ComboFix 09-06-22.08 - Shaka 06/23/2009 3:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1790.1266 [GMT -7:00]
Running from: c:\users\Shaka\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2281177520-812670149-4258392394-500
c:\$recycle.bin\S-1-5-21-2330998901-1206937444-1990037922-500
c:\$recycle.bin\S-1-5-21-957388825-4026625574-79556735-1000
c:\windows\system32\11BA.tmp
c:\windows\system32\1908.tmp
c:\windows\system32\1ABD.tmp
c:\windows\system32\5ED2.tmp
c:\windows\system32\6213.tmp
c:\windows\system32\702D.tmp
c:\windows\system32\A4B7.tmp
c:\windows\system32\EADA.tmp
c:\windows\system32\SystemService32
c:\windows\system32\WBkbSv6.vbs
c:\$recycle.bin\S-1-5-21-2281177520-812670149-4258392394-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2330998901-1206937444-1990037922-500\desktop.ini
c:\$recycle.bin\S-1-5-21-957388825-4026625574-79556735-1000\desktop.ini
c:\users\Shaka\AppData\Roaming\02000000a063657d608C.manifest
c:\users\Shaka\AppData\Roaming\02000000a063657d608O.manifest
c:\users\Shaka\AppData\Roaming\02000000a063657d608P.manifest
c:\users\Shaka\AppData\Roaming\02000000a063657d608S.manifest
c:\windows\system32\dsprop32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SystemService32\BF6B.tmp
.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 08:45 . 2009-06-23 08:45 -------- d-sh--w- c:\windows\system32\SystemX86
2009-06-19 10:04 . 2009-06-19 10:04 -------- d-----w- c:\programdata\3DVIA
2009-06-19 10:03 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-06-19 10:03 . 2009-06-19 10:03 -------- d-----w- c:\program files\Virtools
2009-06-19 07:58 . 2009-06-19 07:58 -------- d-----w- c:\windows\system32\Adobe
2009-06-17 06:41 . 2009-06-17 06:41 -------- d-----w- c:\program files\Webzen
2009-06-15 22:36 . 2009-06-15 22:36 -------- d-----w- C:\zee_store
2009-06-15 22:19 . 2009-06-15 22:19 -------- d-----w- c:\program files\HyCam2
2009-06-13 06:21 . 2009-06-13 06:22 -------- d-----w- c:\users\Shaka\AppData\Local\Microsoft Games
2009-06-10 06:40 . 2009-06-10 06:40 -------- d-----w- c:\program files\NickOnline
2009-06-10 06:39 . 2009-06-10 06:39 -------- d-----w- c:\users\Shaka\AppData\Local\Downloaded Installations
2009-06-09 22:59 . 2009-06-09 23:16 -------- d-----w- c:\users\Shaka\AppData\Roaming\TeamViewer
2009-06-03 02:37 . 2009-06-03 02:38 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-02 04:33 . 2009-06-02 04:33 -------- d-----w- c:\program files\Sun
2009-05-31 03:52 . 2009-06-17 06:45 34 ----a-w- c:\users\Shaka\jagex_runescape_preferences.dat
2009-05-31 03:51 . 2009-06-03 14:26 -------- d-----w- c:\windows\.jagex_cache_32
2009-05-30 21:22 . 2009-06-02 04:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-30 01:06 . 2009-05-30 01:06 -------- d-----w- c:\users\Shaka\AppData\Roaming\Template
2009-05-29 01:51 . 2009-05-29 01:52 -------- d-----w- C:\ijji
2009-05-28 06:17 . 2009-05-28 06:17 -------- d-----w- c:\users\Shaka\AppData\Roaming\NCH Swift Sound
2009-05-28 06:16 . 2009-06-05 04:29 -------- d-----w- c:\programdata\NCH Swift Sound
2009-05-28 06:16 . 2009-05-28 06:17 -------- d-----w- c:\program files\NCH Swift Sound
2009-05-27 00:02 . 2009-05-27 00:02 -------- d-----w- c:\users\Shaka\New Folder
2009-05-26 23:31 . 2009-05-26 23:32 -------- d-----w- c:\programdata\RapidSolution
2009-05-26 23:30 . 2009-05-26 23:30 -------- d-----w- c:\users\Shaka\AppData\Local\Scramby Recordings
2009-05-26 23:30 . 2009-05-26 23:30 -------- d-----w- c:\program files\RapidSolution
