd2-c392-48b4-85f4-d9fc07fc273d} 2009-09-10 00:47 . 2009-09-10 00:47 -------- d-----w- c:\windows\system32\QuickTime 2009-09-10 00:46 . 2009-09-10 00:46 -------- d-----w- c:\program files\Common Files\TechSmith Shared 2009-09-09 23:45 . 2009-09-09 23:46 -------- d-----w- c:\program files\Avidemux 2.5 2009-09-09 23:13 . 2009-09-09 23:13 -------- d-----w- C:\DVDTemp 2009-09-09 23:12 . 2009-09-09 23:17 -------- d-----w- c:\program files\Super_DVD_Creator_9.8 2009-09-09 23:09 . 2009-09-09 23:22 -------- d-----w- c:\program files\SuperDVD Video Editor 2009-09-08 07:12 . 2009-09-08 07:13 -------- d-----w- c:\users\Declan\AppData\Roaming\Watermark Master 2009-09-08 07:12 . 2009-09-08 07:12 -------- d-----w- c:\program files\Videocharge Software 2009-09-08 06:59 . 2009-09-08 06:59 -------- d-----w- c:\program files\Video Watermark Factory 2009-09-07 21:49 . 2009-09-07 21:51 -------- d-----w- c:\users\Declan\AppData\Roaming\avidemux 2009-09-07 15:39 . 2009-09-07 16:38 -------- d-----w- c:\program files\HooTech 2009-09-07 15:08 . 2009-09-07 15:35 -------- d-----w- C:\SEA_OF_LOVE22 2009-09-07 14:25 . 2009-09-07 14:25 -------- d-----w- C:\SEA_OF_LOVE 2009-09-07 14:18 . 2009-09-07 14:18 -------- d-----w- c:\program files\DVD Shrink 2009-09-07 10:19 . 2009-09-07 16:38 -------- d-----w- c:\program files\WAV to MP3 Encoder 2009-09-07 10:08 . 2009-09-07 16:36 -------- d-----w- c:\program files\Mp3 File Editor 2009-09-07 06:24 . 2009-09-07 06:24 -------- d-----w- c:\users\Declan\AppData\Roaming\Syntrillium 2009-09-07 06:22 . 2009-09-07 06:24 -------- d-----w- c:\program files\coolpro2 2009-09-07 05:35 . 2009-09-07 05:57 -------- d-----w- c:\program files\BestPractice 2009-09-07 05:32 . 2009-09-07 05:32 -------- d-----w- c:\users\Declan\AppData\Roaming\Roni Music 2009-09-07 05:32 . 2009-09-07 16:20 -------- d-----w- c:\program files\Roni Music 2009-09-06 18:55 . 2009-09-06 18:55 -------- d-----w- c:\programdata\Adobe Systems 2009-09-06 18:54 . 2009-09-06 18:54 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2009-09-06 16:37 . 2009-09-08 03:31 -------- d-----w- c:\program files\Audacity 2009-09-06 01:58 . 2008-07-03 00:48 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2009-09-06 01:58 . 2007-09-17 14:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-09-06 01:52 . 2009-09-11 00:49 -------- d-----w- c:\program files\PC Connectivity Solution 2009-09-06 00:50 . 2009-09-06 00:50 -------- d-----w- c:\users\Declan\AppData\Roaming\PC Suite 2009-09-06 00:50 . 2009-09-06 00:50 -------- d-----w- c:\programdata\PC Suite 2009-09-06 00:46 . 2007-05-02 15:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-09-06 00:42 . 2009-09-10 23:10 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers 2009-09-06 00:42 . 2009-09-06 00:46 -------- d-----w- c:\program files\DIFX 2009-09-06 00:42 . 2009-08-14 14:47 237984 ----a-w- c:\windows\system32\FsUsbExService.Exe 2009-09-06 00:42 . 2009-02-16 15:13 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys 2009-09-06 00:42 . 2009-02-16 15:13 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll 2009-09-06 00:41 . 2009-09-11 00:51 -------- d-----w- c:\users\Declan\AppData\Roaming\Samsung 2009-09-06 00:37 . 2009-09-11 00:13 -------- d-----w- c:\program files\Samsung 2009-09-04 03:03 . 2009-09-05 23:18 -------- d-----w- c:\users\Declan\AppData\Local\ROUTE 66 Sync 9 2009-09-04 03:00 . 2009-09-04 03:00 -------- d-----w- c:\program files\Common Files\ROUTE 66 2009-09-04 03:00 . 2009-09-04 03:00 -------- d-----w- c:\program files\ROUTE 66 2009-09-03 16:00 . 2009-09-03 16:00 -------- d-----w- c:\users\Declan\AppData\Roaming\ROUTE 66 Sync 2009-09-03 03:48 . 2009-09-03 03:48 -------- d-----w- c:\program files\Nyditot 2009-09-02 12:09 . 2009-09-02 12:10 -------- d-----w- c:\program files\QuickTime 2009-09-02 12:09 . 