ComboFix 11-05-11.01 - UserXP 05/12/2011 7:33.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1012.631 [GMT 2:00] Running from: c:\documents and settings\UserXP\Desktop\mytool.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\TEMP\X22760\msntsvcv8.dll c:\windows\TEMP\X22760\mswin32v15.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ASC3360PR . . ((((((((((((((((((((((((( Files Created from 2011-04-12 to 2011-05-12 ))))))))))))))))))))))))))))))) . . 2011-05-12 01:33 . 2011-05-12 01:33 -------- d-----w- c:\documents and settings\UserXP\Application Data\skypePM 2011-05-12 01:33 . 2011-05-12 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras 2011-05-12 01:31 . 2011-05-12 05:39 -------- d-----w- c:\documents and settings\UserXP\Application Data\Skype 2011-05-12 01:30 . 2011-05-12 01:30 -------- d-----w- c:\program files\Common Files\Skype 2011-05-12 01:30 . 2011-05-12 01:31 -------- d-----r- c:\program files\Skype 2011-05-12 01:30 . 2011-05-12 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2011-05-11 09:05 . 2011-05-12 05:29 -------- d-----w- C:\MGtools 2011-05-11 08:15 . 2011-05-11 08:15 -------- d-----w- c:\documents and settings\UserXP\Application Data\Malwarebytes 2011-05-11 08:15 . 2011-05-11 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-11 08:15 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-11 08:15 . 2011-05-11 08:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-11 08:15 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-11 06:30 . 2011-05-11 06:30 -------- d-----w- c:\documents and settings\UserXP\Application Data\SUPERAntiSpyware.com 2011-05-11 06:30 . 2011-05-11 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-05-11 06:30 . 2011-05-11 06:30 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-05-11 06:19 . 2011-05-11 06:19 -------- d-----w- c:\program files\CCleaner 2011-05-11 06:15 . 2011-05-11 06:15 -------- d-----w- c:\program files\Common Files\Java 2011-05-11 06:09 . 2011-05-11 06:09 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-11 04:48 . 2011-05-11 05:40 -------- d-----w- c:\program files\SpywareBlaster 2011-05-11 04:06 . 2011-05-11 04:06 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-05-09 20:18 . 2011-05-09 20:18 -------- d-----w- c:\documents and settings\UserXP\Application Data\GetRightToGo 2011-05-06 00:15 . 2011-05-06 00:15 -------- d-----w- c:\program files\iPod 2011-05-06 00:15 . 2011-05-06 00:16 -------- d-----w- c:\program files\iTunes 2011-05-06 00:12 . 2011-05-06 00:12 -------- d-----w- c:\program files\Bonjour 2011-05-02 06:39 . 2011-05-02 06:39 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-05-02 06:39 . 2011-05-02 06:39 -------- d-----w- c:\program files\Cambridge TOEFL(R) Prep 2011-05-01 15:18 . 2011-05-01 15:18 -------- d-----w- c:\program files\ESL Pro Systems 2011-05-01 06:52 . 2011-05-01 06:52 -------- d-----w- c:\program files\Cheat Engine 6 2011-04-28 07:53 . 2011-04-28 07:53 -------- d-----w- c:\program files\Kap.TOEFL 2011-04-25 01:44 . 2008-08-26 14:17 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2011-04-25 01:44 . 2008-07-24 10:02 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2011-04-25 01:44 . 2008-04-14 07:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys 2011-04-25 01:44 . 2007-08-09 02:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2011-04-25 01:43 . 2011-04-25 02:46 -------- d-----w- c:\program files\Reliance Netconnect 2011-04-25 01:33 . 2009-10-12 13:21 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys 2011-04-24 00:10 . 2011-04-25 01:33 -------- d-----w- c:\program files\Reliance Netconnect - Broadband+ 2011-04-22 05:40 . 2011-05-10 10:41 -------- d-----w- c:\program files\Plants Vs Zombies 2011-04-22 04:25 . 2011-04-22 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2011-04-22 04:25 . 2011-04-22 21:32 -------- d-----w- c:\program files\PopCap Games 2011-04-15 14:39 . 2011-04-15 14:39 1090952 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2011-04-13 11:41 . 2011-04-13 11:41 -------- d-----w- c:\documents and settings\UserXP\Application Data\Softland 2011-04-13 11:41 . 2011-04-13 11:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland 2011-04-13 11:41 . 2011-03-31 09:18 23376 ----a-w- c:\windows\system32\dopdfmn7.dll 2011-04-13 11:41 . 2011-03-31 09:18 20304 ----a-w- c:\windows\system32\dopdfmi7.dll 2011-04-13 11:41 . 2010-02-05 13:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2011-04-13 11:41 . 2011-04-13 11:41 -------- d-----w- c:\program files\Softland . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-12 05:29 . 2011-05-11 09:05 293 ----a-w- C:\MGlogs.zip 2011-05-11 06:09 . 2010-09-29 18:48 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-25 01:46 . 2011-02-05 14:32 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-02-18 15:36 . 2011-03-09 16:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-18 15:36 . 2011-03-09 16:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-02 00:39 . 