Hello Steve, thank you for taking the time to address my problem. Here is my Combofix scan result:
ComboFix 09-07-02.02 - Bryan 07/03/2009 17:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.462 [GMT 8:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Bryan\Application Data\ShoppingReport
c:\documents and settings\Bryan\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Bryan\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Bryan\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Bryan\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Bryan\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Bryan\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Bryan\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Installer\19f90c4.msp
c:\windows\Installer\6ea58.msi
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-07-02 13:27 . 2009-06-17 03:16 2052888 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-07-01 15:32 . 2009-07-03 06:28 10240 ----a-w- c:\windows\system32\winxp.exe
2009-07-01 15:15 . 2009-07-01 15:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-01 14:57 . 2009-07-01 14:57 -------- d-----w- c:\program files\Trend Micro
2009-07-01 14:55 . 2009-07-01 14:55 29584 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-07-01 14:55 . 2009-07-01 14:55 2 --shatr- c:\windows\winstart.bat
2009-07-01 14:54 . 2009-07-01 14:54 -------- d-----w- c:\program files\Greatis
2009-07-01 14:45 . 2009-07-01 15:18 10240 ----a-w- c:\windows\system32\Tech Wonder.exe
2009-07-01 14:18 . 2009-07-01 14:18 -------- d-----w- c:\program files\CCleaner
2009-06-28 21:01 . 2009-06-28 21:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-28 14:44 . 2009-06-28 14:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-28 14:43 . 2009-06-28 14:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-20 05:18 . 2009-06-20 05:18 -------- d-----w- c:\documents and settings\Bryan\Application Data\Canneverbe_Limited
2009-06-20 05:18 . 2009-06-20 05:18 -------- d-----w- c:\program files\CDBurnerXP
2009-06-20 04:16 . 2009-06-20 04:16 -------- d-----w- c:\documents and settings\Bryan\Application Data\AVS4YOU
2009-06-20 04:16 . 2009-06-20 04:16 -------- d-----w- c:\documents and settings\Bryan\Application Data\DivX
2009-06-20 04:16 . 2009-06-20 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-20 04:14 . 2009-06-20 04:18 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-20 04:14 . 2009-01-28 12:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-20 04:14 . 2009-01-28 12:49 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-20 04:14 . 2009-01-28 12:49 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-20 04:14 . 2009-06-20 04:18 -------- d-----w- c:\program files\AVS4YOU
2009-06-20 04:14 . 2009-01-28 12:49 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-20 04:14 . 2009-01-28 12:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-11 02:04 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 02:04 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-07 16:34 . 2009-06-07 16:34 -------- d-----w- c:\documents and settings\Bryan\Application Data\DragonicaSCB
2009-06-07 15:25 . 2009-06-07 15:25 -------- d-----w- c:\program files\IAHGames
2009-06-04 04:25 . 2009-06-04 05:23 -------- d-----w- c:\documents and settings\Bryan\Application Data\ImgBurn
2009-06-04 04:23 . 2009-06-04 04:23 -------- d-----w- c:\program files\ImgBurn
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 06:41 . 2008-05-03 16:17 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-07-01 14:25 . 2008-05-04 13:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-01 13:50 . 2008-05-05 00:06 -------- d-----w- c:\documents and settings\Bryan\Application Data\uTorrent
2009-06-28 14:58 . 2008-12-03 01:06 -------- d-----w- c:\program files\DivX
2009-06-28 14:47 . 2008-08-27 02:14 -------- d-----w- c:\program files\Google
2009-06-19 03:29 . 2008-05-10 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-17 03:16 . 2008-07-30 16:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-12 02:02 . 2008-07-30 16:06 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-11 06:37 . 2008-05-03 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 06:37 . 2009-02-12 16:40 -------- d-----w- c:\program files\Garena
2009-06-09 11:29 . 2008-12-23 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-09 11:29 . 2008-12-23 15:46 -------- d-----w- c:\program files\Spyware Terminator
2009-06-09 11:11 . 2008-12-23 15:46 -------- d-----w- c:\documents and settings\Bryan\Application Data\Spyware Terminator
2009-06-09 03:15 . 2008-05-04 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-06-08 17:13 . 2008-10-22 01:39 -------- d-----w- c:\program files\IObit
