ComboFix 13-03-11.01 - user 03/11/2013 22:53:15.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2815.2253 [GMT 8:00] Running from: c:\users\user\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\user\AppData\Local\Temp\_MEI25802\_ctypes.pyd c:\users\user\AppData\Local\Temp\_MEI25802\_elementtree.pyd c:\users\user\AppData\Local\Temp\_MEI25802\_hashlib.pyd c:\users\user\AppData\Local\Temp\_MEI25802\_socket.pyd c:\users\user\AppData\Local\Temp\_MEI25802\_ssl.pyd c:\users\user\AppData\Local\Temp\_MEI25802\pyexpat.pyd c:\users\user\AppData\Local\Temp\_MEI25802\pysqlite2._sqlite.pyd c:\users\user\AppData\Local\Temp\_MEI25802\python26.dll c:\users\user\AppData\Local\Temp\_MEI25802\pythoncom26.dll c:\users\user\AppData\Local\Temp\_MEI25802\PyWinTypes26.dll c:\users\user\AppData\Local\Temp\_MEI25802\select.pyd c:\users\user\AppData\Local\Temp\_MEI25802\unicodedata.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32api.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32com.shell.shell.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32crypt.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32event.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32file.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32inet.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32pdh.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32process.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32profile.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32security.pyd c:\users\user\AppData\Local\Temp\_MEI25802\win32ts.pyd c:\users\user\AppData\Local\Temp\_MEI25802\windows._cacheinvalidation.pyd c:\users\user\AppData\Local\Temp\_MEI25802\wx._controls_.pyd c:\users\user\AppData\Local\Temp\_MEI25802\wx._core_.pyd c:\users\user\AppData\Local\Temp\_MEI25802\wx._gdi_.pyd c:\users\user\AppData\Local\Temp\_MEI25802\wx._html2.pyd c:\users\user\AppData\Local\Temp\_MEI25802\wx._misc_.pyd c:\users\user\AppData\Local\Temp\_MEI25802\wx._windows_.pyd c:\users\user\AppData\Local\Temp\_MEI25802\wx._wizard.pyd c:\users\user\AppData\Local\Temp\_MEI25802\wxbase293u_net_vc.dll c:\users\user\AppData\Local\Temp\_MEI25802\wxbase293u_vc.dll c:\users\user\AppData\Local\Temp\_MEI25802\wxmsw293u_adv_vc.dll c:\users\user\AppData\Local\Temp\_MEI25802\wxmsw293u_core_vc.dll c:\users\user\AppData\Local\Temp\_MEI25802\wxmsw293u_html_vc.dll c:\users\user\AppData\Local\Temp\_MEI25802\wxmsw293u_webview_vc.dll . . ((((((((((((((((((((((((( Files Created from 2013-02-11 to 2013-03-11 ))))))))))))))))))))))))))))))) . . 2013-03-11 13:08 . 2012-11-07 01:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2013-03-11 13:07 . 2013-03-11 13:07 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-11 12:51 . 2013-03-11 12:51 -------- d-----w- C:\_OTL 2013-03-04 09:47 . 2013-03-04 09:47 -------- d-----w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\PanD7BB.tmp 2013-02-23 10:04 . 2013-02-23 10:04 -------- d-----w- c:\users\user\AppData\Local\Apps 2013-02-23 10:04 . 2013-02-23 10:04 -------- d-----w- c:\users\user\AppData\Local\Deployment . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-11 13:08 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys 2013-03-03 14:49 . 2013-01-02 09:17 6080 ----a-w- c:\programdata\NanoRepository.bin 2013-03-01 13:04 . 2012-05-08 15:17 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-01 13:04 . 2011-12-07 00:07 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-28 07:54 . 2010-08-20 12:34 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-12-28 07:54 . 2010-08-20 12:34 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-03-09 12:32 . 2013-03-09 12:31 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-08-20 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-12-17 11:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-12-17 11:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-12-17 11:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-12-17 11:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-12-17 16328976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-18 7711264] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888] "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-11-14 32032] "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-10-15 221832] "TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2012-12-28 295072] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-21 28539272] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x] S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x] S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x] S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x] S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x] S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x] S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x] S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x] S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x] S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x] S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x] S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-05 12:38 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 13:04] . 2012-12-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1455427970-3710013119-2409295529-1000Core.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-22 08:57] . 2012-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1455427970-3710013119-2409295529-1000UA.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-22 08:57] . 2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 08:26] . 2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-14 08:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=27D1670E119907A459300E50DCF1138A uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zrlk6sl2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my/ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file) URLSearchHooks-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file) Toolbar-10 - (no file) WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file) HKCU-Run-AdobeBridge - (no file) SafeBoot-47312345.sys SafeBoot-77071226.sys AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(372) c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe . ************************************************************************** . Completion time: 2013-03-11 23:05:51 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-11 15:05 . Pre-Run: 339,815,927,808 bytes free Post-Run: 362,023,301,120 bytes free . - - End Of File - - 4F9E58A0AD68D811ABD1A56BD9383D7D