ComboFix 10-07-14.02 - Larry 07/15/2010 6:54.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.991 [GMT -5:00] Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100714-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Larry\Local Settings\Application Data\{AA334B2E-9374-4907-ABC9-79883DF254B7} c:\documents and settings\Larry\Local Settings\Application Data\{AA334B2E-9374-4907-ABC9-79883DF254B7}\chrome.manifest c:\documents and settings\Larry\Local Settings\Application Data\{AA334B2E-9374-4907-ABC9-79883DF254B7}\chrome\content\_cfg.js c:\documents and settings\Larry\Local Settings\Application Data\{AA334B2E-9374-4907-ABC9-79883DF254B7}\chrome\content\overlay.xul c:\documents and settings\Larry\Local Settings\Application Data\{AA334B2E-9374-4907-ABC9-79883DF254B7}\install.rdf c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf c:\windows\evuzoxufapifov.dll c:\windows\jestertb.dll c:\windows\msdvig2.dll Infected copy of c:\windows\system32\drivers\agp440.sys was found and disinfected Restored copy from - Kitty had a snack :p . ((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 ))))))))))))))))))))))))))))))) . 2010-07-15 11:23 . 2010-07-15 11:23 -------- d-----w- C:\_OTL 2010-07-13 22:52 . 2010-07-13 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-07-13 22:11 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-13 22:11 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-13 21:05 . 2010-07-15 08:47 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-13 20:51 . 2010-07-14 01:03 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\tykyspnrg 2010-06-24 18:30 . 2010-06-24 18:30 -------- d-----w- c:\documents and settings\Larry\Application Data\dvdcss 2010-06-24 17:32 . 2010-07-15 12:08 -------- d-----w- c:\documents and settings\Larry\Application Data\LimeWire 2010-06-24 17:25 . 2010-06-24 17:32 -------- d-----w- c:\program files\LimeWire 2010-06-24 17:18 . 2010-06-24 17:18 -------- d-----w- c:\program files\iPod 2010-06-24 17:18 . 2010-06-24 17:19 -------- d-----w- c:\program files\iTunes 2010-06-24 17:08 . 2010-06-24 17:08 -------- d-----w- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-15 12:05 . 2007-12-25 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak 2010-07-14 16:55 . 2007-09-10 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-11 19:53 . 2003-12-02 20:44 -------- d-----w- c:\program files\Quicken 2010-07-01 13:18 . 2008-09-18 22:35 -------- d-----w- c:\documents and settings\Larry\Application Data\BitTorrent 2010-06-24 17:18 . 2008-04-23 22:44 -------- d-----w- c:\program files\Common Files\Apple 2010-06-24 17:01 . 2009-07-18 19:25 -------- d-----w- c:\program files\Safari 2010-05-26 13:20 . 2007-09-10 16:28 46144 -c--a-w- c:\documents and settings\Larry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 22:38 . 2008-10-31 15:19 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-05-25 19:59 . 2009-01-10 20:06 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-25 18:10 . 2010-05-25 18:10 -------- d-----w- c:\program files\MSBuild 2010-05-25 17:58 . 2010-05-25 17:58 -------- d-----w- c:\program files\Reference Assemblies 2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-04 17:20 . 2006-06-23 17:33 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20 . 2009-04-29 23:04 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-03 13:18 . 2010-05-03 13:18 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-02 05:22 . 2003-03-31 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2003-03-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2006-05-03 10:06 . 2009-07-25 16:10 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2010-01-01 21:51 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2010-01-01 21:51 216064 --sh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-25 2397424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960] "AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640] "nwiz"="nwiz.exe" [2008-12-26 1657376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] c:\documents and settings\Larry\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-6-22 503808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-9-10 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2010-03-18 16:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "ICQ"="c:\program files\ICQ6\ICQ.exe" silent "BitTorrent DNA"="c:\program files\DNA\btdna.exe" "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CTHelper"=CTHELPER.EXE "CTxfiHlp"=CTXFIHLP.EXE "HotKeysCmds"=c:\windows\System32\hkcmd.exe "IgfxTray"=c:\windows\System32\igfxtray.