ComboFix 09-03-23.01 - Owner 2009-03-24 10:22:47.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.839 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\FunWebProducts
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\zbucks.dat
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\zwinky.dat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\pse_300_enu.exe
c:\program files\Internet Explorer\msimg32.dll
c:\recycler\S-1-1-49-100028616-100026419-100022375-3915.com
c:\windows\autorun.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\drivers\gaopdxfcjifgxdscaixmatqrnikdpigtufflun.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxynnsjmlnkolymmyjhfhdevtvffsnfqyi.dll
c:\windows\system32\iAlmcoin.dll
D:\Autorun.inf
d:\recycler\S-1-1-49-100028616-100026419-100022375-3915.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
-------\Legacy_IPRIP
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.
2009-03-24 10:33 . 2009-03-24 10:34 <DIR> d-------- c:\windows\LastGood
2009-03-23 21:38 . 2009-03-23 21:38 <DIR> d-------- c:\windows\LocalSSL
2009-03-23 21:38 . 2009-03-23 21:22 50,192 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2009-03-23 21:38 . 2009-03-23 21:22 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys
2009-03-23 21:36 . 2009-03-23 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-03-23 21:30 . 2009-03-23 21:22 1,195,512 --a------ c:\windows\system32\drivers\vsapint.sys
2009-03-23 21:30 . 2009-03-23 21:22 205,328 --a------ c:\windows\system32\drivers\tmxpflt.sys
2009-03-23 21:30 . 2009-03-23 21:22 150,032 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-03-23 21:30 . 2009-03-23 21:22 36,368 --a------ c:\windows\system32\drivers\tmpreflt.sys
2009-03-23 21:22 . 2009-03-23 21:22 661,808 --a------ c:\windows\system32\UfWSC.cpl
2009-03-23 21:22 . 2009-03-23 21:22 335,376 --a------ c:\windows\system32\drivers\TM_CFW.sys
2009-03-23 21:22 . 2009-03-23 21:22 80,400 --a------ c:\windows\system32\drivers\tmtdi.sys
2009-03-23 18:23 . 2009-03-24 10:12 1,073,168,384 --a------ c:\windows\MEMORY.DMP
2009-03-23 15:48 . 2003-04-09 23:00 <DIR> d-------- c:\documents and settings\Laura Carr\WINDOWS
2009-03-23 15:48 . 2009-03-23 15:48 <DIR> d---s---- c:\documents and settings\Laura Carr\UserData
2009-03-23 15:48 . 2009-03-23 15:48 <DIR> d-------- c:\documents and settings\Laura Carr
2009-03-23 15:46 . 2009-03-23 15:46 12,620 --a------ c:\windows\system32\wpa.bak
2009-03-23 15:27 . 2009-03-23 15:27 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-23 15:27 . 2009-03-23 15:27 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-23 15:27 . 2009-03-23 15:27 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-23 15:27 . 2009-03-23 15:27 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-23 15:27 . 2009-03-23 15:27 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-23 15:11 . 2004-08-03 21:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys
2009-03-23 15:06 . 2004-08-04 04:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-03-23 15:06 . 2004-08-04 04:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-03-16 17:12 . 2009-03-16 17:12 <DIR> d-------- c:\program files\PlayMe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 05:38 --------- d-----w c:\program files\Trend Micro
2009-03-24 03:09 --------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-03-17 21:29 --------- d-----w c:\program files\Quicken
2009-02-12 23:44 --------- d-----w c:\program files\Hewlett-Packard
2009-02-06 08:49 --------- d-----w c:\documents and settings\Owner\Application Data\RegistrySmart
2009-02-06 08:22 --------- d-----w c:\program files\Reference Assemblies
2009-02-06 08:22 --------- d-----w c:\program files\MSBuild
2008-07-18 17:14 956 ---ha-w c:\documents and settings\Owner\hpothb07.dat
2008-07-18 17:13 164 ---ha-w c:\documents and settings\All Users\hpothb07.dat
2008-05-30 01:03 49,152 ------w c:\documents and settings\Owner\PNPrint3.exe
2005-12-12 23:42 1,897,151 ----a-w c:\program files\gwave512.exe
2005-01-03 09:46 2,421,920 ----a-w c:\program files\winzip90.exe
2003-04-10 11:19 32 --sha-w c:\windows\{FC92DEF6-B98A-462F-BDEC-6F8042F11C76}.dat
2003-04-10 11:19 32 --sha-w c:\windows\system32\{9E165BF4-5E4A-49D1-BA74-00B57060829D}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EA756889-2338-43DB-8F07-D1CA6FB9C90D}"= "c:\program files\AOL\AOL Toolbar 5.0\aoltb.dll" [2007-03-23 1025584]
[HKEY_CLASSES_ROOT\clsid\{ea756889-2338-43db-8f07-d1ca6fb9c90d}]
[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{371A6A18-2D6A-4DF8-A4AA-61CA349B3C70}]
[HKEY_CLASSES_ROOT\AOLTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-23 492808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"AIM"="c:\progra~1\AIM\aim.exe" [2006-08-01 67112]