2009-06-08 17:01 . 2008-12-22 04:26 -------- d-----w- c:\documents and settings\Bryan\Application Data\IObit
2009-06-08 16:59 . 2009-05-28 10:16 -------- d-----w- c:\program files\eToro
2009-06-08 16:59 . 2009-05-05 14:49 -------- d-----w- c:\documents and settings\Bryan\Application Data\Raptr
2009-06-08 16:59 . 2008-08-21 16:12 -------- d-----w- c:\program files\LimeWire
2009-06-08 16:59 . 2008-06-01 05:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-29 06:18 . 2008-08-21 16:14 -------- d-----w- c:\documents and settings\Bryan\Application Data\LimeWire
2009-05-19 04:49 . 2008-11-14 06:33 -------- d-----w- c:\program files\Warcraft III
2009-05-13 05:15 . 2007-07-27 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 01:26 . 2009-02-03 01:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-07 15:44 . 2007-07-27 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 14:52 . 2008-09-08 06:44 -------- d--h--w- c:\documents and settings\Bryan\Application Data\ijjigame
2009-05-05 14:51 . 2009-05-05 14:51 -------- d-----w- c:\documents and settings\Bryan\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-05-05 14:49 . 2009-05-05 14:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-17 09:58 . 2007-07-27 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2007-07-27 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-07-27 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-01 1124352]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54Gv4"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"Tech Wonders"="c:\windows\system32\Tech Wonder.exe" [2009-07-01 10240]
"regdiit"="c:\windows\system32\winxp.exe" [2009-07-03 10240]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-07-13 14679552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-5-4 802816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 01:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/31/2008 12:06 AM 327688]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/3/2009 9:49 AM 298776]
R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [5/4/2008 12:09 AM 79616]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1c9f7fee7e7c5d0;Google Update Service (gupdate1c9f7fee7e7c5d0);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2009 10:43 PM 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Bryan\Desktop\Cabalsea\NtProcDrv.sys --> c:\documents and settings\Bryan\Desktop\Cabalsea\NtProcDrv.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [7/1/2009 10:55 PM 29584]
S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\XDva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?]
S3 XDva167;XDva167;\??\c:\windows\system32\XDva167.sys --> c:\windows\system32\XDva167.sys [?]
S3 XDva170;XDva170;\??\c:\windows\system32\XDva170.sys --> c:\windows\system32\XDva170.sys [?]
S3 XDva177;XDva177;\??\c:\windows\system32\XDva177.sys --> c:\windows\system32\XDva177.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]
S3 XDva187;XDva187;\??\c:\windows\system32\XDva187.sys --> c:\windows\system32\XDva187.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]
S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]
S3 XDva204;XDva204;\??\c:\windows\system32\XDva204.sys --> c:\windows\system32\XDva204.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D6849BBC-56CC-A8E1-D991-4640F2ACAFC8}]
c:\windows\system32\Tech Wonder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
.
Contents of the 'Scheduled Tasks' folder
2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 09:57]
2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 14:43]
2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 14:43]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\9glzo0so.default\
FF - prefs.js: browser.startup.homepage -
www.yahoo.com
FF - prefs.js: network.proxy.http - 140.127.81.86
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox 3 Beta 5\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox 3 Beta 5\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-07-03 17:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Tech Wonders = c:\windows\system32\Tech Wonder.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1229272821-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{362FAC76-D925-F554-76F9-E9427C5D5638}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadigiollmehkgfnof"=hex:69,61,64,6c,6d,6a,6c,67,67,6a,68,6b,62,6d,66,62,69,63,
00,00
"hajiajlkbehplkli"=hex:69,61,64,6c,6d,6a,6d,67,68,6a,61,6d,64,6e,64,69,66,67,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3148)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2009-07-03 17:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 09:41
Pre-Run: 20,887,212,032 bytes free
Post-Run: 20,789,714,944 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
302