Tech Support Forum - View Single Post

evilight · 07-06-2009, 05:10 AM

Hi Steve.. Thanks. Here is my ComboFix report.
ComboFix 09-07-03.03 - Bryan 07/04/2009 9:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.388 [GMT 8:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe"
"c:\windows\system32\Tech Wonder.exe"
"c:\windows\system32\winxp.exe"
"c:\windows\system32\XDva132.sys"
"c:\windows\system32\XDva158.sys"
"c:\windows\system32\XDva165.sys"
"c:\windows\system32\XDva167.sys"
"c:\windows\system32\XDva170.sys"
"c:\windows\system32\XDva177.sys"
"c:\windows\system32\XDva186.sys"
"c:\windows\system32\XDva187.sys"
"c:\windows\system32\XDva190.sys"
"c:\windows\system32\XDva193.sys"
"c:\windows\system32\XDva195.sys"
"c:\windows\system32\XDva204.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Tech Wonder.exe
c:\windows\system32\winxp.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA132
-------\Legacy_XDVA158
-------\Legacy_XDVA165
-------\Legacy_XDVA167
-------\Legacy_XDVA170
-------\Legacy_XDVA177
-------\Legacy_XDVA186
-------\Legacy_XDVA187
-------\Legacy_XDVA190
-------\Legacy_XDVA193
-------\Legacy_XDVA195
-------\Legacy_XDVA204
-------\Service_XDva132
-------\Service_XDva158
-------\Service_XDva165
-------\Service_XDva167
-------\Service_XDva170
-------\Service_XDva177
-------\Service_XDva186
-------\Service_XDva187
-------\Service_XDva190
-------\Service_XDva193
-------\Service_XDva195
-------\Service_XDva204

