Viral Infection

[mellamopobrede]

Here is the OTMoveIt3 results.

========== FILES ==========
File/Folder C:\Users\poorav\Program Files\DNA not found.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03312009_022313


Here is the HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:58 PM, on 3/28/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Users\poorav\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\poorav\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [yosofosada] Rundll32.exe "C:\ProgramData\divibudi\divibudi.dll",s
O4 - HKCU\..\Run: [CPM8fb688ef] Rundll32.exe "C:\ProgramData\biheseya\biheseya.dll",a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8953 bytes

[Shaba]

That hijackthis log is old one.

Please rescan with hijackthis and post back a fresh hijackthis log, please.

[mellamopobrede]

I can't access HijackThis anymore and i cannot run most of the programs on my computer now. I can't even access task manager and antivir guard keeps popping up with notices that a virus was found. I am not sure what to do at this point.

[Shaba]

What virus is that about which AntiVir warns about?

[mellamopobrede]

Ok i figured out that i have to click on run as administrator to start programs. The virus says TR/Crypt.XPACK.Gen Trojan. Filename is C:\ProgramData\divibudi\divibudi.dll. Here is the HijackThis Logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:14 AM, on 3/30/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Windows Calendar\WinCal.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [yosofosada] Rundll32.exe "C:\ProgramData\divibudi\divibudi.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [8c85bb73] rundll32.exe "C:\ProgramData\kipufase\kipufase.dll",b
O4 - HKCU\..\Run: [CPM8fb688ef] Rundll32.exe "C:\ProgramData\dileloso\dileloso.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9385 bytes

[mellamopobrede]

There are other files too in Program Data but the virus is the same.

[Shaba]

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

[mellamopobrede]

I can't access taskmanager to close avira, or is there some other way to close the program before i run Combofix?

[Shaba]

Then please run combofix in safe mode.

[mellamopobrede]