2011-03-27 14:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\UserXP\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\UserXP\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\UserXP\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\UserXP\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Update"="c:\documents and settings\UserXP\Application Data\Adobe \Adobe Update" [X] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-08-16 2889136] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-04 464760] "Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-01-05 498176] "BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-12-04 4838768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 131584] "nwiz"="nwiz.exe" [2008-10-07 1703936] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1434192] "SkyTel"="SkyTel.EXE" [2006-05-16 2981888] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 212480] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 244736] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 205312] "RTHDCPL"="RTHDCPL.EXE" [2007-01-08 16059904] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 327400] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 498984] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3817472] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 105368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 1001920] . c:\documents and settings\UserXP\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\UserXP\Application Data\Dropbox\bin\Dropbox.exe [2011-4-26 24200816] Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 587016] Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 587016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Browser Defender Update Service"=2 (0x2) "JavaQuickStarterService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\UserXP\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Steam\\steamapps\\rachitsaran1987\\counter-strike\\hl.exe"= "c:\\WINDOWS\\system32\\igfxtray.exe"= "c:\\WINDOWS\\system32\\HDAShCut.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\CDDRV3\\LDConfig.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\sp6\\LU\\LULnchr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Documents and Settings\\UserXP\\Local Settings\\Application Data\\Google\\Update\\1.3.21.53\\GoogleCrashHandler.exe"= "c:\\Program Files\\QuickTime\\QTTask.exe"= "c:\\Documents and Settings\\UserXP\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Companion\\PCCompanionInfo.exe"= "c:\\WINDOWS\\system32\\wscntfy.exe"= "c:\\WINDOWS\\system32\\nwiz.exe"= "c:\\Program Files\\Logitech\\SetPointP\\SetPoint.exe"= "c:\\Documents and Settings\\UserXP\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Internet Download Manager\\IDMan.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 8:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 8:41 PM 67656] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2/5/2011 4:31 PM 10448] R2 MyConnectionServer-30dbe206;Visualware MyConnection Server (#30dbe206);c:\program files\MyConnection Server\msserver.exe [12/24/2010 2:41 PM 575804] R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\kuompm.sys --> c:\windows\system32\drivers\kuompm.sys [?] S0 kfdfuamd;kfdfuamd; [x] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/5/2011 6:34 PM 1684736] S3 PciCon;PciCon;f:\driver cd\nVidia GFX\PciCon.sys [3/9/2010 9:25 PM 3968] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [1/31/2011 6:32 PM 155344] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASC3360PR . Contents of the 'Scheduled Tasks' folder . 2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1715567821-725345543-1003Core.job - c:\documents and settings\UserXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 21:11] . 2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1715567821-725345543-1003UA.job - c:\documents and settings\UserXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 21:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Save Flash with Flash Catcher - c:\program files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe FF - ProfilePath - c:\documents and settings\UserXP\Application Data\Mozilla\Firefox\Profiles\5fjnsx00.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-12 07:46 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):e4,2d,3a,19,27,ac,46,45,36,05,c5,98,66,43,b7,16,fc,38,eb,0f,b1, ae,23,10,8a,45,66,52,1c,78,5a,94,cd,6f,93,56,4a,d3,bb,13,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a932be41-cd28-4dfe-a6b2-ab3a19b7e01d}] @Denied: (Full) (Everyone) "Model"=dword:0000014d "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(752) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . - - - - - - - > 'explorer.exe'(3596) c:\documents and settings\UserXP\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\java.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE c:\windows\system32\netsh.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-05-12 07:50:58 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-12 05:50 ComboFix2.txt 2011-05-12 00:09 ComboFix3.txt 2011-05-11 23:30 ComboFix4.txt 2011-05-11 08:53 . Pre-Run: 5,392,478,208 bytes free Post-Run: 5,116,309,504 bytes free . - - End Of File - - C804D2590C68D3FAAA5E9770888A4258