ComboFix 09-09-20.04 - Gena 09/21/2009 17:45.1.1 - NTFSx86 Running from: c:\documents and settings\Gena\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\ezejyr.ban c:\documents and settings\All Users\Application Data\gapaditaxe.pif c:\documents and settings\All Users\Application Data\qygowig.vbs c:\documents and settings\All Users\Application Data\uvibadip.bat c:\documents and settings\All Users\Documents\esitusiw.bin c:\documents and settings\All Users\Documents\evunuhos.scr c:\documents and settings\Gena\Application Data\gubu.pif c:\documents and settings\Gena\Application Data\iwadiwubam._dl c:\documents and settings\Gena\Application Data\puwex.com c:\documents and settings\Gena\Cookies\ejuhy.dl c:\documents and settings\Gena\Cookies\exyq.lib c:\documents and settings\Gena\Local Settings\Application Data\ahumupyhug.inf c:\documents and settings\Gena\Local Settings\Application Data\syqyqanyd.dl c:\documents and settings\Gena\Local Settings\Temporary Internet Files\iqusep.exe c:\documents and settings\Gena\Local Settings\Temporary Internet Files\joly.bat c:\documents and settings\Gena\Local Settings\Temporary Internet Files\omehyraxu.dl c:\documents and settings\Gena\Local Settings\Temporary Internet Files\otowodubu.sys c:\documents and settings\Gena\Local Settings\Temporary Internet Files\tisyvacixu.pif c:\documents and settings\Gena\Local Settings\Temporary Internet Files\udywabiv._dl c:\documents and settings\Gena\Local Settings\Temporary Internet Files\ukukis.dl c:\documents and settings\Gena\Local Settings\Temporary Internet Files\urepuru.inf c:\documents and settings\Gena\Local Settings\Temporary Internet Files\zobi.ban c:\program files\AskSearch\bin\DefaultSearch.dll c:\program files\Common Files\hibahag.vbs c:\program files\Common Files\opesyfin.dl c:\program files\Common Files\quwoby.exe c:\program files\Common Files\vifyrase._dl c:\windows\010112010146120114.dat c:\windows\0101120101464849.dat c:\windows\0101120101464850.dat c:\windows\0101120101465353.dat c:\windows\0101120101465453.dat c:\windows\0101120101465553.dat c:\windows\0101120101465749.dat c:\windows\ajipe.reg c:\windows\ejunorudy.ban c:\windows\fevitore.scr c:\windows\icof.scr c:\windows\imim.pif c:\windows\lotywe.vbs c:\windows\monurusaf.vbs c:\windows\osowamif.reg c:\windows\patch.exe c:\windows\prxid93ps.dat c:\windows\system32\AVR09.exe c:\windows\system32\ban_list.txt c:\windows\system32\critical_warning.html c:\windows\system32\drivers\ndisrd.sys c:\windows\system32\ivyb.pif c:\windows\system32\iwozik.exe c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\lowsec\user.ds.lll c:\windows\system32\ndisapi.dll c:\windows\system32\onycazo.ban c:\windows\system32\puxewupylu.bat c:\windows\system32\qilop.bin c:\windows\system32\terrapof32 c:\windows\system32\terrapof32\efwef23.gds c:\windows\system32\terrapof32\g45hged.gdp c:\windows\system32\uceci.dll c:\windows\system32\wijo._dl c:\windows\system32\winhelper.dll c:\windows\system32\winsrc.dll.tmp c:\windows\system32\ypazawur.dll c:\windows\th823567.dat c:\windows\zijuxa.sys c:\windows\zuqaqobuc.ban c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE ((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 ))))))))))))))))))))))))))))))) . 2009-09-21 23:08 . 2009-09-21 23:08 -------- d-----w- c:\documents and settings\Gena\Local Settings\Application Data\LogMeIn 2009-09-21 23:08 . 2009-09-21 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn 2009-09-21 22:59 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\proquota.exe 2009-09-21 22:59 . 2004-08-04 07:56 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-09-21 22:15 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-09-21 18:13 . 2009-09-21 18:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS 2009-09-21 18:12 . 2009-09-05 16:23 28984 ----a-w- c:\windows\system32\LMIport.dll 2009-09-21 18:12 . 2009-09-05 16:23 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2009-09-21 18:12 . 2008-08-11 17:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2009-09-21 18:10 . 2009-09-05 16:23 87352 ----a-w- c:\windows\system32\LMIinit.dll 2009-09-21 18:06 . 2009-09-21 18:13 -------- d-----w- c:\program files\LogMeIn 2009-09-21 17:55 . 2009-09-21 17:59 -------- d-----w- c:\documents and settings\Gena\Local Settings\Application Data\Deployment 2009-09-21 16:10 . 2009-09-21 16:10 -------- d-----w- c:\documents and settings\Gena\Tracing 2009-09-21 16:07 . 2009-07-31 01:01 81736 ----a-w- c:\windows\system32\lmdimon8.dll 2009-09-21 16:07 . 2009-09-21 16:07 -------- d-----w- c:\program files\DIFX 2009-09-21 16:05 . 2009-09-21 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications 2009-09-21 15:44 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-21 15:44 . 2009-09-21 16:07 -------- dc----w- c:\windows\system32\DRVSTORE 2009-09-19 22:23 . 2009-09-19 22:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-19 22:21 . 2009-09-19 22:21 -------- d-----w- c:\program files\Lavasoft 2009-09-19 22:21 . 2009-09-19 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-09 07:52 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-03 16:22 . 2009-09-03 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-09-03 14:04 . 