ComboFix 09-03-30.04 - poorav 2009-03-30 11:16:13.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3071.2670 [GMT -7:00]
Running from: c:\users\poorav\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 07:06 --------- d-----w c:\users\poorav\AppData\Roaming\skypePM
2009-03-31 05:52 --------- d-----w c:\progra~2\Spybot - Search & Destroy
2009-03-31 05:46 --------- d-----w c:\users\poorav\AppData\Roaming\.purple
2009-03-30 23:49 --------- d-----w c:\program files\Avira
2009-03-30 23:49 --------- d-----w c:\progra~2\Avira
2009-03-30 23:08 --------- d-----w c:\progra~2\hetefefi
2009-03-30 21:57 --------- d-----w c:\progra~2\tadezuzu
2009-03-30 21:57 --------- d-----w c:\progra~2\kuyahere
2009-03-30 17:59 --------- d-----w c:\program files\Steam
2009-03-30 12:18 --------- d-----w c:\users\poorav\AppData\Roaming\Skype
2009-03-30 12:13 --------- d-----w c:\progra~2\mesekewi
2009-03-30 12:13 --------- d-----w c:\progra~2\geniguji
2009-03-30 12:13 --------- d-----w c:\progra~2\fudarepe
2009-03-30 12:13 --------- d-----w c:\progra~2\daladato
2009-03-30 12:13 --------- d-----w c:\progra~2\biheseya
2009-03-30 12:13 --------- d-----w c:\progra~2\begepudi
2009-03-30 11:08 --------- d-----w c:\progra~2\wikipuha
2009-03-30 11:08 --------- d-----w c:\progra~2\wehojavi
2009-03-30 09:57 --------- d-----w c:\progra~2\royotago
2009-03-30 09:57 --------- d-----w c:\progra~2\kipufase
2009-03-30 09:57 --------- d-----w c:\progra~2\dileloso
2009-03-30 03:50 --------- d-----w c:\progra~2\zeginizo
2009-03-29 23:08 --------- d-----w c:\progra~2\zihugedu
2009-03-29 23:08 --------- d-----w c:\progra~2\semusoji
2009-03-29 11:08 --------- d-----w c:\progra~2\nipovine
2009-03-28 23:38 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-28 23:21 --------- d-----w c:\program files\Trend Micro
2009-03-28 23:18 --------- d-----w c:\program files\ERUNT
2009-03-28 23:08 --------- d-----w c:\progra~2\zuzisoge
2009-03-28 23:08 --------- d-----w c:\progra~2\zigigeje
2009-03-28 23:07 --------- d-----w c:\program files\Common Files\Steam
2009-03-28 23:02 --------- d-----w c:\progra~2\yopemovi
2009-03-28 23:02 --------- d-----w c:\progra~2\divibudi
2009-03-24 20:35 --------- d-----w c:\users\poorav\AppData\Roaming\Wizards of the Coast
2009-03-24 20:19 --------- d-----w c:\program files\Wizards of the Coast
2009-03-12 14:06 --------- d-----w c:\program files\Windows Mail
2009-03-08 07:07 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 07:07 --------- d-----w c:\program files\Java
2009-03-07 23:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 23:07 --------- d-----w c:\program files\EA GAMES
2009-03-07 23:06 --------- d-----w c:\users\poorav\AppData\Roaming\DAEMON Tools Pro
2009-03-07 23:06 --------- d-----w c:\users\poorav\AppData\Roaming\DAEMON Tools Lite
2009-03-07 23:06 --------- d-----w c:\users\poorav\AppData\Roaming\DAEMON Tools
2009-03-07 23:05 --------- d-----w c:\program files\DAEMON Tools Lite
2009-03-07 23:05 --------- d-----w c:\progra~2\DAEMON Tools Lite
2009-03-07 21:23 --------- d-----w c:\program files\Final Fantasy VII
2009-03-07 21:10 --------- d-----w c:\program files\DAEMON Tools Pro
2009-03-07 21:10 --------- d-----w c:\progra~2\DAEMON Tools Pro
2009-03-07 19:44 --------- d-----w c:\users\poorav\AppData\Roaming\BitTorrent
2009-03-07 19:22 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-04 10:34 --------- d-----w c:\program files\Google
2009-03-03 04:59 --------- d-----w c:\users\poorav\AppData\Roaming\Ventrilo
2009-03-03 04:58 --------- d-----w c:\program files\Ventrilo
2009-03-03 04:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-02 11:00 268,800 ----a-w c:\windows\System32\es.dll
2009-03-02 00:18 --------- d-----w c:\program files\TechSmith
2009-03-02 00:18 --------- d-----w c:\progra~2\TechSmith
2009-03-01 21:31 --------- d-----w c:\users\poorav\AppData\Roaming\OpenOffice.org
2009-03-01 21:29 --------- d-----w c:\program files\OpenOffice.org 3
2009-03-01 21:29 --------- d-----w c:\program files\JRE
2009-03-01 21:28 --------- d-----w c:\program files\Common Files\Java
2009-03-01 11:42 174 --sha-w c:\program files\desktop.ini
2009-03-01 11:38 --------- d-----w c:\program files\Windows Sidebar
2009-03-01 11:33 235,347,230 ----a-w c:\windows\DUMP2f59.tmp
2009-03-01 11:26 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-03-01 11:26 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-03-01 11:26 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-03-01 11:26 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-03-01 11:26 272,896 ----a-w c:\windows\System32\polstore.dll
2009-03-01 11:26 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-03-01 11:26 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-03-01 11:25 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2009-03-01 11:25 67,584 ----a-w c:\windows\System32\wlanhlp.dll
2009-03-01 11:25 542,720 ----a-w c:\windows\System32\sysmain.dll
2009-03-01 11:25 502,784 ----a-w c:\windows\System32\wlansvc.dll
2009-03-01 11:25 47,104 ----a-w c:\windows\System32\wlanapi.dll
2009-03-01 11:25 297,984 ----a-w c:\windows\System32\wlansec.dll
2009-03-01 11:25 290,816 ----a-w c:\windows\System32\wlanmsm.dll
2009-03-01 11:25 258,232 ----a-w c:\windows\system32\drivers\acpi.sys
2009-03-01 11:25 24,064 ----a-w c:\windows\System32\wtsapi32.dll
2009-03-01 11:24 194,560 ----a-w c:\windows\System32\WebClnt.dll
2009-03-01 11:24 110,080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2009-03-01 11:23 826,368 ----a-w c:\windows\System32\wininet.dll
2009-03-01 11:23 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-03-01 11:23 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-01 11:23 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-01 11:21 41,984 ----a-w c:\windows\system32\drivers\monitor.sys
2009-03-01 11:21 297,472 ----a-w c:\windows\System32\gdi32.dll
2009-03-01 11:21 1,060,920 ----a-w c:\windows\system32\drivers\ntfs.sys
2009-03-01 11:20 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-03-01 11:20 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-03-01 11:20 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-03-01 11:20 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-03-01 11:20 211,456 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-03-01 11:20 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-03-01 11:20 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-03-01 11:20 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-03-01 11:20 1,687,040 ----a-w c:\windows\System32\gameux.dll
2009-03-01 11:19 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-03-01 11:18 2,048 ----a-w c:\windows\System32\msxml3r.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-03-01 1232896]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"Steam"="c:\program files\Steam\Steam.exe" [2009-02-28 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"yosofosada"="c:\programdata\divibudi\divibudi.dll" [ 49152]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"8c85bb73"="c:\programdata\kipufase\kipufase.dll" [2009-03-30 80896]
"CPM8fb688ef"="c:\programdata\dileloso\dileloso.dll" [2009-03-30 89088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-05 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-05 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\poorav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-04-30 528384]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-09-01 970752]