2009-09-02 12:09 -------- d-----w- c:\programdata\Apple Computer 2009-09-02 12:07 . 2009-09-02 12:07 -------- d-----w- c:\users\Declan\AppData\Local\Apple 2009-09-02 12:07 . 2009-09-02 12:07 -------- d-----w- c:\program files\Apple Software Update 2009-09-02 12:07 . 2009-09-02 12:07 -------- d-----w- c:\programdata\Apple 2009-09-02 10:15 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll 2009-09-02 10:15 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-09-02 10:15 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-09-02 10:15 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-09-02 10:14 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-02 10:14 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll 2009-09-02 10:14 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2009-09-02 10:14 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-09-02 10:14 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2009-08-30 19:34 . 2009-09-07 16:48 -------- d-----w- c:\program files\Movie Maker 2.6 2009-08-30 19:13 . 2009-08-30 19:24 -------- d-----w- c:\users\Declan\AppData\Local\WMTools Downloaded Files 2009-08-30 17:57 . 2009-08-30 18:34 -------- d-----w- c:\users\Declan\Terry's Folder 2009-08-30 13:05 . 2009-08-30 13:05 -------- d-----w- c:\users\Declan\AppData\Roaming\Inkscape 2009-08-30 12:57 . 2009-08-30 19:47 -------- d-----w- c:\program files\Inkscape 2009-08-29 06:30 . 2009-08-29 06:30 -------- d-----w- c:\program files\RamBooster 2.0 2009-08-28 12:30 . 2009-08-29 05:12 -------- d-----w- c:\program files\Bulk Image Downloader 2009-08-27 06:10 . 2009-08-27 06:10 -------- d-----w- c:\program files\Common Files\xing shared 2009-08-27 06:09 . 2009-08-27 06:09 -------- d-----w- c:\program files\Real 2009-08-27 06:09 . 2009-08-27 06:10 -------- d-----w- c:\program files\Common Files\Real 2009-08-27 04:30 . 2009-08-27 04:30 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-08-27 04:22 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll 2009-08-27 04:20 . 2009-06-05 09:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-27 04:20 . 2009-06-05 09:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-27 04:16 . 2009-08-31 00:10 -------- d-----w- c:\users\Declan\Virtual Desktop 2009-08-27 03:39 . 2009-08-30 19:46 -------- d-----w- c:\users\Declan\AppData\Roaming\Download Manager 2009-08-26 14:08 . 2009-08-26 14:08 -------- d-sh--w- c:\windows\ftpcache 2009-08-26 13:53 . 2009-08-26 13:53 -------- d-----w- c:\users\Declan\AppData\Roaming\Malwarebytes 2009-08-26 13:53 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-26 13:52 . 2009-08-26 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-26 13:52 . 2009-08-26 13:52 -------- d-----w- c:\programdata\Malwarebytes 2009-08-26 13:52 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-26 05:23 . 2009-08-26 15:17 -------- d-----w- c:\programdata\VistaCodecs 2009-08-26 03:44 . 2009-08-26 03:44 -------- d-----w- c:\program files\CCleaner 2009-08-25 19:51 . 2009-08-25 19:51 -------- d-----w- c:\program files\Rundll Errors Fix Wizard 2009-08-25 19:51 . 2009-05-20 13:23 44544 ----a-w- c:\windows\rv.dat 2009-08-25 19:51 . 2009-05-20 13:23 33280 ----a-w- c:\windows\rxp.dat 2009-08-25 19:51 . 2009-04-16 13:14 81920 ----a-w- c:\windows\eSellerateControl350.dll 2009-08-25 19:51 . 2009-04-16 13:14 356352 ----a-w- c:\windows\eSellerateEngine.dll 2009-08-25 19:04 . 2009-09-07 14:22 -------- d-----w- c:\programdata\DVD Shrink 2009-08-25 18:46 . 2002-07-17 15:23 45056 ----a-w- c:\windows\system32\WNASPI32.DLL 2009-08-25 18:46 . 2002-07-17 15:20 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS 2009-08-25 18:46 . 2009-08-26 01:24 -------- d-----w- c:\program files\Free DVD Ripper 2009-08-25 14:41 . 2009-09-02 10:15 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-08-25 14:32 . 