ComboFix 12-04-19.01 - Peter Ivan 19/04/2012 23:26:30.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.246 [GMT 10:00] Running from: c:\documents and settings\Peter Ivan\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Peter Ivan\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Peter Ivan\WINDOWS c:\windows\$NtUninstallKB17922$ c:\windows\$NtUninstallKB17922$\4171557427 c:\windows\EventSystem.log c:\windows\system32\AutoRun.inf c:\windows\system32\CddbCdda.dll c:\windows\system32\PowerToyReadme.htm . . ((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 ))))))))))))))))))))))))))))))) . . 2012-04-18 10:00 . 2012-04-18 10:04 -------- dc-h--w- c:\windows\ie8 2012-04-17 12:02 . 2012-04-17 12:02 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-16 12:25 . 2012-04-16 12:25 -------- d-----w- C:\_OTL 2012-04-16 00:07 . 2012-04-16 00:07 -------- d-----w- c:\documents and settings\Peter Ivan\Application Data\SUPERAntiSpyware.com 2012-04-16 00:06 . 2012-04-16 00:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-16 00:06 . 2012-04-16 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2012-04-15 01:00 . 2001-08-17 12:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll 2012-04-14 12:27 . 2012-04-14 12:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-14 12:27 . 2012-04-14 12:38 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-13 23:30 . 2012-04-13 23:30 1838 ----a-w- c:\windows\~~UFILE.TMP 2012-04-13 23:11 . 2012-04-16 11:50 -------- d-----w- c:\program files\SpeedFan 2012-04-12 23:16 . 2012-04-12 23:16 -------- d-----w- c:\documents and settings\Administrator2 2012-04-12 04:36 . 2012-04-19 13:15 -------- d-----w- c:\windows\system32\CatRoot2 2012-04-12 04:20 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe 2012-04-12 04:17 . 2012-04-12 04:17 -------- d-----w- C:\Reg_Backup 2012-04-12 04:00 . 2001-08-17 12:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe 2012-04-12 03:54 . 2001-08-17 12:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2012-04-12 03:48 . 2001-08-17 12:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll 2012-04-12 03:38 . 2001-08-17 12:36 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll 2012-04-12 03:38 . 2001-08-17 03:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys 2012-04-12 03:38 . 2001-08-17 02:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys 2012-04-12 03:38 . 2004-08-04 12:00 25856 -c--a-w- c:\windows\system32\dllcache\et4000.sys 2012-04-12 03:38 . 2004-08-04 12:00 45056 -c--a-w- c:\windows\system32\dllcache\esunid.dll 2012-04-12 03:38 . 2001-08-17 12:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll 2012-04-12 03:38 . 2004-08-04 12:00 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll 2012-04-12 03:38 . 2001-08-17 12:36 45568 -c--a-w- c:\windows\system32\dllcache\esuni.dll 2012-04-12 03:38 . 2001-08-17 12:36 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll 2012-04-12 03:38 . 2004-08-04 12:00 31744 -c--a-w- c:\windows\system32\dllcache\esucmd.dll 2012-04-12 03:38 . 2001-08-17 12:36 43008 -c--a-w- c:\windows\system32\dllcache\esucm.dll 2012-04-12 03:38 . 2004-08-03 12:32 137088 -c--a-w- c:\windows\system32\dllcache\essm2e.sys 2012-04-12 03:36 . 2001-08-17 03:53 7296 -c--a-w- c:\windows\system32\dllcache\elmsmc.sys 2012-04-12 03:35 . 2001-08-17 02:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys 2012-04-12 03:34 . 2001-08-17 12:36 6729 -c--a-w- c:\windows\system32\dllcache\disrvci.dll 2012-04-12 03:33 . 2001-08-17 02:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys 2012-04-12 03:32 . 2001-08-17 12:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll 2012-04-12 03:31 . 2001-08-17 04:56 111232 -c--a-w- c:\windows\system32\dllcache\cl5465.dll 2012-04-12 03:30 . 2001-08-17 02:13 164923 -c--a-w- c:\windows\system32\dllcache\diapi2.sys 2012-04-12 03:29 . 2001-08-17 12:36 12800 -c--a-w- c:\windows\system32\dllcache\brevif.dll 2012-04-12 03:28 . 2001-08-17 02:49 17152 -c--a-w- c:\windows\system32\dllcache\atitunep.sys 2012-04-12 03:27 . 2004-08-03 12:31 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys 2012-04-12 03:26 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys 2012-04-12 03:26 . 2001-08-17 02:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys 2012-04-12 03:26 . 2001-08-17 04:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll 2012-04-12 03:26 . 2001-08-17 03:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys 2012-04-12 03:26 . 2001-08-17 04:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys 2012-04-12 03:02 . 2012-04-12 04:25 181064 ----a-w- c:\windows\PSEXESVC.EXE 2012-04-12 02:22 . 2012-03-07 01:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-04-12 02:22 . 2012-03-07 01:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-04-12 02:22 . 2012-03-07 01:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-04-12 02:22 . 2012-03-07 01:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-04-12 02:22 . 2012-03-07 01:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-04-12 02:22 . 2012-03-07 01:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-04-12 02:22 . 2012-03-07 01:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-04-12 02:22 . 2012-03-07 00:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-04-12 02:21 . 2012-03-07 01:15 41184 ----a-w- c:\windows\avastSS.scr 2012-04-12 02:21 . 2012-03-07 01:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-04-12 02:20 . 2012-04-12 02:20 -------- d-----w- c:\program files\AVAST Software 2012-04-12 02:20 . 2012-04-12 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-04-10 02:27 . 