R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [9/6/2009 3:04 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/6/2009 3:04 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/6/2009 3:04 PM 108552]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [8/22/2009 5:06 PM 78848]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/6/2009 3:04 PM 297752]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [8/15/2008 5:58 PM 472644]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [6/1/2005 3:00 PM 76325]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-492894223-839522115-1004Core.job
- c:\documents and settings\mikey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-15 08:28]
2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-492894223-839522115-1004UA.job
- c:\documents and settings\mikey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-15 08:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\mikey\Application Data\Mozilla\Firefox\Profiles\nmqqiwva.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gghp
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\mikey\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-09 14:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="2419F1EF15EF5577CC503FA81D791F06EF1868F77F7133C7E193A7B8EFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74CC038D530D6EB3452488F85555B05B435FE9EF0B48FD2E0E6DF469B4E709BF6E0AF57B89031C0C166ADFB0906C24B2B3045B64D101DF711737AFCFC3360576472BFDED77148F9A02083B742326B3314D09E7AEDBE4B63EDFD8A86584EB459A498EB8D191CEE3EACEBE6897B16C0177E0E4FC26C96BCD062E4166B372C62DE9F391E3E1076116C6B564A3BF592C316AA3DEB6BD50F27BF0F69F9B6917E7669739F98CD440DADA593D5729C63A98795111E61D2AA46D2F447B065FA551D8C3D6FFA709EAF8D57D015407A7F6E843539DC4FEC5DE07C1D7892C45C4B667FD86419DA8D15C1C9361811CFCE3BB26F096FE95422736016F7172D91374198C5A0AC27B7AC9CDD3B0769DC26B1AA3E5853E5CC97E7FE061DE7DF8469207837303EA587ECDE22DA7B16F702C5B92B17D5F78E4B64F8F1A33E8728BD03181380A5A0A5DBB50A960349C7B7BD16CE21351E6FA2E06BE23E7EC9030831F4F2B526AFC84475B76470168794E4826231F0038CC61DBAC08A5B4FB41B59E73F58874DFA4DE0DFF67DA847BD067CF3D9708762A29CBB3C5D25464398A63F2341443510DBD99AD6DFB4BDBD16BD416D90F353A583A602FA1EBDFDFA318D9C57C185F17E47ABD749BF3E3014DF6CB8FCFD744517772DB8434133068BE04E99296A40EE995615425DC7A307D80EDAAD627C7F54F0698A6812EC38657D2CF8227647ECE7D5C7FB456B9042CA9038E2AD93CBF87CE26A31631A2954A94FBA33E6CDCA57181FFCDB9300144A0AB097F58BB990143C12ADA53AC2E26161F05A375BF34A9E3FD2FBC1A05BAFC056258B955D3450DB15960BFD44A5690E1F47FCD038DE7E3623C2EED0A7F1A6FCC4CC98D9FC9278AD0FFB7E671E12725EFBAC3562793A05670D35A4BD24EB9EAE6FF963ED881BD53C33C2A9A3A60A9527926C3EE05FE55FCC48648CD4582723D3F2F43911E1C79E0C91DD4D067F444E160448F2D4EEF5F256A5FE3E73C733A141F2F7061630C5E878BC3654F5912BFEA67376565D6EB189C67BA4F38BBD556D2292B1DF655D752F2D4AA8C77086DDEAAD871E0C2A6B155038A06D8AA44704BBF1FD45FBF896ED52AD55825A064FADBAD1ECDCDC80354D5994F1E305D7B36E2701E14B35E0CD7895CEFD8A5DD91D22FA8D524335BAE0C0189CD08387D399F3AF74EE4D8AC0BA129F3A6477CA2668749BAFECD7A7C5450668E321C0DD5AD028B5455CCA1F4ED66D7C6F3176BD356C95F05A739368A100678552CC0075C27855014062B6B9D6DFEE1BBD8D26756827A5B305A1E1CFE5F06692A3BE1D"