"NVIEW"="nview.dll" [2003-03-03 c:\windows\system32\nview.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-01-11 52896]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 69632]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-23 995528]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AudioHQU"="c:\program files\Creative\SBAudigy\AudioHQ\AHQTBU.EXE" [2002-01-18 176128]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-03-03 4595712]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"HostManager"="c:\program files\Common Files\AOL\1132424186\ee\AOLSoftware.exe" [2008-06-24 41824]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.1.1\Reader\Reader_sl.exe" [2008-10-15 39792]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-03-06 104128]
"nwiz"="nwiz.exe" [2003-03-03 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-01-08 c:\windows\system32\cthelper.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-23 492808]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 c:\windows\mididef.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 c:\windows\mididef.exe]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Hewlett-Packard Recorder.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\FRU\Remind32.exe [2000-08-24 67584]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
HPAiODevice(hp officejet 7100 series) - 2.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2002-11-23 495682]
HPAiODevice(hp officejet 7100 series) - 3.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2002-11-23 495682]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2007-01-19 87592]
Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-04-09 16384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 02:50 40960 c:\program files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132424186\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=
"c:\\Program Files\\interMute\\SpamSubtract\\SpamSubtract.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132424186\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Quicken\\qw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-03-23 181584]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-03-23 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-03-23 335376]
S2 hpbecp00;hpbecp00;c:\windows\system32\drivers\HPBECP00.SYS [1997-11-17 28768]
S2 mrtRate;mrtRate; [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-03-23 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-03-23 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-03-23 677128]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 MSSQL$NR2005;MSSQL$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 [?]
S3 PCDRDRV;Pcdr Helper Driver; [x]
S3 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - BITS
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-1-49-100028616-100026419-100022375-3915.com d:\
\Shell\Open\command - d:\recycler\S-1-1-49-100028616-100026419-100022375-3915.com d:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99a66de0-55f8-11dc-be6a-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-03-17 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart\RegistrySmart.exe []
2009-03-17 c:\windows\Tasks\RegistrySmart Scheduled Scan.job
- c:\program files\RegistrySmart []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RegistrySmart - c:\program files\RegistrySmart\RegistrySmart.exe
HKLM-Run-KYE_UDSI - c:\program files\USB Storage RW\udsi.exe
HKLM-Run-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe
HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
HKLM-Run-gcasServ - c:\program files\Microsoft AntiSpyware\gcasServ.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJ&fl=0&ptb=ybZVJXlE.y_d8wm_jT5uwA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uDefault_Search_URL =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 10:34:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\wuaucpl.cpl.wusetup.199093.bak 162304 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.202312.bak 1134592 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
c:\program files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Softex\OmniPass\omniServ.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\1132424186\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\windows\system32\msiexec.exe
c:\program files\Trend Micro\TrendSecure\TSCFCmdrLauncher.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-03-24 10:40:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 18:40:16
Pre-Run: 146,614,870,016 bytes free
Post-Run: 146,084,462,592 bytes free
277 --- E O F --- 2009-03-13 09:20:43