ComboFix 11-08-13.02 - HP_Administrator 08/13/2011 12:28:56.8.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2656 [GMT -4:00] Running from: c:\documents and settings\HP_Administrator\Desktop\combofix.exe AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\system32\ps2.bat . -- Previous Run -- . c:\windows\system32\kernel32.dll . . . is infected!! . -------- . . ((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 ))))))))))))))))))))))))))))))) . . 2011-08-11 19:14 . 2011-08-11 19:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-10 21:07 . 2011-06-24 14:10 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-10 21:07 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys 2011-08-10 18:35 . 2011-08-10 18:35 -------- d-----w- C:\HiJackThis_Log 2011-08-10 10:03 . 2011-08-10 10:04 -------- d-----w- C:\Temp_k 2011-08-09 10:10 . 2011-08-09 10:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2011-08-08 20:50 . 2011-08-10 18:29 -------- d-----w- C:\Bitdefender_logs 2011-08-08 14:21 . 2011-08-08 14:24 -------- d-----w- C:\Registry_redirects_08-08-11 2011-08-07 20:08 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-08-07 19:07 . 2011-08-07 19:07 -------- d-----w- c:\program files\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-15 13:29 . 2004-08-10 12:00 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-10 12:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys 2011-07-06 23:52 . 2009-11-14 11:21 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 23:52 . 2009-11-14 11:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 23:26 . 2011-07-04 23:26 1409 ----a-w- c:\windows\QTFont.for 2011-06-28 22:14 . 2009-10-31 16:38 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-24 14:10 . 2004-08-10 12:00 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2011-06-21 18:45 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2011-06-21 18:45 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-06-21 18:45 . 2004-08-10 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-06-21 18:45 . 2004-08-10 12:00 17408 ------w- c:\windows\system32\corpol.dll 2011-06-21 11:47 . 2004-08-10 12:00 389120 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-02 14:02 . 2009-08-14 13:21 1858944 ------w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359] "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-12-25 71152] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2011-05-14 1198048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ Batch_File_Cookie_Delete.bat [2011-3-5 792] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Verizon Online Support Center.lnk - c:\program files\Verizon Online\bin\matcli.exe [2006-4-29 204800] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=c:\windows\pss\Updates from HP.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIMACE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2008-04-10 01:14 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] 2007-10-31 00:11 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] 2006-11-07 15:29 50736 ----a-w- c:\program files\AIM6\aim6.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2008-06-19 12:20 57344 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP] 2005-08-03 06:19 77312 ------w- c:\windows\arpwrmsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2010-07-05 00:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cafwc] c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector] c:\program files\Creative\MediaSource\Detector\CTDetect.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-06 03:56 64512 ------w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2006-05-10 00:24 50760 ----a-w- c:\program files\Common Files\AOL\1147530425\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-05-12 13:12 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] 2005-02-26 05:34 245760 ------w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 20:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] 2005-02-02 20:44 61440 ----a-w- c:\hp\KBD\kbd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2010-04-22 17:10 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-06 23:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder] 2006-05-15 19:24 101136 ----a-w- c:\program files\Microsoft Location Finder\LocationFinder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] 2008-04-14 09:41 177152 ----a-w- c:\windows\system32\mqrt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage] 1998-10-12 22:13 44032 ----a-w- c:\program files\Caere\OmniPagePro90\OPware32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3] 2004-02-13 19:40 307200 ------w- c:\program files\Tracker Software\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2010-02-11 04:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2008-04-10 01:11 2595792 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RemoteRegistry"=2 (0x2) "LxrJD31s"=2 (0x2) "TryAndDecideService"=2 (0x2) "LightScribeService"=2 (0x2) "iPod Service"=3 (0x3) "IDriverT"=3 (0x3) "Apple Mobile Device"=2 (0x2) "AcrSch2Svc"=3 (0x3) "MDM"=2 (0x2) "Lavasoft Ad-Aware Service"=3 (0x3) "gupdatem"=3 (0x3) "gupdate"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\1147530425\\ee\\aim6.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1147530425\\ee\\aolsoftware.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsvsvr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/4/2010 10:32 AM 64288] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/31/2009 12:38 PM 101720] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [4/1/2009 12:25 PM 85128] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2/26/2011 6:06 PM 238952] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/14/2009 7:21 AM 366640] S2 portD;CMS PortIO Service;c:\windows\system32\DRIVERS\portd2k.sys --> c:\windows\system32\DRIVERS\portd2k.sys [?] S2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/16/2006 7:56 PM 14976] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [6/26/2009 3:40 PM 183880] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [6/29/2009 3:12 PM 153448] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [6/26/2009 7:01 PM 111312] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2/26/2011 6:06 PM 36608] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/14/2009 7:21 AM 22712] S3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk.sys [1/8/2011 9:15 AM 10240] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 8:00 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/14/2010 1:13 PM 136176] S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/14/2010 1:13 PM 136176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan WINRM REG_MULTI_SZ WINRM . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-04-22 17:09 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-07-06 c:\windows\Tasks\JkDefragCmd.job - c:\jkdefrag3-6\JkDefragCmd.exe [2007-11-12 18:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://headlines.verizon.com/headlines/portals/headlines.portal mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/keyword/%s Trusted Zone: aaa.com\www Trusted Zone: ameritrade.com Trusted Zone: ameritrade.com\wwws Trusted Zone: detma.org\web Trusted Zone: download.microsoft.com Trusted Zone: ebay.com Trusted Zone: ebay.com\search.stores Trusted Zone: google.com\earth Trusted Zone: live.com\login Trusted Zone: microsoft.com\office Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: mortgagequestions.com\www Trusted Zone: paypal.com\www Trusted Zone: tdameritrade.com Trusted Zone: tfnn.com\www Trusted Zone: trendmicro.com Trusted Zone: update.microsoft.com Trusted Zone: verizon.com Trusted Zone: windowsupdate.microsoft.com TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-13 12:41 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(492) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1272) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2011-08-13 12:44:09 ComboFix-quarantined-files.txt 2011-08-13 16:44 . Pre-Run: 233,354,862,592 bytes free Post-Run: 233,330,126,848 bytes free . - - End Of File - - EB63CA699EFCB9BBDDE942553112202E