2009-05-25 19:53 . 2009-05-25 20:07 -------- d-----w- c:\users\Shaka\AppData\Roaming\Ventrilo
2009-05-25 19:52 . 2009-05-25 19:54 -------- d-----w- c:\users\Shaka\riotscape.comv4
2009-05-25 19:48 . 2009-05-25 19:48 -------- d-----w- C:\.Cozmoscape_cache
2009-05-25 19:37 . 2009-05-25 19:37 -------- d-----w- c:\program files\Ventrilo
2009-05-25 19:36 . 2009-05-25 19:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 08:45 . 2009-06-23 08:45 0 ----a-w- c:\windows\system32\1C53.tmp
2009-06-23 08:45 . 2009-06-23 08:45 0 ----a-w- c:\windows\system32\1A11.tmp
2009-06-21 23:14 . 2009-06-21 23:14 0 ----a-w- c:\windows\system32\A8E5.tmp
2009-06-21 23:14 . 2009-06-21 23:14 0 ----a-w- c:\windows\system32\A6B2.tmp
2009-06-20 07:14 . 2009-06-20 07:14 0 ----a-w- c:\windows\system32\5F44.tmp
2009-06-18 15:14 . 2009-06-18 15:14 0 ----a-w- c:\windows\system32\187B.tmp
2009-06-17 06:43 . 2008-10-28 21:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 01:24 . 2009-06-03 05:14 -------- d-----w- c:\users\Shaka\AppData\Roaming\FrostWire
2009-06-15 20:58 . 2009-06-15 20:58 0 ----a-w- c:\windows\system32\E8B7.tmp
2009-06-14 04:58 . 2009-06-14 04:58 0 ----a-w- c:\windows\system32\A265.tmp
2009-06-12 12:58 . 2009-06-12 12:58 0 ----a-w- c:\windows\system32\5C42.tmp
2009-06-10 20:58 . 2009-06-10 20:58 0 ----a-w- c:\windows\system32\16B6.tmp
2009-06-09 22:59 . 2009-06-03 02:48 -------- d-----w- c:\users\Shaka\AppData\Roaming\FileZilla
2009-06-09 07:59 . 2009-06-09 07:59 0 ----a-w- c:\windows\system32\580A.tmp
2009-06-09 07:59 . 2009-06-09 07:59 0 ----a-w- c:\windows\system32\55D7.tmp
2009-06-07 15:59 . 2009-06-07 15:59 0 ----a-w- c:\windows\system32\FA7.tmp
2009-06-06 21:53 . 2009-06-06 21:48 -------- d-----w- c:\users\Shaka\AppData\Roaming\gtk-2.0
2009-06-06 02:23 . 2009-06-06 02:23 -------- d-----w- c:\program files\GIMP-2.0
2009-06-03 05:27 . 2009-06-03 05:27 0 ----a-w- c:\users\Shaka\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-06-03 05:14 . 2009-06-03 05:12 -------- d-----w- c:\program files\FrostWire
2009-06-03 05:12 . 2009-06-03 05:12 -------- d-----w- c:\program files\AskBarDis
2009-06-02 04:34 . 2009-05-11 00:24 -------- d-----w- c:\program files\Flock
2009-06-02 04:33 . 2008-10-28 21:49 -------- d-----w- c:\program files\Java
2009-05-30 01:06 . 2009-05-30 01:06 0 ----a-w- c:\users\Shaka\AppData\Roaming\wklnhst.dat
2009-05-22 01:38 . 2009-05-22 01:38 -------- d-----w- c:\programdata\CCP
2009-05-20 22:33 . 2009-05-20 22:33 93 ----a-w- c:\users\Shaka\AppData\Local\fusioncache.dat
2009-05-20 04:55 . 2009-05-20 04:55 -------- d-----w- c:\programdata\Turbine
2009-05-19 04:10 . 2009-05-17 07:41 -------- d-----w- c:\program files\Axife Mouse Recorder DEMO
2009-05-19 01:24 . 2009-05-11 00:06 -------- d-----w- c:\programdata\PMB Files
2009-05-19 01:24 . 2008-10-28 21:50 -------- d-----w- c:\program files\BigFix
2009-05-19 01:21 . 2009-05-19 01:21 -------- d-----w- c:\program files\Microsoft
2009-05-19 01:21 . 2009-05-14 23:23 -------- d-----w- c:\program files\Windows Live
2009-05-19 01:21 . 2009-05-19 01:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-19 01:20 . 2008-10-28 21:39 -------- d-----w- c:\programdata\Symantec
2009-05-19 00:11 . 2009-05-11 01:00 -------- d-----w- c:\users\Shaka\AppData\Roaming\DNA
2009-05-19 00:06 . 2009-05-11 01:14 31871 ----a-w- c:\programdata\nvModes.dat
2009-05-18 02:19 . 2009-05-18 01:56 -------- d-----w- c:\program files\TG Games
2009-05-17 10:12 . 2009-05-17 01:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-05-17 07:32 . 2009-05-17 07:32 -------- d-----w- c:\program files\JitBit
