Tech Support Forum - View Single Post

meich · 01-26-2008, 04:25 PM

ComboFix 08-01-23.1C - Zach 2008-01-26 7:22:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126 [GMT -6:00]
Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zach\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\aslpmqk.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
hxxp://softworldnetwork2.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-21 13:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 12:38 . 2008-01-21 12:38 4,998 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-21 10:32 . 2008-01-21 10:32 <DIR> d-------- C:\Deckard
2008-01-21 08:39 . 2008-01-21 08:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-19 19:40 . 2008-01-19 18:40 90,112 --a------ C:\WINDOWS\fknxwqf.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 13:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-20 23:06 --------- d-----w C:\Program Files\ProfileWatcher
2007-12-14 02:24 --------- d-----w C:\Program Files\Smart GIF Creator
2007-12-12 01:28 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-12 01:28 --------- d-----w C:\Program Files\Qwest QuickConnect
2007-12-12 01:28 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-12-12 01:28 --------- d-----w C:\Program Files\MSN Encarta Standard
2007-12-12 01:28 --------- d-----w C:\Program Files\Microsoft Works
2007-12-12 01:28 --------- d-----w C:\Program Files\Easy Internet signup
2007-12-05 00:04 --------- d-----w C:\Program Files\AWS
2007-12-04 03:19 --------- d-----w C:\Program Files\AIM6
2007-12-03 00:58 --------- d-----w C:\Program Files\Kodak
2007-12-03 00:57 --------- d-----w C:\Program Files\Common Files\Kodak
2007-12-02 17:14 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 17:10 --------- d-----w C:\Program Files\MSN Messenger
2007-12-01 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 00:32 --------- d-----w C:\Program Files\Napster
2007-11-26 17:58 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-26 17:58 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-26 17:58 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-26 17:58 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-26 17:58 --------- d-----w C:\Program Files\Symantec
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-21_13.36.53.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 19:12:01 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 13:21:33 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-21 19:12:01 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 13:21:33 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-21 19:12:01 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 13:21:33 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-21 19:12:01 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 13:21:33 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-21 19:12:01 4,079,616 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-26 13:21:33 4,079,616 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-21 19:12:02 110,592 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 13:21:34 110,592 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-20 08:25 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"SiSPower"="Rundll32.exe" [2004-08-04 06:00 33280 C:\WINDOWS\system32\rundll32.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304]
"ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" [ ]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 01:11 771704]
"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe" [ ]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 14:07 69632]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 20:41 196608]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 23:55 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 05:42 176128]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37 229437]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-10-21 00:01:35 45056]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46 282624]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bxsnvqt"= {223BD268-FCD9-40DE-967D-15E21CECCE52} - C:\WINDOWS\bxsnvqt.dll [ ]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 00:50:00 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-01-20 14:24:41 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Brianna.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 07:26:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 7:28:25
ComboFix-quarantined-files.txt 2008-01-26 13:28:23
ComboFix2.txt 2008-01-21 19:37:10
.
2008-01-09 13:12:54 --- E O F ---

01-26-2008, 04:25 PM	#9 (permalink)
meich Registered User Join Date: Jan 2008 Posts: 15 OS: XP	Re: Trojan found and cannot get it deleted ComboFix 08-01-23.1C - Zach 2008-01-26 7:22:05.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126 [GMT -6:00] Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Zach\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\aslpmqk.dll C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm ----- BITS: Possible infected sites ----- hxxp://softworldnetwork.com hxxp://softworldnetwork2.com hxxp://onsafepro.com . ((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))) . 2008-01-21 13:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-21 12:38 . 2008-01-21 12:38 4,998 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-21 10:32 . 2008-01-21 10:32 <DIR> d-------- C:\Deckard 2008-01-21 08:39 . 2008-01-21 08:39 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-19 19:40 . 2008-01-19 18:40 90,112 --a------ C:\WINDOWS\fknxwqf.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-26 13:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-20 23:06 --------- d-----w C:\Program Files\ProfileWatcher 2007-12-14 02:24 --------- d-----w C:\Program Files\Smart GIF Creator 2007-12-12 01:28 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-12 01:28 --------- d-----w C:\Program Files\Qwest QuickConnect 2007-12-12 01:28 --------- d-----w C:\Program Files\PC-Doctor for Windows 2007-12-12 01:28 --------- d-----w C:\Program Files\MSN Encarta Standard 2007-12-12 01:28 --------- d-----w C:\Program Files\Microsoft Works 2007-12-12 01:28 --------- d-----w C:\Program Files\Easy Internet signup 2007-12-05 00:04 --------- d-----w C:\Program Files\AWS 2007-12-04 03:19 --------- d-----w C:\Program Files\AIM6 2007-12-03 00:58 --------- d-----w C:\Program Files\Kodak 2007-12-03 00:57 --------- d-----w C:\Program Files\Common Files\Kodak 2007-12-02 17:14 --------- d-----w C:\Program Files\Yahoo! 2007-12-02 17:10 --------- d-----w C:\Program Files\MSN Messenger 2007-12-01 00:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-01 00:32 --------- d-----w C:\Program Files\Napster 2007-11-26 17:58 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-26 17:58 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-26 17:58 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-26 17:58 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-26 17:58 --------- d-----w C:\Program Files\Symantec 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-21_13.36.53.18 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-21 19:12:01 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-26 13:21:33 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-21 19:12:01 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-26 13:21:33 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-21 19:12:01 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-26 13:21:33 1,421,312 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-21 19:12:01 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-26 13:21:33 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-21 19:12:01 4,079,616 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-26 13:21:33 4,079,616 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-21 19:12:02 110,592 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-26 13:21:34 110,592 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-20 08:25 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263] "SiSPower"="Rundll32.exe" [2004-08-04 06:00 33280 C:\WINDOWS\system32\rundll32.exe] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472] "PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304] "ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" [ ] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 01:11 771704] "msnappau"="C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe" [ ] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 14:07 69632] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 20:41 196608] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 23:55 155648] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 05:42 176128] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 17:37 229437] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-10-21 00:01:35 45056] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46 282624] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bxsnvqt"= {223BD268-FCD9-40DE-967D-15E21CECCE52} - C:\WINDOWS\bxsnvqt.dll [ ] . Contents of the 'Scheduled Tasks' folder "2008-01-14 00:50:00 C:\WINDOWS\Tasks\EasyShare Registration Task.job" - C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16 "2008-01-20 14:24:41 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Brianna.job" - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-26 07:26:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-26 7:28:25 ComboFix-quarantined-files.txt 2008-01-26 13:28:23 ComboFix2.txt 2008-01-21 19:37:10 . 2008-01-09 13:12:54 --- E O F ---