((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-03 09:45 . 2009-07-03 09:46 6378 ----a-w- C:\ComboFix.zip
2009-07-02 13:27 . 2009-06-17 03:16 2052888 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-07-01 15:15 . 2009-07-01 15:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-01 14:57 . 2009-07-01 14:57 -------- d-----w- c:\program files\Trend Micro
2009-07-01 14:55 . 2009-07-01 14:55 29584 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-07-01 14:55 . 2009-07-01 14:55 2 --shatr- c:\windows\winstart.bat
2009-07-01 14:54 . 2009-07-01 14:54 -------- d-----w- c:\program files\Greatis
2009-07-01 14:18 . 2009-07-01 14:18 -------- d-----w- c:\program files\CCleaner
2009-06-28 21:01 . 2009-06-28 21:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-28 14:44 . 2009-06-28 14:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-28 14:43 . 2009-06-28 14:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-20 05:18 . 2009-06-20 05:18 -------- d-----w- c:\documents and settings\Bryan\Application Data\Canneverbe_Limited
2009-06-20 05:18 . 2009-06-20 05:18 -------- d-----w- c:\program files\CDBurnerXP
2009-06-20 04:16 . 2009-06-20 04:16 -------- d-----w- c:\documents and settings\Bryan\Application Data\AVS4YOU
2009-06-20 04:16 . 2009-06-20 04:16 -------- d-----w- c:\documents and settings\Bryan\Application Data\DivX
2009-06-20 04:16 . 2009-06-20 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-06-20 04:14 . 2009-06-20 04:18 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-20 04:14 . 2009-01-28 12:49 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-06-20 04:14 . 2009-01-28 12:49 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-06-20 04:14 . 2009-01-28 12:49 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-20 04:14 . 2009-06-20 04:18 -------- d-----w- c:\program files\AVS4YOU
2009-06-20 04:14 . 2009-01-28 12:49 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-06-20 04:14 . 2009-01-28 12:49 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-11 02:04 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 02:04 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-07 16:34 . 2009-06-07 16:34 -------- d-----w- c:\documents and settings\Bryan\Application Data\DragonicaSCB
2009-06-07 15:25 . 2009-06-07 15:25 -------- d-----w- c:\program files\IAHGames
2009-06-04 04:25 . 2009-06-04 05:23 -------- d-----w- c:\documents and settings\Bryan\Application Data\ImgBurn
2009-06-04 04:23 . 2009-06-04 04:23 -------- d-----w- c:\program files\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 00:53 . 2008-05-03 16:17 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-07-01 14:25 . 2008-05-04 13:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-01 13:50 . 2008-05-05 00:06 -------- d-----w- c:\documents and settings\Bryan\Application Data\uTorrent
2009-06-28 14:58 . 2008-12-03 01:06 -------- d-----w- c:\program files\DivX
2009-06-28 14:47 . 2008-08-27 02:14 -------- d-----w- c:\program files\Google
2009-06-19 03:29 . 2008-05-10 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-17 03:16 . 2008-07-30 16:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-12 02:02 . 2008-07-30 16:06 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-11 06:37 . 2008-05-03 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 06:37 . 2009-02-12 16:40 -------- d-----w- c:\program files\Garena
2009-06-09 11:29 . 2008-12-23 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-09 11:29 . 2008-12-23 15:46 -------- d-----w- c:\program files\Spyware Terminator
2009-06-09 11:11 . 2008-12-23 15:46 -------- d-----w- c:\documents and settings\Bryan\Application Data\Spyware Terminator
2009-06-09 03:15 . 2008-05-04 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-06-08 17:13 . 2008-10-22 01:39 -------- d-----w- c:\program files\IObit
2009-06-08 17:01 . 2008-12-22 04:26 -------- d-----w- c:\documents and settings\Bryan\Application Data\IObit
2009-06-08 16:59 . 2009-05-28 10:16 -------- d-----w- c:\program files\eToro
2009-06-08 16:59 . 2009-05-05 14:49 -------- d-----w- c:\documents and settings\Bryan\Application Data\Raptr
2009-06-08 16:59 . 2008-08-21 16:12 -------- d-----w- c:\program files\LimeWire
2009-06-08 16:59 . 2008-06-01 05:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-29 06:18 . 2008-08-21 16:14 -------- d-----w- c:\documents and settings\Bryan\Application Data\LimeWire
2009-05-19 04:49 . 2008-11-14 06:33 -------- d-----w- c:\program files\Warcraft III
2009-05-13 05:15 . 2007-07-27 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 01:26 . 2009-02-03 01:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-07 15:44 . 2007-07-27 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 14:52 . 2008-09-08 06:44 -------- d--h--w- c:\documents and settings\Bryan\Application Data\ijjigame
2009-05-05 14:51 . 2009-05-05 14:51 -------- d-----w- c:\documents and settings\Bryan\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
2009-05-05 14:49 . 2009-05-05 14:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-17 09:58 . 2007-07-27 12:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2007-07-27 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ---
Company: Microsoft Corporation
File Description: Microsoft® C Runtime Library
File Version: 8.00.50727.1433
Product Name: Microsoft® Visual Studio® 2005
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: MSVCR80.DLL
File size: 635904
Created time: 2007-10-23 17:47
Modified time: 2007-10-23 17:47
MD5: 6C34B81172080D41F1003AF9EB35EC14
SHA1: CD6E9506B4EB72DFD665075B3D7C31DBA1480891

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-07-27 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-01 1124352]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WUSB54Gv4"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-07-13 14679552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-5-4 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 01:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/31/2008 12:06 AM 327688]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/3/2009 9:49 AM 298776]
R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [5/4/2008 12:09 AM 79616]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1c9f7fee7e7c5d0;Google Update Service (gupdate1c9f7fee7e7c5d0);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2009 10:43 PM 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Bryan\Desktop\Cabalsea\NtProcDrv.sys --> c:\documents and settings\Bryan\Desktop\Cabalsea\NtProcDrv.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [7/1/2009 10:55 PM 29584]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 09:57]

2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 14:43]

2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 14:43]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Tech Wonders - c:\windows\system32\Tech Wonder.exe
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\9glzo0so.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.http - 140.127.81.86
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox 3 Beta 5\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox 3 Beta 5\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 09:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Tech Wonders = c:\windows\system32\Tech Wonder.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5048)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\AVG\AVG8\avgupd.exe
.
**************************************************************************
.
Completion time: 2009-07-04 9:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-04 01:08
ComboFix2.txt 2009-07-03 09:41

Pre-Run: 20,529,496,064 bytes free
Post-Run: 20,518,363,136 bytes free

310