2009-09-03 14:04 -------- d-----w- c:\documents and settings\Gena\Application Data\AVG8 2009-09-01 17:22 . 2009-09-01 17:22 12895 ----a-w- c:\windows\axedibo.com 2009-09-01 17:22 . 2009-09-01 17:22 10762 ----a-w- c:\windows\system32\ylytisil.com 2009-09-01 15:35 . 2009-09-01 15:35 -------- d-----w- c:\program files\Common Files\Uninstall 2009-09-01 15:35 . 2009-09-20 04:51 -------- d-----w- c:\program files\PersonalAV 2009-08-28 12:47 . 2009-08-28 12:47 16350 ----a-w- c:\windows\anuninyb.com 2009-08-28 12:47 . 2009-08-28 12:47 13548 ----a-w- c:\windows\efiwanuw.com . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-21 17:57 . 2003-03-14 16:16 83424 ----a-w- c:\documents and settings\Gena\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-19 22:20 . 2004-04-08 20:25 -------- d-----w- c:\documents and settings\Gena\Application Data\AdobeUM 2009-09-19 22:09 . 2008-07-31 01:01 -------- d-----w- c:\documents and settings\Gena\Application Data\Dealio 2009-09-19 22:04 . 2009-01-27 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-03 16:10 . 2002-09-17 03:56 -------- d-----w- c:\program files\Common Files\Adaptec Shared 2009-08-27 13:08 . 2002-09-24 17:34 -------- d-----w- c:\program files\Common Files\Peach 2009-08-19 14:16 . 2009-01-27 18:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-19 14:16 . 2009-01-27 18:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-19 14:16 . 2009-01-27 18:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-18 19:32 . 2009-08-18 19:32 -------- d-----w- c:\program files\MSBuild 2009-08-18 19:32 . 2009-08-18 19:32 -------- d-----w- c:\program files\Reference Assemblies 2009-08-18 19:21 . 2009-08-18 19:21 -------- d-----w- c:\program files\MSXML 6.0 2009-08-07 16:06 . 2009-08-07 16:06 1 ---h--w- c:\windows\mmsmark2.dat 2009-08-05 09:11 . 2004-05-17 20:28 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-28 19:15 . 2009-07-28 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache 2009-07-17 18:55 . 2004-05-17 19:41 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 07:18 . 2004-08-04 07:56 233472 ------w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2004-08-24 01:32 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2001-08-18 11:00 17408 ------w- c:\windows\system32\corpol.dll 2004-05-17 15:54 . 2004-05-12 14:57 10240 ----a-w- c:\program files\Wsg1.exe 2004-05-17 15:53 . 2003-04-07 14:36 10240 ----a-w- c:\program files\Rmv1.exe 2004-05-17 15:53 . 2004-05-12 14:54 10240 ----a-w- c:\program files\Nns1.exe 2004-05-17 15:53 . 2004-05-12 14:50 10240 ----a-w- c:\program files\Bl1.exe 2004-04-08 20:15 . 2004-04-08 19:48 9143000 ----a-w- c:\program files\AdbeRdr60_enu.exe . ------- Sigcheck ------- [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll [7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\eventlog.dll [7] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll c:\windows\system32\eventlog.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2006-12-25 177664] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-19 2007832] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2004-08-27 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-19 14:16 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-09-05 16:23 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk backup=c:\windows\pss\UPS WorldShip Messaging Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk backup=c:\windows\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Gena^Start Menu^Programs^Startup^PowerReg SchedulerV2.exe] path=c:\documents and settings\Gena\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe backup=c:\windows\pss\PowerReg SchedulerV2.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456] R3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [2005-05-04 323584] R4 LMIRfsClientNP;LMIRfsClientNP; [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-19 335240] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-19 108552] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-19 908056] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-19 297752] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856] S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-08-11 47640] S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [2005-05-04 9150464] . Contents of the 'Scheduled Tasks' folder 2009-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Compare Prices with &Dealio - c:\documents and settings\Gena\Application Data\Dealio\kb124\res\DealioSearch.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-21 18:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(512) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(2096) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\program files\LogMeIn\x86\ramaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\LogMeIn\x86\LMIGuardian.exe . ************************************************************************** . Completion time: 2009-09-21 18:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-21 23:15 Pre-Run: 25,908,908,032 bytes free Post-Run: 26,296,786,944 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 304 --- E O F --- 2009-09-09 21:12