Hi!
1)Sorry for the PM and confusion in my previous reply.
2) I have already downloaded SDFix ,extracted and ran SDFix in Safe Mode. save it to your Desktop.
Here are the contents of the Report.txt file :-
SDFix: Version 1.147 Run by Administrator on Tue 02/26/2008 at 09:57 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\K1404F~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\GZUZHB.DLL - Deleted
C:\WINDOWS\SYSTEM32\UPS.DLL - Deleted
C:\WINDOWS\SYSTEM32\MQCIBB.DLL - Deleted
C:\WINDOWS\SYSTEM32\QKTNTV.DLL - Deleted
C:\WINDOWS\SYSTEM32\UZNLRJ.DLL - Deleted
C:\WINDOWS\SYSTEM32\NGLXSB.DLL - Deleted
C:\WINDOWS\SYSTEM32\KPSHTE.DLL - Deleted
C:\WINDOWS\SYSTEM32\NAVCOM01.DLL - Deleted
C:\WINDOWS\SYSTEM32\DDAMTI.DLL - Deleted
C:\WINDOWS\SYSTEM32\TJXCVA.DLL - Deleted
C:\WINDOWS\SYSTEM32\SRECLP.DLL - Deleted
C:\WINDOWS\SYSTEM32\DBJGNZ.DLL - Deleted
C:\WINDOWS\SYSTEM32\EVGWHZ.DLL - Deleted
C:\WINDOWS\SYSTEM32\NAVCOM02.DLL - Deleted
C:\WINDOWS\SYSTEM32\AKVHGC.DLL - Deleted
C:\WINDOWS\SYSTEM32\WSWSLE~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\GVCICT.DLL - Deleted
C:\WINDOWS\SYSTEM32\BBJUBT.DLL - Deleted
C:\WINDOWS\SYSTEM32\DVBBAC~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SQLLIN~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\BUGREP~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\MEDIAD~1.DLL - Deleted
C:\WINDOWS\SYSTEM32\JVVWDZ.DLL - Deleted
C:\WINDOWS\SYSTEM32\TGCZWC.DLL - Deleted
C:\WINDOWS\SYSTEM32\MDVNLE.DLL - Deleted
C:\WINDOWS\SYSTEM32\XQKOYG.DLL - Deleted
C:\WINDOWS\SYSTEM32\JDCZDZ.DLL - Deleted
C:\WINDOWS\SYSTEM32\LWDTYN.DLL - Deleted
C:\WINDOWS\SYSTEM32\BCPLXC.DLL - Deleted
C:\WINDOWS\SYSTEM32\UZQWPW.DLL - Deleted
C:\WINDOWS\SYSTEM32\JHVRTK.DLL - Deleted
C:\WINDOWS\SYSTEM32\XLFRSX.DLL - Deleted
C:\WINDOWS\SYSTEM32\CNFLNB.DLL - Deleted
C:\WINDOWS\SYSTEM32\MZMTUH.DLL - Deleted
C:\WINDOWS\SYSTEM32\QSWPIR.DLL - Deleted
C:\WINDOWS\SYSTEM32\YKVNHG.DLL - Deleted
C:\WINDOWS\SYSTEM32\XEFKDL.DLL - Deleted
C:\WINDOWS\SYSTEM32\HLCOSP.DLL - Deleted
C:\WINDOWS\SYSTEM32\UCWDDY.DLL - Deleted
C:\WINDOWS\SYSTEM32\FQEQRG.DLL - Deleted
C:\WINDOWS\SYSTEM32\JQTQMY.DLL - Deleted
C:\WINDOWS\SYSTEM32\GBMPAO.DLL - Deleted
C:\WINDOWS\SYSTEM32\WKFUND.DLL - Deleted
C:\WINDOWS\SYSTEM32\LSKINI.DLL - Deleted
C:\WINDOWS\SYSTEM32\PDAJUS.DLL - Deleted
C:\WINDOWS\SYSTEM32\WALHFQ.DLL - Deleted
C:\WINDOWS\SYSTEM32\XPHURD.DLL - Deleted
C:\WINDOWS\SYSTEM32\IUODVU.DLL - Deleted
C:\WINDOWS\SYSTEM32\NVPUOW.DLL - Deleted
C:\WINDOWS\SYSTEM32\LMOBLW.DLL - Deleted
C:\WINDOWS\system32\setup_iesuper_20071221.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-26 22:02:25
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
symticr = C:\windows\system32\goo.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 20 Aug 2002 1,511,453 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 29 Aug 2002 91,136 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Sat 16 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 15 Jun 2007 34,304 ...H. --- "C:\Documents and Settings\Administrator\My Documents\~WRL3651.tmp"
Thu 18 Oct 2007 119,808 ...H. --- "C:\Documents and Settings\Administrator\Desktop\~WRL1201.tmp"