2009-05-17 01:29 . 2009-05-17 01:29 -------- d-----w- c:\programdata\Blizzard
2009-05-16 20:08 . 2009-05-16 20:04 -------- d-----w- c:\programdata\NexonUS
2009-05-14 23:15 . 2009-05-14 23:15 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-13 04:13 . 2009-05-13 04:13 -------- d-----w- c:\users\Shaka\AppData\Roaming\InstallShield
2009-05-13 00:36 . 2009-05-13 00:36 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-05-12 22:13 . 2009-05-12 07:15 -------- d-----w- c:\program files\Cheat Engine
2009-05-11 01:15 . 2008-10-28 20:57 -------- d-----w- c:\programdata\NVIDIA
2009-05-11 01:14 . 2008-10-28 21:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-11 01:14 . 2007-10-10 07:20 -------- d-----w- c:\program files\Google
2009-05-11 00:24 . 2009-05-11 00:24 0 ----a-w- c:\windows\nsreg.dat
2009-05-11 00:24 . 2009-05-11 00:24 -------- d-----w- c:\users\Shaka\AppData\Roaming\Flock
2009-05-11 00:15 . 2009-05-11 00:15 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-11 00:05 . 2009-05-11 00:05 -------- d-----w- c:\program files\Pando Networks
2009-05-10 22:45 . 2009-05-10 22:45 75264 ----a-w- c:\users\Shaka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-10 22:45 . 2009-05-10 22:45 -------- d-----w- c:\users\Shaka\AppData\Roaming\Symantec
2009-05-10 22:43 . 2009-05-10 22:43 -------- d-----w- c:\program files\WalMart
2009-05-10 22:43 . 2009-05-10 22:43 -------- d-----w- c:\program files\eBay
2009-04-27 07:42 . 2008-10-28 20:52 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 05:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 92704]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"Turbine Download Manager Tray Icon"="d:\games\MMORPGS\Turbine Download Manager\TurbineDownloadManagerIcon.exe" [2009-06-17 472568]
"Axon"="c:\program files\NCH Swift Sound\Axon\axon.exe" [2009-05-28 835588]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-02 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-20 6144000]
c:\users\Shaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DEE35472-02DF-4BF3-82A3-8FCCE03A76A0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6235183E-A529-4480-A6BF-5BAFAD8A4229}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4FF9A41D-44E4-472B-8F10-E8CEC3915A2B}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8F33D57B-DF6E-4745-AAB4-84B1CE92135B}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{D5541458-A158-4523-B372-359C6E61E37C}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"TCP Query User{BDD5ECA9-ED17-4760-A8D4-8DA37A4464AE}e:\\website\\darkeden eternity\\darkeden.exe"= UDP:e:\website\darkeden eternity\darkeden.exe:DarkEdenEternity
"UDP Query User{423DFA92-EFDC-4E82-87B5-9AC3A91BF408}e:\\website\\darkeden eternity\\darkeden.exe"= TCP:e:\website\darkeden eternity\darkeden.exe:DarkEdenEternity
"{3FCD7F39-2E3F-4B6F-9D2F-DE10BDC9D22E}"= UDP:d:\games\MMORPGS\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{61E2F275-B51D-424D-8854-D36029036A38}"= TCP:d:\games\MMORPGS\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{6A811860-8771-4525-87EB-05812B0B78A0}"= UDP:d:\games\MMORPGS\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"{33461229-2F78-4C6F-AD5F-D3E5D77520B1}"= TCP:d:\games\MMORPGS\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"TCP Query User{68ED711B-63E0-4362-A1F7-2A1A7ACB3626}d:\\games\\mmorpgs\\lotro\\lotroclient.exe"= UDP:d:\games\mmorpgs\lotro\lotroclient.exe:lotroclient
