Combofix Log
Prior to creating the log, combofix said it needed to check some files with malware. It attempted to connect to a site but was not able to do so. I will see if I can run this manually and post the log in another response. Here's the log without this. When it was running, it deleted a lot of files due to another infected system file.
ComboFix 11-01-17.03 - Carrie 01/17/2011 19:26:40.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.921 [GMT -6:00]
Running from: c:\users\Carrie\Desktop\ComboFix.exe
Command switches used :: c:\users\Carrie\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\UniBox10.ocx"
"c:\windows\system32\UniBox210.ocx"
"c:\windows\system32\UniBoxVB12.ocx"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DebugDiag
c:\program files\DebugDiag\config.xml
c:\program files\DebugDiag\Logs\DbgSVC_Date__01_11_2011__Time_04_50_15PM__104__Log.txt
c:\program files\DebugDiag\Logs\PerfLogs\PerfLog_Date__01_11_2011__Time_04_55_05PM__216.blg
c:\program files\DebugDiag\ServiceState.xml
c:\users\Carrie\AppData\Local\PackageAware
c:\users\Carrie\AppData\Roaming\Uniblue
c:\users\Carrie\AppData\Roaming\Uniblue\RegistryBooster\error.log
c:\users\Carrie\AppData\Roaming\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\users\Carrie\AppData\Roaming\Uniblue\RegistryBooster\last_scan.dat
c:\users\Carrie\AppData\Roaming\Uniblue\RegistryBooster\settings.dat
c:\windows\system32\UniBox10.ocx
c:\windows\system32\UniBox210.ocx
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
--------------- FCopy ---------------
c:\windows\ERDNT\cache\userinit.exe --> c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.
2011-01-18 01:44 . 2011-01-18 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 03:26 . 2011-01-15 03:26 883488 ----a-w- c:\users\Carrie\JavaSetup6u23.exe
2011-01-13 03:46 . 2011-01-13 03:49 296448 ----a-w- c:\users\Carrie\GMER.exe
2011-01-13 02:55 . 2011-01-13 02:55 -------- d-----w- c:\users\Carrie\AppData\Roaming\Malwarebytes
2011-01-13 02:54 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 02:53 . 2011-01-13 02:53 -------- d-----w- c:\programdata\Malwarebytes
2011-01-13 02:53 . 2011-01-13 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 02:53 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 01:16 . 2011-01-13 01:17 446464 ----a-w- c:\users\Carrie\TFC.exe
2011-01-12 22:55 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 22:55 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 22:55 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 22:55 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 22:55 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 22:55 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 22:55 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-11 22:16 . 2011-01-11 22:16 5142528 ----a-w- c:\users\Carrie\DebugDiag.msi
2011-01-06 18:58 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-01-06 18:18 . 2011-01-11 20:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-06 18:18 . 2011-01-06 18:18 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-06 18:18 . 2011-01-06 18:18 -------- d-----w- c:\program files\Symantec
2011-01-06 18:17 . 2011-01-07 14:41 -------- d-----w- c:\windows\system32\drivers\NIS
2011-01-06 18:17 . 2011-01-06 18:17 -------- d-----w- c:\program files\Norton Internet Security
2011-01-06 04:16 . 2011-01-06 18:16 -------- d-----w- c:\program files\NortonInstaller
2011-01-06 04:12 . 2010-11-16 18:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D794A1D6-E553-42C6-A37E-92A614C642AD}\mpengine.dll
2011-01-06 04:12 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-04 22:15 . 2011-01-04 22:15 -------- d-----w- c:\users\Carrie\advfn
2010-12-22 21:21 . 2010-12-22 21:21 19396800 ----a-w- c:\users\Carrie\HP_Vista_PS_7150.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-15 03:35 . 2010-08-08 13:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-14 23:24 . 2008-08-07 22:10 0 ----a-w- c:\users\Carrie\AppData\Local\WavXMapDrive.bat
2010-12-18 02:43 . 2010-12-18 02:43 45056 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle.exe1_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43 . 2010-12-18 02:43 45056 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle.exe_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43 . 2010-12-18 02:43 45056 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\ARPPRODUCTICON.exe
2010-12-18 02:43 . 2010-12-18 02:43 204800 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle_Data_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-11-04 18:56 . 2010-12-14 22:57 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-14 22:57 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-14 22:57 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-14 22:57 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-14 22:57 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-14 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-14 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-14 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-14 22:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:57 . 2010-12-14 22:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:01 . 2010-12-14 22:56 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-14 22:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-14 22:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-14 22:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-14 22:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-14 22:56 2048 ----a-w- c:\windows\system32\tzres.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-01 68856]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-06-29 42392]
"NortonUtilities"="c:\program files\Norton Utilities 14\RMTray.exe" [2009-09-14 279912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-15 30192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe" [2010-11-12 273672]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-06-29 42392]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-1 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 CFcatchme;CFcatchme;c:\users\Carrie\AppData\Local\Temp\CFcatchme.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-15 30192]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-08-11 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-08-11 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-08-11 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-08-11 59904]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110114.002\IDSvix86.sys [2010-11-09 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-06 102448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:05]
2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-01-17 19:50
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2011-01-17 20:20:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-18 02:20
ComboFix2.txt 2011-01-14 23:54
Pre-Run: 15,876,964,352 bytes free
Post-Run: 15,883,575,296 bytes free
- - End Of File - - B2407419CD17FED480266643A5478151