2009-08-25 14:32 -------- d-----w- C:\OutputFolder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-13 18:22 . 2009-08-11 13:25 102632 ----a-w- c:\users\Declan\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-13 13:51 . 2007-04-26 18:59 26112 ----a-w- c:\windows\system32\igfxpers.exe 2009-09-13 13:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-09-11 19:21 . 2009-08-13 22:07 -------- d-----w- c:\users\Declan\AppData\Roaming\vlc 2009-09-10 23:04 . 2007-04-26 18:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-08 17:37 . 2007-04-26 23:01 -------- d-----w- c:\program files\Google 2009-09-06 18:53 . 2007-04-26 22:55 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-25 14:40 . 2009-08-11 22:59 -------- d-----w- c:\program files\DivX 2009-08-24 00:26 . 2007-04-26 23:24 -------- d-----w- c:\programdata\Symantec 2009-08-24 00:26 . 2007-04-26 23:23 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-24 00:13 . 2009-08-12 01:02 -------- d-----w- c:\program files\GetGo Software 2009-08-22 19:52 . 2009-08-11 13:25 -------- d-----w- c:\users\Declan\AppData\Roaming\Sony Corporation 2009-08-22 19:52 . 2007-04-26 18:13 -------- d-----w- c:\program files\sony 2009-08-14 17:12 . 2009-08-14 17:12 -------- d-----w- c:\users\Declan\AppData\Roaming\InterVideo 2009-08-14 12:08 . 2009-08-11 21:13 -------- d-----w- c:\users\Default\AppData\Roaming\Sony Corporation 2009-08-13 13:39 . 2009-08-13 13:39 -------- d-----w- c:\program files\VideoLAN 2009-08-12 15:29 . 2009-08-12 15:29 -------- d-----w- c:\users\Declan\AppData\Roaming\Auslogics 2009-08-12 15:29 . 2009-08-12 15:29 -------- d-----w- c:\program files\Auslogics 2009-08-12 14:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-08-12 14:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-08-12 14:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-08-12 14:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-08-12 14:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-08-12 14:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-08-12 14:55 . 2009-08-12 14:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-08-12 06:56 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2009-08-12 06:56 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2009-08-12 05:05 . 2009-08-12 03:46 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-12 05:01 . 2007-04-26 23:11 -------- d-----w- c:\programdata\Microsoft Help 2009-08-12 04:30 . 2009-08-12 04:30 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-08-12 04:29 . 2009-08-12 04:25 -------- d-----w- c:\program files\Windows Live 2009-08-12 04:29 . 2009-08-12 04:29 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-08-12 04:27 . 2009-08-12 04:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-08-12 04:26 . 2009-08-12 03:46 -------- d-----w- c:\program files\Microsoft 2009-08-12 04:26 . 2009-08-12 04:26 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-08-12 03:49 . 2009-08-12 03:49 -------- d-----w- c:\program files\Common Files\Windows Live 2009-08-12 02:05 . 2007-04-26 22:50 -------- d-----w- c:\program files\Microsoft Works 2009-08-12 01:02 . 2009-08-12 01:02 -------- d-----w- c:\users\Declan\AppData\Roaming\GetGo Software 2009-08-11 22:59 . 2009-08-11 22:59 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-08-11 22:59 . 2009-08-11 22:59 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-08-11 21:53 . 2009-08-11 21:53 61440 ----a-w- c:\windows\system32\winipsec.dll 2009-08-11 21:53 . 2009-08-11 21:53 272896 ----a-w- c:\windows\system32\polstore.dll 2009-08-11 21:48 . 2009-08-11 21:48 2034688 ----a-w- c:\windows\system32\win32k.sys 2009-08-11 21:47 . 2009-08-11 21:47 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-08-11 21:47 . 