Fri 16 Nov 2007 242,176 ...H. --- "C:\Documents and Settings\Administrator\Desktop\~WRL0828.tmp"
Fri 15 Jun 2007 26,624 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL0635.tmp"
Fri 15 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL1698.tmp"
Fri 15 Jun 2007 30,720 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL0745.tmp"
Fri 15 Jun 2007 30,720 ...H. --- "C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\~WRL3450.tmp"
Finished!3)I have already open a notepad, add the quote into it,save the file as CFscript.txt and dragged it to Combo.exe and a report was produced as follows:-
ComboFix 08-02-25.3 - Administrator 2008-02-26 22:08:33.2 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.86 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\Documents and Settings\Administrator\count.dat
C:\Documents and Settings\Administrator\mhsha1.dat
C:\Documents and Settings\Administrator\msgw.dat
C:\WINDOWS\1ee1.dll
C:\WINDOWS\b8e1.exe
C:\WINDOWS\Downlo~1\buyzz.dll
C:\WINDOWS\Downlo~1\xswvm.dll
C:\WINDOWS\inf\MSLogin64.exe
C:\WINDOWS\inf\temp0031.tmp
C:\WINDOWS\system32\1ee1.dll
C:\WINDOWS\system32\6to4.dll
C:\WINDOWS\system32\BugReport01.dll
C:\WINDOWS\system32\cflInfo.nw
C:\WINDOWS\System32\DRIVERS\mevxgk.sys
C:\WINDOWS\System32\DRIVERS\soxi.sys
C:\WINDOWS\system32\drivers\soxi.sys
C:\WINDOWS\System32\drivers\TYKeeper.sys
C:\WINDOWS\system32\DVBBack01.dll
C:\WINDOWS\system32\gicw.exe
C:\windows\system32\goo.exe
C:\WINDOWS\system32\goo.exe
C:\WINDOWS\system32\hsoxig.dll
C:\WINDOWS\system32\mceulu.dll
C:\WINDOWS\system32\MediaDrv01.dll
C:\WINDOWS\system32\msplrc0.dll
C:\WINDOWS\system32\msplrc1.dll
C:\WINDOWS\system32\msplrc2.dll
C:\WINDOWS\system32\msplrc3.dll
C:\WINDOWS\system32\msplrc4.dll
C:\WINDOWS\system32\msplrc5.dll
C:\WINDOWS\system32\NavCOM01.dll
C:\WINDOWS\system32\NavCOM02.dll
C:\WINDOWS\system32\solid.dll
c:\windows\system32\solid.dll
C:\WINDOWS\system32\SQLLink01.dll
C:\WINDOWS\system32\WSWSleak01.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\count.dat
C:\Documents and Settings\Administrator\mhsha1.dat
C:\Documents and Settings\Administrator\msgw.dat
C:\WINDOWS\1ee1.dll
C:\WINDOWS\b8e1.exe
C:\WINDOWS\inf\MSLogin64.exe
C:\WINDOWS\inf\temp0031.tmp
C:\WINDOWS\system32\1ee1.dll
C:\WINDOWS\system32\6to4.dll
C:\WINDOWS\system32\cflInfo.nw
C:\WINDOWS\System32\DRIVERS\mevxgk.sys
C:\WINDOWS\System32\DRIVERS\soxi.sys
C:\WINDOWS\System32\drivers\TYKeeper.sys
C:\WINDOWS\system32\gicw.exe
C:\WINDOWS\system32\goo.exe
C:\WINDOWS\system32\hsoxig.dll
C:\WINDOWS\system32\mceulu.dll
C:\WINDOWS\system32\msplrc0.dll
C:\WINDOWS\system32\msplrc1.dll
C:\WINDOWS\system32\msplrc2.dll
C:\WINDOWS\system32\msplrc3.dll
C:\WINDOWS\system32\msplrc4.dll
C:\WINDOWS\system32\msplrc5.dll
C:\WINDOWS\system32\solid.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_41EE3B64
-------\LEGACY_4IVBCTPV
-------\LEGACY_687FA1A4
-------\LEGACY_EBEF311A
-------\LEGACY_MEVXGK
-------\LEGACY_SOXI
-------\LEGACY_TYKEEPER
-------\LEGACY_ZWDU
-------\41EE3B64
-------\4ivbctpv
-------\687FA1A4
-------\EBEF311A
-------\mevxgk
-------\soxi
