ComboFix 08-04-20.2 - KC1 2008-04-20 17:21:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.179 [GMT -4:00] Running from: C:\Documents and Settings\KC1\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\KC1\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\d3dxofo.dll . . . . failed to delete . ---- Previous Run ------- . C:\WINDOWS\system32\d3dxofo.dll . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_xjsjcevf -------\Legacy_xjsjcevf -------\xjsjcevf -------\Legacy_XJSJCEVF -------\Service_xjsjcevf ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2100-02-23 14:35 . 2001-02-22 09:54 768 --a--c--- C:\Program Files\x73_lut.dat 2100-02-08 16:03 . 2001-05-11 11:39 53,248 --a--c--- C:\Program Files\ACMonitor_X73.exe 2008-04-20 16:36 . 2008-04-20 16:27 401,720 --a------ C:\Program Files\HiJackThis[1].exe 2008-04-20 09:24 . 2008-04-20 09:24 84 --a------ C:\WINDOWS\system32\ikhcore.cfg 2008-04-20 08:18 . 2008-04-20 08:18 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-20 08:18 . 2008-04-20 08:18 d-------- C:\Documents and Settings\KC1\Application Data\Malwarebytes 2008-04-20 08:18 . 2008-04-20 08:18 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-19 15:52 . 2008-04-19 15:52 d-------- C:\csscod 2008-04-13 08:42 . 2008-04-13 08:42 d-------- C:\Program Files\Windows Installer Clean Up 2008-04-13 08:41 . 2008-04-13 08:41 d-------- C:\Program Files\MSECACHE 2008-04-06 17:55 . 2008-04-06 17:55 d-------- C:\Program Files\Common Files\PC Tools 2008-04-06 17:55 . 2007-12-06 16:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys 2008-04-06 17:55 . 2007-12-06 16:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys 2008-04-06 17:55 . 2008-02-12 11:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys 2008-04-06 17:08 . 2008-04-20 17:38 d-------- C:\Program Files\PC Tools AntiVirus 2008-04-05 20:53 . 2008-04-20 16:19 d-------- C:\Documents and Settings\KC1\Application Data\Desktopicon 2008-04-05 20:52 . 2008-04-05 21:22 d-------- C:\Program Files\Unlocker 2008-04-05 19:48 . 2008-04-13 08:53 d-------- C:\Program Files\Panda Security 2008-04-03 00:18 . 2008-04-03 00:18 d-------- C:\Program Files\Common Files\Mozilla Shared 2008-04-03 00:17 . 2008-04-11 21:05 6,490,880 --a------ C:\WINDOWS\system32\wtzpelos.dat 2008-03-31 21:35 . 2008-03-31 21:35 d-------- C:\Program Files\Enigma Software Group . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 21:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-20 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-20 13:22 --------- d-----w C:\Program Files\LogMeIn 2008-04-20 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-18 12:07 --------- d-----w C:\Program Files\Spyware Doctor 2008-04-17 11:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-13 13:01 --------- d-----w C:\Program Files\Windows Defender 2008-04-13 12:58 --------- d-----w C:\Program Files\AceMoney 2008-04-13 12:55 --------- d-----w C:\Program Files\No Trace 2008-04-06 21:58 --------- d-----w C:\Documents and Settings\KC1\Application Data\PC Tools 2008-04-06 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools 2008-04-06 21:06 --------- d-----w C:\Program Files\METAFILE 2008-04-06 21:04 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-06 21:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-03 23:28 --------- d-----w C:\Program Files\Picasa2 2008-04-03 04:17 20,224 ----a-w C:\WINDOWS\system32\drivers\noaqtndc.dat 2008-04-03 03:18 --------- d-----w C:\Program Files\Norton Security Scan 2008-03-31 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-30 23:50 --------- d-----w C:\Program Files\RegistryFix 2008-03-29 23:50 --------- d-----w C:\Program Files\SpiralFrog 2008-03-25 02:37 --------- d-----w C:\Documents and Settings\KC1\Application Data\IObit 2008-03-25 02:36 --------- d-----w C:\Program Files\IObit 2008-03-13 05:17 --------- d-----w C:\Program Files\PC Check-up 2008-03-12 01:38 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-03-05 16:02 --------- d-----w C:\Program Files\Google 2008-02-23 02:47 --------- d-----w C:\Program Files\iolo 2008-02-23 02:47 --------- d-----w C:\Documents and Settings\KC1\Application Data\iolo 2008-02-23 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo 2008-02-23 02:45 --------- d--h--w C:\Documents and Settings\KC1\Application Data\GTek 2008-02-23 02:45 --------- d--h--w C:\Documents and Settings\All Users\Application Data\GTek 2008-02-23 02:38 43,872 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-02-17 16:46 5,632 -csha-w C:\Program Files\Thumbs.db 2007-11-30 00:05 78,896 -c--a-w C:\Documents and Settings\KC3\Application Data\GDIPFONTCACHEV1.DAT 2007-09-11 03:09 78,896 -c--a-w C:\Documents and Settings\KC2\Application Data\GDIPFONTCACHEV1.DAT 2007-08-30 18:06 842,726 -c--a-w C:\Documents and Settings\KC1\JNativeCpp.dll 2007-08-30 18:06 417,792 -c--a-w C:\Documents and Settings\KC1\UDLL.dll 2007-08-07 02:51 178,122 -c--a-w C:\Program Files\esshopdg.exe 2007-08-07 02:51 150,198 -c--a-w C:\Program Files\shopdesg.hlp 2007-07-06 00:47 27,353 -c--a-w C:\Program Files\DeIsL2.isu 2007-06-15 11:31 78,896 -c--a-w C:\Documents and Settings\KC1\Application Data\GDIPFONTCACHEV1.DAT 2006-01-14 00:24 563,712 -c--a-w C:\Documents and Settings\KC1\370_gotomypc.exe 2004-12-16 01:07 27,624 -c--a-w C:\Program Files\DeIsL1.isu 2003-06-07 01:25 2,448,567 -c--a-w C:\Program Files\4th.zip 2002-09-11 14:26 63,730 -c--a-w C:\Program Files\viewsonicinstruct_xp.pdf 2001-07-26 20:58 47 -c--a-w C:\Program Files\ACMonitor_X73.ini 2001-07-05 16:46 8,116 -c--a-w C:\Program Files\OSLO3071b2.USB 2001-05-08 20:36 114,688 -c--a-w C:\Program Files\lxarscan.dll 2001-04-23 18:22 1,437 -c--a-w C:\Program Files\gtx73.ini 1997-03-14 20:03 3,539,968 -c--a-w C:\Program Files\3dhadl32.exe 1997-03-11 16:52 138,016 -c--a-w C:\Program Files\furnlib.lbf 1997-02-06 13:55 20,224 -c--a-w C:\Program Files\README.WRI 1997-01-29 18:25 9,545 -c--a-w C:\Program Files\SYMBLIB.LBS 1997-01-22 15:49 5,590 -c--a-w C:\Program Files\Profilem.pl1 1997-01-22 15:36 31,937 -c--a-w C:\Program Files\FIXTLIB.LBA 1997-01-20 20:49 59,264 -c--a-w C:\Program Files\ERROR.INT 1997-01-20 20:39 8,131 -c--a-w C:\Program Files\MATERIAL.DAT 1997-01-10 21:05 224,037 -c--a-w C:\Program Files\3DHOME.HLP 1996-11-08 20:14 42,496 -c--a-w C:\Program Files\SPAWNIT.EXE 1996-07-22 05:58 5,775,692 -c--a-w C:\Program Files\VOLUME1.L3F 1996-07-22 03:53 73,935 -c--a-w C:\Program Files\VOLUME1.LBF 1996-05-20 15:01 59,976 -c--a-w C:\Program Files\SAMPLE.PL1 1996-05-20 15:01 50,396 -c--a-w C:\Program Files\SAMPLE.PL2 1996-05-20 15:01 2,224 -c--a-w C:\Program Files\SAMPLE.PL3 1996-05-20 15:01 12,518 -c--a-w C:\Program Files\SAMPLE.PL0 1996-05-14 22:34 30 -c--a-w C:\Program Files\SPAWNIT.INI 1996-05-10 22:11 563,200 -c--a-w C:\Program Files\SS32D25.DLL 1996-05-09 20:47 328 -c--a-w C:\Program Files\3DHOME.CNT 1996-04-12 20:20 39,133 -c--a-w C:\Program Files\TUTORIAL.PL1 1996-04-12 20:20 3,108 -c--a-w C:\Program Files\TUTORIAL.PL3 1996-04-12 20:20 13,774 -c--a-w C:\Program Files\TUTORIAL.PL2 1996-04-12 20:19 5,132 -c--a-w C:\Program Files\PROFILE.PL1 1996-04-10 16:04 5,668 -c--a-w C:\Program Files\TUTORIAL.PL0 1995-11-10 09:10 7,616 -c--a-w C:\Program Files\SUPERPRO.DLL 1994-10-13 16:04 3,575,476 -c--a-w C:\Program Files\FURNLIB.L3F 1994-10-12 06:21 766 -c--a-w C:\Program Files\TIPS.ICO 1994-10-12 00:38 1,002,840 -c--a-w C:\Program Files\FIXTLIB.L3A 1993-08-28 18:19 23,080 -c--a-w C:\Program Files\FIXTOLD.PLB 1993-08-28 18:18 26,742 -c--a-w C:\Program Files\FURNOLD.PLB . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . -c--a-w 49,152 2004-05-25 13:16:56 C:\Program Files\Brother\Brmfl04a\bak\BrStDvPt.exe ------w 49,152 2004-05-25 14:16:56 C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe -c--a-w 185,632 2007-08-17 23:41:00 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe -c--a-r 155,648 2003-10-14 14:22:30 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe -c--a-w 68,856 2007-05-16 02:03:58 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe -c--a-w 132,496 2007-09-25 05:11:35 C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe -c--a-w 63,048 2007-04-17 18:03:50 C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe -c--a-w 40,960 2004-04-14 19:04:12 C:\Program Files\ScanSoft\PaperPort\bak\IndexSearch.exe -c--a-w 57,393 2004-04-14 18:46:50 C:\Program Files\ScanSoft\PaperPort\bak\pptd40nt.exe -c--a-w 163,128 2007-10-15 18:38:38 C:\Program Files\SpiralFrog\bak\Spiralfrog.exe -c--a-w 1,460,560 2007-08-31 21:46:28 C:\Program Files\Spybot - Search & Destroy\bak\TeaTimer.exe --sha-r 2,097,488 2008-01-28 16:43:40 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -c--a-w 1,458,176 2008-01-16 14:43:16 C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe -c--a-w 866,584 2006-11-03 23:20:12 C:\Program Files\Windows Defender\bak\MSASCui.exe ----a-w 866,584 2006-11-03 23:20:12 C:\Program Files\Windows Defender\MSASCui.exe -c--a-w 204,288 2006-10-19 01:05:26 C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe -c--a-w 15,360 2006-02-28 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe ----a-w 15,360 2006-02-28 12:00:00 C:\WINDOWS\system32\ctfmon.exe -c--a-w 143,360 2002-07-17 11:59:48 C:\WINDOWS\system32\bak\igfxtray.