2012-04-10 02:27 -------- d--h--w- c:\windows\system32\GroupPolicy 2012-04-06 23:17 . 2012-04-06 23:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2012-04-06 22:00 . 2012-04-06 22:00 -------- d-sh--w- c:\documents and settings\Peter Ivan\IECompatCache 2012-04-06 10:34 . 2012-04-06 10:34 -------- d-sh--w- c:\documents and settings\Peter Ivan\IETldCache 2012-04-06 10:34 . 2012-04-06 10:34 -------- d-sh--w- c:\documents and settings\Peter Ivan\PrivacIE 2012-04-06 10:32 . 2012-04-06 10:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-04-06 10:31 . 2012-04-06 10:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-04-06 09:01 . 2012-04-06 09:01 -------- d-----w- C:\cddc02d2b1393e5b8e1ff23df56c 2012-04-05 00:12 . 2012-04-05 00:12 -------- d-----w- c:\program files\ESET 2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2012-03-28 08:31 . 2012-03-28 08:31 -------- d-----w- c:\documents and settings\Peter Ivan\Local Settings\Application Data\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-12 23:58 . 2008-06-23 04:10 141312 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-12 23:58 . 2012-03-12 23:59 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-12 23:58 . 2010-05-30 22:13 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-01 11:01 . 2005-12-21 21:15 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2005-12-21 21:14 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2005-12-21 21:14 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2005-12-21 21:15 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2005-12-21 21:14 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2005-12-21 21:14 385024 ------w- c:\windows\system32\html.iec 2012-02-20 01:27 . 2006-05-29 23:30 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys 2012-02-03 09:22 . 2005-12-21 21:15 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-03-22 05:21 . 2011-05-06 08:02 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 01:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "PureText"="c:\documents and settings\Peter Ivan\My Documents\Exe\PureText.exe" [2003-08-20 28672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-04 7340032] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "TPSMain"="TPSMain.exe" [2005-05-31 282624] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "TFncKy"="TFncKy.exe" [BU] "TDispVol"="TDispVol.exe" [2005-03-11 73728] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-21 30208] "NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2005-12-04 49152] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-22 155648] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2005-12-21 11:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk /k:C * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "nlsvc"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/04/2012 12:22 PM 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/04/2012 12:22 PM 337880] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 2:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 7:55 AM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 9:38 AM 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/04/2012 12:22 PM 20696] R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [21/12/2005 9:55 PM 13568] R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [21/12/2005 9:55 PM 33024] R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [21/12/2005 9:25 PM 3456] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14/04/2012 10:27 PM 253088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [30/09/2010 8:23 AM 102448] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [21/03/2011 3:44 PM 5230088] S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?] S3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [12/04/2012 1:02 PM 181064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder . 2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 12:38] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ TCP: DhcpNameServer = 10.1.1.1 192.168.0.1 FF - ProfilePath - c:\documents and settings\Peter Ivan\Application Data\Mozilla\Firefox\Profiles\uwdbyorh.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.theage.com.au/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-klmdb.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-19 23:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(948) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll c:\windows\system32\biologon.dll c:\program files\Protector Suite QL\homepass.dll c:\program files\Protector Suite QL\bio.dll c:\program files\Protector Suite QL\remote.dll c:\program files\Protector Suite QL\crypto.dll c:\program files\Protector Suite QL\mysafe.dll . - - - - - - - > 'lsass.exe'(1008) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll . - - - - - - - > 'explorer.exe'(2448) c:\windows\system32\WININET.dll c:\windows\system32\TDispVol.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre7\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\TPSMain.exe c:\windows\system32\TPSBattM.exe c:\windows\system32\TDispVol.exe c:\program files\Synaptics\SynTP\Toshiba.exe c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\program files\Protector Suite QL\psqltray.exe c:\windows\AGRSMMSG.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2012-04-19 23:52:49 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-19 13:52 . Pre-Run: 24,117,252,096 bytes free Post-Run: 24,185,413,632 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 7ED5D6588C6F47543704B0F571A7FFA2