2009-08-11 21:47 34304 ----a-w- c:\windows\system32\atmlib.dll 2009-08-11 21:47 . 2009-08-11 21:47 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-08-11 21:47 . 2009-08-11 21:47 23552 ----a-w- c:\windows\system32\lpk.dll 2009-08-11 21:47 . 2009-08-11 21:47 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-08-11 21:47 . 2009-08-11 21:47 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-08-11 21:43 . 2009-08-11 21:43 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-11 21:36 . 2009-08-11 21:36 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-11 21:35 . 2009-08-11 21:35 53248 ----a-w- c:\windows\system32\tsgqec.dll 2009-08-11 21:35 . 2009-08-11 21:35 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-11 21:35 . 2009-08-11 21:35 136192 ----a-w- c:\windows\system32\aaclient.dll 2009-08-11 21:32 . 2009-08-11 21:32 2048 ----a-w- c:\windows\system32\msxml3r.dll 2009-08-11 21:23 . 2009-08-11 21:23 623616 ----a-w- c:\windows\system32\localspl.dll 2009-08-11 21:22 . 2009-08-11 21:22 -------- d-----w- c:\users\Declan\AppData\Roaming\GRETECH 2009-08-11 21:21 . 2009-08-11 21:21 -------- d-----w- c:\program files\GRETECH 2009-08-11 21:21 . 2009-08-11 21:21 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-11 21:21 . 2009-08-11 21:21 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-08-11 21:21 . 2009-08-11 21:21 65024 ----a-w- c:\windows\system32\avicap32.dll 2009-08-11 21:21 . 2009-08-11 21:21 31232 ----a-w- c:\windows\system32\msvidc32.dll 2009-08-11 21:21 . 2009-08-11 21:21 12800 ----a-w- c:\windows\system32\msrle32.dll 2009-08-11 21:21 . 2009-08-11 21:21 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-08-11 21:18 . 2007-04-26 23:07 -------- d-----w- c:\programdata\Sony Corporation 2009-08-11 21:18 . 2009-08-11 21:13 -------- d-----w- c:\users\Declan\AppData\Roaming\Media Player Classic 2009-08-11 21:14 . 2009-08-11 21:14 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-08-11 21:14 . 2009-08-11 21:14 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-08-11 21:14 . 2009-08-11 21:14 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-08-11 21:14 . 2009-08-11 21:14 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-08-11 21:14 . 2009-08-11 21:14 9728 ----a-w- c:\windows\system32\lsass.exe 2009-08-11 21:14 . 2009-08-11 21:14 72704 ----a-w- c:\windows\system32\secur32.dll 2009-08-11 21:14 . 2009-08-11 21:14 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2009-08-11 21:14 . 2009-08-11 21:14 270848 ----a-w- c:\windows\system32\schannel.dll 2009-08-11 21:10 . 2009-08-11 21:10 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll 2009-08-11 21:10 . 2009-08-11 21:10 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll 2009-08-11 21:10 . 2009-08-11 21:10 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll 2009-08-11 21:10 . 2009-08-11 21:10 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll 2009-08-11 21:08 . 2009-08-11 21:08 9847296 ----a-w- c:\windows\system32\NlsData000a.dll 2009-08-11 21:08 . 2009-08-11 21:08 2643456 ----a-w- c:\windows\system32\NlsData000c.dll 2009-08-11 21:08 . 2009-08-11 21:08 2342912 ----a-w- c:\windows\system32\NlsData000d.dll 2009-08-11 21:08 . 2009-08-11 21:08 1965056 ----a-w- c:\windows\system32\NlsData000f.dll 2009-08-11 21:08 . 2009-08-11 21:08 4495360 ----a-w- c:\windows\system32\NlsData0414.dll 2009-08-11 21:08 . 2009-08-11 21:08 4495360 ----a-w- c:\windows\system32\NlsData0416.dll 2009-08-11 21:08 . 2009-08-11 21:08 4495360 ----a-w- c:\windows\system32\NlsData0816.dll 2009-08-11 21:08 . 2009-08-11 21:08 1965056 ----a-w- c:\windows\system32\NlsData081a.dll 2009-08-11 21:08 . 2009-08-11 21:08 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll 2009-08-11 21:08 . 2009-08-11 21:08 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll 2009-08-11 21:04 . 