"OOCC06.00.00.01WSSV"="B9398204046D65564D2E89E88310EAE09DB3578CD5AB94715C762E731CBD27DD850F8E2CF032BD578E7FCE187A9F7AC4DF3F77534E9A10A5A1D4F61A271C1E8CDA7E9D4C6AF055225AEE717978BBF1BDF4185181D489050A93825D421CF389BE0BB93F54C150D2634E48B75C2E77BEA7E7C17E689794C1CB4659715DC3083F12D8929AF600DCB0497CF67AD5FE469F6437E1AC1EF6B66C1CC75A56A29B80E829FC0366ACDC07BE89678B27BD0283A858D3C020F906D5FCB114A7C20DD46803AAA326EDAFC8239DDA8B3BBDB083E9C1EA24CEAC9A8E35C0C4210881D8D52FE0426CBA927E65FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A9C6AECB7A5D14077BA9F00DFCCDF309742D6E20C31D2A464C032C12979CE6F82BDBAA3FD3615CB3F2498D25BE5A072FE0D955C1F109F190400320BD549802FAAD5509E8A3BB5376E787850991DCAE25B6CE63F26D9E7E43D589C7FA5D2CE303FE314E2E295A53A9F829A9E0169B4206BA57D90A4FB6E5BA1B0575EEE4E206CA192300A1CD9F520129C74FCD0D6B5A261A0D01D3533E848507B981B1BDDEA33C59332749208110E55D4FD063DE39558AE266220F5834F8E36F3DC7D1E255BDF7013ECE9ED18A0CF461010B261502D76A8AA68CF1E2AEA54F92F92750EE8E985135728911B7578B7E64F16013E0DB4536E56792231CD333F010AF8420256A3B4F8053E900CC1C1887F50AB61A136C480EB2178CBE4D610BA6EBF0C52C6957F2AE4E3A0AC3AF9E00C68E06F51B226FCFC70FF75255E8A75D048F25D7D044DB4FDC71D18526A039522B09780E6F2BB30EECFE1F446A808A1ECE4706A9DF6291247F209A7EE30659E554A1C36F61EB9DF7BA69F645F54E8182034323AF9D95250AEDF0E719306A8352957D22103147A348A399BBBAE42D9A864D17DD60C2D2D75D3164E17DB0FA4BF5792020699044D0FECABF0190169C7469113CED39FC32003E0C59845800895C71BB769DF8268DC4DA8C6EAB35DDBF442F648FDEB86DF10590F0971E5AAB0DF42ACBCC50C08D72B2E4751EF59A84E0519D13CF8E622871E57B854753B7359E674A4FD7C146D66662E5C6A8ED37466AF9419AA1303E38B532EDA7759D2B937C98BC9EAC4D93837EAEEBF54E7386D2EC2C67AC8EC9D797689115661345EE2F0805334745A3B50B7606C92C333E874F1B6DA43203B6BE3AD6BA6705776DC4E84839250801CABD59AEED95C8DC57BBD14FD550C3CDA58604EFFD9BFADA88F08F65D8C8D5219BC24CA77B29DA399DAA6782128430A51A47CC4BB9AD735ADD3DEBAE999D594DC0DD388ADA23A91541DD8F55E1A1FAA0E99CE31FE35ECDF809F4361546E2EF0F3DACE19FCB642EA5C9E5"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-09-09 14:33
ComboFix-quarantined-files.txt 2009-09-09 19:32
Pre-Run: 35,132,518,400 bytes free
Post-Run: 35,091,484,672 bytes free
279 --- E O F --- 2009-09-01 21:00
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/6/2009 3:04 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/6/2009 3:04 PM 108552]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [8/22/2009 5:06 PM 78848]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/6/2009 3:04 PM 297752]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [8/15/2008 5:58 PM 472644]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [6/1/2005 3:00 PM 76325]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-492894223-839522115-1004Core.job
- c:\documents and settings\mikey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-15 08:28]
2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-492894223-839522115-1004UA.job
- c:\documents and settings\mikey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-15 08:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\mikey\Application Data\Mozilla\Firefox\Profiles\nmqqiwva.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gghp
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\mikey\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-09 14:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="2419F1EF15EF5577CC503FA81D791F06EF1868F77F7133C7E193A7B8EFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555FEBC9E127BECC74CC038D530D6EB3452488F85555B05B435FE9EF0B48FD2E0E6DF469B4E709BF6E0AF57B89031C0C166ADFB0906C24B2B3045B64D101DF711737AFCFC3360576472BFDED77148F9A02083B742326B3314D09E7AEDBE4B63EDFD8A86584EB459A498EB8D191CEE3EACEBE6897B16C0177E0E4FC26C96BCD062E4166B372C62DE9F391E3E1076116C6B564A3BF592C316AA3DEB6BD50F27BF0F69F9B6917E7669739F98CD440DADA593D5729C63A98795111E61D2AA46D2F447B065FA551D8C3D6FFA709EAF8D57D015407A7F6E843539DC4FEC5DE07C1D7892C45C4B667FD86419DA8D15C1C9361811CFCE3BB26F096FE95422736