I think that did the trick. The fan isn't blowing super hard now and the CPA Usage is 3-10%.
Here's the ComboFix Logfile:
ComboFix 10-04-06.05 - HP_Administrator 04/07/2010 15:27:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.337 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-176884995-1635510542-3716775325-1001
c:\documents and settings\HP_Administrator\Application Data\avdrn.dat
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\syspck32.exe
c:\program files\Internet Explorer\SET317.tmp
c:\program files\Internet Explorer\SET318.tmp
c:\program files\Internet Explorer\SET31A.tmp
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\enikamodetakobi.dll
c:\windows\imoqewipe.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
c:\windows\system32\gotomon.log . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.
2010-04-07 20:51 . 2010-04-07 20:51 -------- d-----w- c:\program files\iPod
2010-04-07 20:50 . 2010-04-07 20:52 -------- d-----w- c:\program files\iTunes
2010-04-07 20:50 . 2010-04-07 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-07 20:39 . 2010-04-07 20:39 -------- d-----w- c:\program files\Bonjour
2010-03-31 16:05 . 2008-04-14 07:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-31 16:05 . 2008-04-14 07:10 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-31 16:04 . 2008-04-14 07:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-31 16:04 . 2008-04-14 07:11 8576 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-31 16:04 . 2008-04-14 07:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-31 16:04 . 2008-04-14 07:11 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-03-31 16:03 . 2010-03-31 16:03 44032 ---ha-w- c:\windows\system32\getmgini.dll
2010-03-31 08:08 . 2010-03-31 08:08 -------- d-----w- c:\program files\Common Files\Skype
2010-03-10 21:21 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 21:10 . 2010-04-07 15:02 198096 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-10 19:20 . 1998-12-01 20:00 266752 ------w- c:\windows\system32\LFCMP10N.DLL
2010-03-10 19:20 . 1998-11-30 19:51 27136 ------w- c:\windows\system32\lfcal10N.dll
2010-03-10 19:20 . 1998-12-01 19:59 34304 ------w- c:\windows\system32\lfbmp10N.dll
2010-03-10 19:20 . 1998-12-03 18:07 28672 ------w- c:\windows\system32\lfawd10N.dll
2010-03-10 19:20 . 1999-04-24 04:22 36864 ------w- c:\windows\system32\AWVIEW32.DLL
2010-03-10 19:20 . 1999-04-24 04:22 49152 ------w- c:\windows\system32\AWRESX32.DLL
2010-03-10 19:20 . 1999-04-24 04:22 36864 ------w- c:\windows\system32\AWDENC32.DLL
2010-03-10 19:20 . 1999-04-24 04:22 28672 ------w- c:\windows\system32\AWDCXC32.DLL
2010-03-10 19:20 . 1999-04-24 04:22 49152 ------w- c:\windows\system32\AWCODC32.DLL
2010-03-10 19:15 . 2010-03-10 19:17 -------- d-----w- c:\program files\The Big Box of Art
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 22:39 . 2010-01-27 23:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2010-04-07 22:38 . 2010-01-27 23:29 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2010-04-07 20:51 . 2010-01-11 01:52 -------- d-----w- c:\program files\Common Files\Apple
2010-04-07 20:45 . 2009-07-18 01:08 -------- d-----w- c:\program files\QuickTime
2010-04-07 20:33 . 2010-04-07 20:33 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-07 08:26 . 2010-04-07 08:26 16896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{74552801-0078-E6D5-4365-57506D097C38}-syspck32.exe
2010-04-04 22:56 . 2010-04-04 22:56 16896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{879E7075-55F6-18FB-BF63-0F93E26E9B43}-syspck32.exe
2010-03-31 16:03 . 2010-03-31 16:02 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\jasltw.dat
2010-03-11 11:08 . 2009-08-12 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 21:32 . 2009-12-13 21:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-25 06:24 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 22:44 . 2009-07-18 00:31 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-24 17:16 . 2009-12-13 21:36 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-08 19:08 . 2009-12-08 02:18 -------- d-----w- c:\program files\Trillian
2010-01-27 23:29 . 2010-01-27 23:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2010-01-19 3118344]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-13 139264]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2008-09-30 258856]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Prefs"="c:\program files\oDesk\oDeskLaunch.exe" [2009-12-21 357696]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-04-07 492840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2008-09-30 23:04 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-02-07 15:40 118784 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-02-03 16:32 18085888 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-05-05 19:34 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
evenonui REG_SZ c:\windows\system32\getmgini.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Pro\\wsftpgui.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 2:57 PM 70952]
S0 gbtadvje;gbtadvje; [x]
S3 PORTMON;PORTMON;\??\j:\fcprogs\SysinternalsSuite\PORTMSYS.SYS --> j:\fcprogs\SysinternalsSuite\PORTMSYS.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
2010-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2010-04-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 02:02]
2010-04-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-17 01:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2966q2jz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2966q2jz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {8BA28497-1668-4C06-B364-ED42C9679F9C} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{8BA28497-1668-4C06-B364-ED42C9679F9C}
FF - HiddenExtension: XULRunner: {658D3AAC-FAFC-4054-A75E-86ECF43FC9CA} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{658D3AAC-FAFC-4054-A75E-86ECF43FC9CA}\
FF - HiddenExtension: XULRunner: {6227B0F7-851B-4281-985C-79A484CC56D5} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{6227B0F7-851B-4281-985C-79A484CC56D5}
FF - HiddenExtension: XULRunner: {11446E64-E036-4A13-B069-33AA0279ADAC} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{11446E64-E036-4A13-B069-33AA0279ADAC}\
FF - HiddenExtension: XULRunner: {BE51F34E-4641-4B98-A729-4FDFCF3367EF} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{BE51F34E-4641-4B98-A729-4FDFCF3367EF}\
FF - HiddenExtension: XULRunner: {7A20958D-F16C-4449-886A-F7A4201784B0} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{7A20958D-F16C-4449-886A-F7A4201784B0}\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-CD - DVD Publishing Service - c:\documents and settings\HP_Administrator\Desktop\Kunaki_CD-DVD_Publishing_Service.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-07 15:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
- - - - - - - > 'explorer.exe'(188)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\program files\oDesk\oDesk46.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\getmgini.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\oDesk\oDeskCommonPrefs.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\oDesk\oDeskTeam.exe
c:\program files\oDesk\oDeskShare.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2010-04-07 15:43:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-07 22:43
Pre-Run: 50,473,017,344 bytes free
Post-Run: 50,515,427,328 bytes free
- - End Of File - - AEB96353B5DE6983F78B7475CD581F32
Edited by voasi, 07 April 2010 - 04:49 PM.