-------\TYKeeper
-------\zwdu
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-26 21:56 . 2008-02-26 21:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-26 21:51 . 2008-02-25 15:14 <DIR> d-------- C:\SDFix
2008-02-26 12:35 . 2008-02-26 12:35 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 09:40 34,904 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688}]
C:\Program Files\yok\toolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-28 19:41 13312]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAM Idle"="C:\Program Files\Customizer XP\RAMIdle.exe" [2002-05-01 12:29 104960]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 17:52 128000 C:\WINDOWS\system32\sbusbdll.dll]
"WMC_AutoUpdate"="" []
"symticr"="C:\windows\system32\goo.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2005-12-26 08:20 579072]
"Tlist"="regsvr32 /s abskey.dll" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2005-12-25 16:27 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91976}"= UPS.dll [ ]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2002-08-28 23:16]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\System32\DRIVERS\sbusb.sys [2005-06-10 09:39]
Stop Pending2 MSDCOMClient16;DCOM Service Process Manager;C:\WINDOWS\System32\svchost.exe [2001-08-23 04:00]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MSDCOMClient16
enqe
MSDCOMClient32
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-26 22:14:59
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\devldr32.exe
.
**************************************************************************
.
Completion time: 2008-02-26 22:16:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 14:16:16
ComboFix2.txt 2008-02-26 04:51:16
4)Last but not least , I did another Hijack This Log ,and the contents are as below here:-
ComboFix 08-02-25.3 - Administrator 2008-02-26 22:08:33.2 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.86 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\Documents and Settings\Administrator\count.dat
C:\Documents and Settings\Administrator\mhsha1.dat
C:\Documents and Settings\Administrator\msgw.dat
C:\WINDOWS\1ee1.dll
C:\WINDOWS\b8e1.exe
C:\WINDOWS\Downlo~1\buyzz.dll
C:\WINDOWS\Downlo~1\xswvm.dll
C:\WINDOWS\inf\MSLogin64.exe
C:\WINDOWS\inf\temp0031.tmp
C:\WINDOWS\system32\1ee1.dll
C:\WINDOWS\system32\6to4.dll
C:\WINDOWS\system32\BugReport01.dll
C:\WINDOWS\system32\cflInfo.nw
C:\WINDOWS\System32\DRIVERS\mevxgk.sys
C:\WINDOWS\System32\DRIVERS\soxi.sys
C:\WINDOWS\system32\drivers\soxi.sys
C:\WINDOWS\System32\drivers\TYKeeper.sys
C:\WINDOWS\system32\DVBBack01.dll
C:\WINDOWS\system32\gicw.exe
C:\windows\system32\goo.exe
C:\WINDOWS\system32\goo.exe
C:\WINDOWS\system32\hsoxig.dll
C:\WINDOWS\system32\mceulu.dll
C:\WINDOWS\system32\MediaDrv01.dll
C:\WINDOWS\system32\msplrc0.dll
C:\WINDOWS\system32\msplrc1.dll
C:\WINDOWS\system32\msplrc2.dll
C:\WINDOWS\system32\msplrc3.dll
C:\WINDOWS\system32\msplrc4.dll
C:\WINDOWS\system32\msplrc5.dll
C:\WINDOWS\system32\NavCOM01.dll
C:\WINDOWS\system32\NavCOM02.dll
C:\WINDOWS\system32\solid.dll
c:\windows\system32\solid.dll
C:\WINDOWS\system32\SQLLink01.dll