016F7172D91374198C5A0AC27B7AC9CDD3B0769DC26B1AA3E5853E5CC97E7FE061DE7DF8469207837303EA587ECDE22DA7B16F702C5B92B17D5F78E4B64F8F1A33E8728BD03181380A5A0A5DBB50A960349C7B7BD16CE21351E6FA2E06BE23E7EC9030831F4F2B526AFC84475B76470168794E4826231F0038CC61DBAC08A5B4FB41B59E73F58874DFA4DE0DFF67DA847BD067CF3D9708762A29CBB3C5D25464398A63F2341443510DBD99AD6DFB4BDBD16BD416D90F353A583A602FA1EBDFDFA318D9C57C185F17E47ABD749BF3E3014DF6CB8FCFD744517772DB8434133068BE04E99296A40EE995615425DC7A307D80EDAAD627C7F54F0698A6812EC38657D2CF8227647ECE7D5C7FB456B9042CA9038E2AD93CBF87CE26A31631A2954A94FBA33E6CDCA57181FFCDB9300144A0AB097F58BB990143C12ADA53AC2E26161F05A375BF34A9E3FD2FBC1A05BAFC056258B955D3450DB15960BFD44A5690E1F47FCD038DE7E3623C2EED0A7F1A6FCC4CC98D9FC9278AD0FFB7E671E12725EFBAC3562793A05670D35A4BD24EB9EAE6FF963ED881BD53C33C2A9A3A60A9527926C3EE05FE55FCC48648CD4582723D3F2F43911E1C79E0C91DD4D067F444E160448F2D4EEF5F256A5FE3E73C733A141F2F7061630C5E878BC3654F5912BFEA67376565D6EB189C67BA4F38BBD556D2292B1DF655D752F2D4AA8C77086DDEAAD871E0C2A6B155038A06D8AA44704BBF1FD45FBF896ED52AD55825A064FADBAD1ECDCDC80354D5994F1E305D7B36E2701E14B35E0CD7895CEFD8A5DD91D22FA8D524335BAE0C0189CD08387D399F3AF74EE4D8AC0BA129F3A6477CA2668749BAFECD7A7C5450668E321C0DD5AD028B5455CCA1F4ED66D7C6F3176BD356C95F05A739368A100678552CC0075C27855014062B6B9D6DFEE1BBD8D26756827A5B305A1E1CFE5F06692A3BE1D"
"OOCC06.00.00.01WSSV"="B9398204046D65564D2E89E88310EAE09DB3578CD5AB94715C762E731CBD27DD850F8E2CF032BD578E7FCE187A9F7AC4DF3F77534E9A10A5A1D4F61A271C1E8CDA7E9D4C6AF055225AEE717978BBF1BDF4185181D489050A93825D421CF389BE0BB93F54C150D2634E48B75C2E77BEA7E7C17E689794C1CB4659715DC3083F12D8929AF600DCB0497CF67AD5FE469F6437E1AC1EF6B66C1CC75A56A29B80E829FC0366ACDC07BE89678B27BD0283A858D3C020F906D5FCB114A7C20DD46803AAA326EDAFC8239DDA8B3BBDB083E9C1EA24CEAC9A8E35C0C4210881D8D52FE0426CBA927E65FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A6A0AC4980AC7933A9C6AECB7A5D14077BA9F00DFCCDF309742D6E20C31D2A464C032C12979CE6F82BDBAA3FD3615CB3F2498D25BE5A072FE0D955C1F109F190400320BD549802FAAD5509E8A3BB5376E787850991DCAE25B6CE63F26D9E7E43D589C7FA5D2CE303FE314E2E295A53A9F829A9E0169B4206BA57D90A4FB6E5BA1B0575EEE4E206CA192300A1CD9F520129C74FCD0D6B5A261A0D01D3533E848507B981B1BDDEA33C59332749208110E55D4FD063DE39558AE266220F5834F8E36F3DC7D1E255BDF7013ECE9ED18A0CF461010B261502D76A8AA68CF1E2AEA54F92F92750EE8E985135728911B7578B7E64F16013E0DB4536E56792231CD333F010AF8420256A3B4F8053E900CC1C1887F50AB61A136C480EB2178CBE4D610BA6EBF0C52C6957F2AE4E3A0AC3AF9E00C68E06F51B226FCFC70FF75255E8A75D048F25D7D044DB4FDC71D18526A039522B09780E6F2BB30EECFE1F446A808A1ECE4706A9DF6291247F209A7EE30659E554A1C36F61EB9DF7BA69F645F54E8182034323AF9D95250AEDF0E719306A8352957D22103147A348A399BBBAE42D9A864D17DD60C2D2D75D3164E17DB0FA4BF5792020699044D0FECABF0190169C7469113CED39FC32003E0C59845800895C71BB769DF8268DC4DA8C6EAB35DDBF442F648FDEB86DF10590F0971E5AAB0DF42ACBCC50C08D72B2E4751EF59A84E0519D13CF8E622871E57B854753B7359E674A4FD7C146D66662E5C6A8ED37466AF9419AA1303E38B532EDA7759D2B937C98BC9EAC4D93837EAEEBF54E7386D2EC2C67AC8EC9D797689115661345EE2F0805334745A3B50B7606C92C333E874F1B6DA43203B6BE3AD6BA6705776DC4E84839250801CABD59AEED95C8DC57BBD14FD550C3CDA58604EFFD9BFADA88F08F65D8C8D5219BC24CA77B29DA399DAA6782128430A51A47CC4BB9AD735ADD3DEBAE999D594DC0DD388ADA23A91541DD8F55E1A1FAA0E99CE31FE35ECDF809F4361546E2EF0F3DACE19FCB642EA5C9E5"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-09-09 14:33
ComboFix-quarantined-files.txt 2009-09-09 19:32
Pre-Run: 35,132,518,400 bytes free
Post-Run: 35,091,484,672 bytes free
279 --- E O F --- 2009-09-01 21:00