"UDP Query User{F1E44B0E-F39B-4331-8F9C-E9404FC35329}d:\\games\\mmorpgs\\lotro\\lotroclient.exe"= TCP:d:\games\mmorpgs\lotro\lotroclient.exe:lotroclient
"{DD2AE297-DCAD-4844-8241-069C7D333A50}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe:Blizzard Downloader
"{D133C274-5009-4302-BA9A-D143A0848816}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enGB-downloader.exe:Blizzard Downloader
"{FA45DC7A-2E71-44A5-AD8D-753B5AB1D701}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{59D6D3E6-631E-4E4F-9AA0-9F7F40880324}d:\\games\\mmorpgs\\world of warcraft trial\\world of warcraft\\launcher.exe"= UDP:d:\games\mmorpgs\world of warcraft trial\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{24A3CF1B-6804-4A3C-A583-C6922D4F6F2F}d:\\games\\mmorpgs\\world of warcraft trial\\world of warcraft\\launcher.exe"= TCP:d:\games\mmorpgs\world of warcraft trial\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{0A84F347-5FEC-43C0-A0A3-E9BCE0222DAD}d:\\games\\mmorpgs\\eve onlnie\\bin\\exefile.exe"= UDP:d:\games\mmorpgs\eve onlnie\bin\exefile.exe:CCP ExeFile
"UDP Query User{A7FCB157-2B4B-4064-8F99-80D53D07F0DF}d:\\games\\mmorpgs\\eve onlnie\\bin\\exefile.exe"= TCP:d:\games\mmorpgs\eve onlnie\bin\exefile.exe:CCP ExeFile
"{6AA81266-8084-46B3-ADA8-4720078E79DF}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{700046DB-4682-4F74-8B59-324110DB7B31}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{0BADB332-5F1E-44C0-9D20-DB9A44135DAF}"= TCP:4100:uPNP Router Control Port
"{F8F9AB4B-271D-4416-8716-477B03C14AD4}"= UDP:81:Axon Virtual PBX Web Server
"{B2162C91-3190-4B2E-B292-CACC9CDFF213}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{6FB3A106-C49D-4814-B246-08CA09CB04B2}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{59BC1DC4-CE57-4477-A36A-3FB549AA95DC}"= UDP:d:\games\MMORPGS\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{7967D570-DE89-4646-9105-C74B5E1717F1}"= TCP:d:\games\MMORPGS\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{E7182381-6A1B-4551-808E-E76A5C20F74A}"= UDP:d:\games\MMORPGS\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"{16339C6B-F5F5-487D-A4A3-0A06B71CDC61}"= TCP:d:\games\MMORPGS\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [10/10/2007 12:21 AM 24576]
R2 LiveTurbineMessageService;Turbine Message Service - Live;d:\games\MMORPGS\Turbine Download Manager\TurbineMessageService.exe [5/19/2009 9:55 PM 267760]
R3 LiveTurbineNetworkService;Turbine Network Service - Live;d:\games\MMORPGS\Turbine Download Manager\TurbineNetworkService.exe [5/19/2009 9:55 PM 218608]
S2 AxonService;Axon Virtual PBX;c:\program files\NCH Swift Sound\Axon\axon.exe [5/27/2009 11:17 PM 835588]
S3 scramby_out;Scramby Output;c:\windows\System32\drivers\scramby_out.sys [8/8/2007 8:31 AM 23840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-eRecoveryService - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://today.ask.com/frostwire?o=101676&l=dis
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1007&m=el1200-07w
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 03:09
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Shaka\AppData\Roaming\Microsoft\Windows\Cookies\shaka@msn[1].txt
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\consent.exe
.
**************************************************************************
.
Completion time: 2009-06-23 3:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-23 10:12
Pre-Run: 33,226,846,208 bytes free
Post-Run: 34,376,314,880 bytes free
241