C:\WINDOWS\system32\WSWSleak01.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\count.dat
C:\Documents and Settings\Administrator\mhsha1.dat
C:\Documents and Settings\Administrator\msgw.dat
C:\WINDOWS\1ee1.dll
C:\WINDOWS\b8e1.exe
C:\WINDOWS\inf\MSLogin64.exe
C:\WINDOWS\inf\temp0031.tmp
C:\WINDOWS\system32\1ee1.dll
C:\WINDOWS\system32\6to4.dll
C:\WINDOWS\system32\cflInfo.nw
C:\WINDOWS\System32\DRIVERS\mevxgk.sys
C:\WINDOWS\System32\DRIVERS\soxi.sys
C:\WINDOWS\System32\drivers\TYKeeper.sys
C:\WINDOWS\system32\gicw.exe
C:\WINDOWS\system32\goo.exe
C:\WINDOWS\system32\hsoxig.dll
C:\WINDOWS\system32\mceulu.dll
C:\WINDOWS\system32\msplrc0.dll
C:\WINDOWS\system32\msplrc1.dll
C:\WINDOWS\system32\msplrc2.dll
C:\WINDOWS\system32\msplrc3.dll
C:\WINDOWS\system32\msplrc4.dll
C:\WINDOWS\system32\msplrc5.dll
C:\WINDOWS\system32\solid.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_41EE3B64
-------\LEGACY_4IVBCTPV
-------\LEGACY_687FA1A4
-------\LEGACY_EBEF311A
-------\LEGACY_MEVXGK
-------\LEGACY_SOXI
-------\LEGACY_TYKEEPER
-------\LEGACY_ZWDU
-------\41EE3B64
-------\4ivbctpv
-------\687FA1A4
-------\EBEF311A
-------\mevxgk
-------\soxi
-------\TYKeeper
-------\zwdu
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-26 21:56 . 2008-02-26 21:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-26 21:51 . 2008-02-25 15:14 <DIR> d-------- C:\SDFix
2008-02-26 12:35 . 2008-02-26 12:35 <DIR> d-------- C:\Program Files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 09:40 34,904 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688}]
C:\Program Files\yok\toolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-28 19:41 13312]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAM Idle"="C:\Program Files\Customizer XP\RAMIdle.exe" [2002-05-01 12:29 104960]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-26 17:52 128000 C:\WINDOWS\system32\sbusbdll.dll]
"WMC_AutoUpdate"="" []
"symticr"="C:\windows\system32\goo.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2005-12-26 08:20 579072]
"Tlist"="regsvr32 /s abskey.dll" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2005-12-25 16:27 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91976}"= UPS.dll [ ]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2002-08-28 23:16]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\System32\DRIVERS\sbusb.sys [2005-06-10 09:39]
Stop Pending2 MSDCOMClient16;DCOM Service Process Manager;C:\WINDOWS\System32\svchost.exe [2001-08-23 04:00]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MSDCOMClient16
enqe
MSDCOMClient32
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-26 22:14:59
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\devldr32.exe
.
**************************************************************************
.
Completion time: 2008-02-26 22:16:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-26 14:16:16
ComboFix2.txt 2008-02-26 04:51:16
Please guide me on my next step. I will be online for at least 3-4 hours after I post this reply. Please feel free to PM if you need to gather any other information .
Thank you
Kuihkociboy