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "UpdReg"=c:\windows\UpdReg.EXE "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe "EPSON Stylus Photo R220 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220" "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "nwiz"=nwiz.exe /install "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" "VAIO Recovery"=c:\windows\Sonysys\VAIO Recovery\PartSeal.exe "VAIOSurvey"=c:\program files\sony\vaio survey\surveysa.exe "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE "Logitech Hardware Abstraction Layer"=KHALMNPR.EXE "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" ""= "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "h:\\Program Files\\New Winmx\\WinMX\\WinMX.exe"= "c:\\Program Files\\ICQ6\\ICQ.exe"= "c:\\Documents and Settings\\Larry\\Application Data\\Chameleon Submitter\\chameleon.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"= "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"= "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "9322:TCP"= 9322:TCP:EKDiscovery R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/9/2009 7:00 AM 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/9/2009 7:00 AM 20560] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 12:49 PM 284016] R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 2009\HideMyIpSrv.exe [12/7/2009 9:11 AM 2396464] S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?] S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [11/5/2003 1:11 PM 17920] S3 ExterminateIt;ExterminateIt;c:\windows\system32\drivers\extit.sys [10/20/2009 10:08 AM 22016] S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [3/11/2008 11:49 AM 3768] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 12872] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/18/2008 6:29 PM 717296] . Contents of the 'Scheduled Tasks' folder 2010-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2010-07-15 c:\windows\Tasks\User_Feed_Synchronization-{7A3DE28A-D504-4983-B55E-8C1FB8AF1A8D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 00:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.comcast.net/ mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:5643 LSP: c:\windows\system32\HMIPCore.dll Trusted Zone: pimproll.com\stats DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxp://d.64.69.14.130.downloads.estara.com./as/OneCCDM.php?template=107051&sessionid=1987669332_24.12.62.168_1688&=&req=1239382563346OneCC.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\zaif9zv2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - BHO-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file) BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file) HKCU-Run-nbxbbsta - c:\documents and settings\Larry\Local Settings\Application Data\tykyspnrg\lbrtosetssd.exe HKCU-Run-Hlebitexetedabe - c:\windows\msdvig2.dll HKLM-Run-Jlayatiqefame - c:\windows\evuzoxufapifov.dll HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\Administrator\Application Data\SystemProc\lsass.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) AddRemove-Adobe_acce07fd2c8fe7f9e3f26243e626578 - c:\program files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-15 07:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run RTHDBPL = c:\documents and settings\Administrator\Application Data\SystemProc\lsass.exe????? ????????????????????????????????????????????? scanning hidden files ... c:\windows\TEMP\_av_proI.tm~a04036 c:\windows\TEMP\_av_proI.tm~a04036\setup.lok 0 bytes scan completed successfully hidden files: 2 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:71,6b,ac,b9,f5,ff,dc,8a,be,1a,ff,fe,76,6d,d6,de,0d,44,4a,ab,8a, 86,f4,9e,4f,5a,87,99,d3,af,6d,a4,57,e7,5b,d6,f1,eb,2d,30,43,3c,29,9a,b1,e0,\ [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:71,6b,ac,b9,f5,ff,dc,8a,be,1a,ff,fe,76,6d,d6,de,0d,44,4a,ab,8a, 86,f4,9e,4f,5a,87,99,d3,af,6d,a4,57,e7,5b,d6,f1,eb,2d,30,43,3c,29,9a,b1,e0,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(752) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll - - - - - - - > 'lsass.exe'(808) c:\windows\system32\HMIPCore.dll - - - - - - - > 'explorer.exe'(1348) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\AGRSMMSG.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-07-15 07:17:53 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-15 12:17 Pre-Run: 24,463,929,344 bytes free Post-Run: 24,286,670,848 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 6C0D2AA96A805A99AD4A3F2BAD6FAD16