c:\users\poorav\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D076A7A1-08FA-481F-852B-D8A1F7DBE501}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{DAE6A1BF-7D4F-4C94-8252-C11FAC5D69D5}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9721F8A4-1E52-4DBF-A093-17BD36DA4F57}"= c:\program files\Acer Zone\Acer Picture Slide DVD\component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{402A78BD-B833-4746-ADA8-DA8DABEDE9EC}"= c:\program files\Acer Zone\Acer Plug and Record\component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{6939BB91-82E4-4F94-B5FC-260713182C88}"= c:\program files\Acer Zone\Acer Plug and Record\component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"TCP Query User{27FC94D8-F2B4-49EA-B098-406A3A211872}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{32A040E6-B494-454B-8293-FDAE2DA5B2FD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{46E42BC4-83D1-4CB2-AD20-CCCD70CD8816}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3883F3D5-EED2-465F-BA9A-9C79FE8CEB8E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{736B2A75-FE28-4DF2-BE8B-6DD37FD77F87}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90CDB597-8A4E-4314-87A9-3A23F68096C4}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{760F9542-CF31-4648-8FC8-240388F2317F}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{68A7CFF5-D5BA-4D5E-AD27-D4A716C3E2DD}c:\\users\\poorav\\downloads\\mtgoiii_helper.exe"= UDP:c:\users\poorav\downloads\mtgoiii_helper.exe:mtgoiii_helper.exe
"UDP Query User{8D81388F-7807-42A5-A43E-1C62D0CB28EF}c:\\users\\poorav\\downloads\\mtgoiii_helper.exe"= TCP:c:\users\poorav\downloads\mtgoiii_helper.exe:mtgoiii_helper.exe
"{FEB32478-6660-448E-8CD4-2662F16D2F3B}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{86C89DFB-A429-40CB-A22F-3D164D0280CB}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{2E4150D8-C065-415A-B20B-E4553C608929}c:\\program files\\steam\\steamapps\\mellamopobrede\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\mellamopobrede\team fortress 2\hl2.exe:hl2
"UDP Query User{F7AFD556-E375-4C92-A590-7C461CFBF164}c:\\program files\\steam\\steamapps\\mellamopobrede\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\mellamopobrede\team fortress 2\hl2.exe:hl2
"TCP Query User{81E20C2A-B455-45F7-A56D-3FD5D31E8759}c:\\users\\poorav\\program files\\dna\\btdna.exe"= UDP:c:\users\poorav\program files\dna\btdna.exe:btdna.exe
"UDP Query User{70F36007-CD5F-4DB3-8290-81EF32A4E282}c:\\users\\poorav\\program files\\dna\\btdna.exe"= TCP:c:\users\poorav\program files\dna\btdna.exe:btdna.exe
"{ECD2CFBB-FC42-462D-8C0F-D0EEE7B875F3}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{C072B82E-C271-4E0F-9E03-4A2499869442}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{A5B093A9-D9B0-4979-88C1-0223C3A9FD36}c:\\program files\\ea games\\american mcgee's alice\\alice (2).exe"= UDP:c:\program files\ea games\american mcgee's alice\alice (2).exe:American McGee's Alice
"UDP Query User{39F0AD6D-FA44-404C-81E3-B58EA0755F32}c:\\program files\\ea games\\american mcgee's alice\\alice (2).exe"= TCP:c:\program files\ea games\american mcgee's alice\alice (2).exe:American McGee's Alice
"TCP Query User{C1AFC245-4225-4ED0-891C-91DFE47C18C8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BF025AD5-17DC-4816-ABB3-FCAC1C10B58B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-30 108289]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\System32\MLPTDR_Q.SYS [2004-11-19 18848]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [2007-09-03 80744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
*Deregistered* - sptd
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
FF - ProfilePath - c:\users\poorav\AppData\Roaming\Mozilla\Firefox\Profiles\p7oikctv.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 11:41:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-30 11:42:32
ComboFix-quarantined-files.txt 2009-03-30 18:42:31

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 66,560,946,176 bytes free

229 --- E O F --- 2009-03-31 05:37:40