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00A67FF0-C935-411F-AF76-2D17DE41F24A}] 2008-04-20 09:30 88064 --a------ C:\WINDOWS\system32\cnxtsdki.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B8D8879-2A87-4236-9B8B-81AEE76C4DAF}] 2008-04-20 17:28 82944 --a------ c:\windows\system32\d3dxofo.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360] "AccountLogon"="C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe" [2003-06-24 22:32 470016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624] "PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37 1238928] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-21 18:23 87352 C:\WINDOWS\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccountLogon] --a--c--- 2003-06-24 22:32 470016 C:\Documents and Settings\All Users\Documents\Account Logon\AccountLogon\AccountLogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a--c--- 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a--c--- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "awhost32"=2 (0x2) "iPod Service"=3 (0x3) "ewido anti-spyware 4.0 guard"=2 (0x2) "WMPNetworkSvc"=2 (0x2) "KodakCCS"=3 (0x3) "gusvc"=2 (0x2) "sdCoreService"=2 (0x2) "sdAuxService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\wjview.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Documents and Settings\\All Users\\Documents\\Blubster.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 $sys$cor;$sys$cor;C:\WINDOWS\system32\Drivers\$sys$cor.sys [2005-07-04 08:52] R0 ytlquzfk;ytlquzfk;C:\WINDOWS\system32\drivers\noaqtndc.dat [] R2 AwcService;Advanced WindowsCare Boost Service;C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe [2008-02-18 22:01] R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 18:09] R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe [2004-10-07 10:42] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55] R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 18:09] R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 22:15] R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27] R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28] S1 $sys$crater;$sys$crater;C:\WINDOWS\system32\$sys$filesystem\crater.sys [2005-07-04 06:51] S3 $sys$lim;$sys$lim;C:\WINDOWS\system32\$sys$filesystem\lim.sys [2005-07-14 05:51] S3 iAimFP8;iAimFP8;C:\WINDOWS\system32\DRIVERS\wADV11nt.sys [2002-07-23 09:01] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04] . Contents of the 'Scheduled Tasks' folder "2008-04-20 21:07:28 C:\WINDOWS\Tasks\AWC AutoCare.job" - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoCare.ex - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\ "2008-04-20 21:36:11 C:\WINDOWS\Tasks\AWC AutoSweep.job" - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AutoSweep.exe "2008-04-20 00:29:26 C:\WINDOWS\Tasks\AWC Update.job" - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\IObitUpdate.ex - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\ "2008-04-14 03:41:00 C:\WINDOWS\Tasks\dfrg.job" - C:\WINDOWS\system32\dfrg.msc "2008-04-20 21:37:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-04-18 19:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 17:37:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ytlquzfk] "ImagePath"="system32\drivers\noaqtndc.dat" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\LogMeIn\x86\ramaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe . ************************************************************************** . Completion time: 2008-04-20 17:48:41 - machine was rebooted [KC1] ComboFix-quarantined-files.txt 2008-04-20 21:48:15 ComboFix2.txt 2008-04-06 15:55:33 Pre-Run: 22,493,925,376 bytes free Post-Run: 22,492,196,864 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 287 --- E O F --- 2008-04-20 14:39:25