2009-08-11 21:04 6656 ----a-w- c:\windows\system32\kbd106n.dll 2009-08-11 20:40 . 2007-04-26 23:04 -------- d-----w- c:\program files\Microsoft SQL Server 2009-08-11 20:28 . 2009-08-11 20:28 37888 ----a-w- c:\windows\system32\printcom.dll 2009-08-11 20:27 . 2009-08-11 20:27 14848 ----a-w- c:\windows\system32\wshrm.dll 2009-08-11 20:27 . 2009-08-11 20:27 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-11 20:27 . 2009-08-11 20:27 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-11 20:27 . 2009-08-11 20:27 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-11 20:27 . 2009-08-11 20:27 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-11 17:06 . 2009-08-11 17:06 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-08-11 16:47 . 2009-08-11 16:47 84480 ----a-w- c:\windows\system32\INETRES.dll 2009-08-11 16:45 . 2009-08-11 16:45 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-08-11 16:42 . 2009-08-11 16:42 2048 ----a-w- c:\windows\system32\msxml6r.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-01-05 12:41 2857984 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-01-05 12:41 2857984 ----a-w- c:\program files\Protector Suite QL\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-13 26112] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-04-17 321656] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-06 4423680] c:\users\Declan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CaptureWiz.lnk - c:\program files\CaptureWiz\Lite\CaptureWiz.exe [2009-9-13 1380864] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-2 2756608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-01-05 12:28 90112 ----a-w- c:\windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-04-24 00:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Declan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CaptureWiz.lnk] path=c:\users\Declan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk backup=c:\windows\pss\CaptureWiz.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):84,f2,db,23,5e,1b,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{16D1EF54-66A2-4638-8F2E-B0F8CDC54FDC}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk "{4149C113-48AF-4DBA-801A-A26536571C4E}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk "{7D678989-5DBE-4E44-9740-9ABD45893DCC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{177B36D3-002D-4251-8AA7-CAB2E65D9F17}"= Disabled:UDP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{C86FA369-D464-4D5A-A0A6-D5BAC97C3E48}"= Disabled:TCP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{48476438-3387-4488-BB9E-98C3C0334462}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{8CCA6C34-099D-40B9-B526-1689135B6CF9}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{DCBDA337-D5FC-4957-9309-06FEF84C4C7D}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows "TCP Query User{FFE3FA17-BBE4-4AC7-934B-FAC7E31B7B02}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1264F57D-23F3-4669-80FD-84B61092BB1B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{E47E3A46-4907-42EB-AA80-46348FCF5B57}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{43B5F839-22CA-45C1-B721-904929FBBBDB}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer "TCP Query User{0DA9A034-28C3-4E1D-B7A4-0C1B0019E81D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{1DB98D19-E081-4720-9D25-082848E8E7C5}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{AAD2A3EE-B7E4-4185-A2F2-19F6605ECB29}c:\\program files\\route 66\\route 66 sync\\route66sync.exe"= UDP:c:\program files\route 66\route 66 sync\route66sync.exe:ROUTE 66 Sync "UDP Query User{8AA6BFF7-6B17-4158-87E4-3182A6E1AEE8}c:\\program files\\route 66\\route 66 sync\\route66sync.exe"= TCP:c:\program files\route 66\route 66 sync\route66sync.exe:ROUTE 66 Sync "{98C24026-FE0C-4F14-A02F-5668122422D1}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server "{E6512271-CD47-46D2-A7F7-3E00D1E8679C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server "{52060310-870B-47CD-8A3A-1CDFAA34B80E}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server "{26CEB672-1253-45C0-9365-8DF13C81205C}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [13/09/2009 16:07 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [13/09/2009 16:07 108552] R1 tdifw_drv;tdifw_drv;c:\windows\System32\drivers\tdifw_drv.sys [13/09/2009 14:52 23552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2009 16:05 297752] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [20/02/2009 09:46 30312] R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [06/09/2009 01:42 237984] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712] R2 regi;regi;c:\windows\System32\drivers\regi.sys [03/01/2007 11:19 11032] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [06/09/2009 01:42 36608] R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [26/04/2007 19:58 73472] R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [26/04/2007 19:58 43904] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [26/04/2007 19:59 31104] R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [23/04/2007 13:29 812544] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [25/08/2009 19:46 84832] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [12/08/2009 05:30 55280] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/08/2009 04:32 133104] S4 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [11/08/2009 14:45 745472] S4 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [11/08/2009 14:44 397312] S4 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [11/08/2009 14:44 1089536] --- Other Services/Drivers In Memory --- *Deregistered* - aujasnkj [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-15 03:32] 2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-15 03:32] 2009-09-13 c:\windows\Tasks\User_Feed_Synchronization-{BF2A9092-2384-4953-B32C-E035E2EB363B}.job - c:\windows\system32\msfeedssync.exe [2009-08-12 20:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = 134.151.255.180:3124 IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Declan\AppData\Roaming\Mozilla\Firefox\Profiles\f7457vi7.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll FF - component: c:\users\Declan\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe HKLM-Run-NPSStartup - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-13 22:34 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2842445565-3301440535-2179204889-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E652B76-8D91-FE0C-7086-1312CF84256D}*] @Allowed: (Read) (RestrictedCode) "oagakhclcljedjbbdcbdpchgndbdfp"=hex:64,61,67,63,6b,6e,6a,65,00,41 "oacbcpbgcacclehljhmmefopcpalap"=hex:6a,61,6a,61,64,66,70,6a,6e,70,69,6d,64,6f, 6f,69,62,6e,65,68,00,00 "namaihcdlihoflleafbdkgapjmnk"=hex:6a,61,6a,61,64,66,70,6a,6e,70,69,6d,64,6f, 6f,69,62,6e,65,68,00,00 [HKEY_USERS\S-1-5-21-2842445565-3301440535-2179204889-1004_Classes\CLSID\{10ef5575-73be-4848-b0d5-79ce14d944fb}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000ff "Therad"=dword:00000018 [HKEY_USERS\S-1-5-21-2842445565-3301440535-2179204889-1004_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):23,b3,c1,58,24,a0,66,4c,8a,e3,4b,c7,10,1d,51,9c,db,ff,38,ea,ab, 1d,c5,92,92,da,29,3b,07,36,35,00,82,88,81,b4,28,fb,4a,61,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(740) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infra.dll . Completion time: 2009-09-13 22:38 ComboFix-quarantined-files.txt 2009-09-13 21:38 Pre-Run: 11,659,223,040 bytes free Post-Run: 11,618,590,720 bytes free 455 --- E O F --- 2009-08-28 13:37