Check on Hijack Log Please

macman

My neighbour's son has managed to screw up his laptop by 'forgetting' to renew his anti-virus subscription. I have got him to run AntiMalwareBytes which has found about 15 spyware programs, and some more with Spybot. Below is the log produced after running these, please could someone advise what might still be there that shouldn't be, and what we should try next, as he is still getitng problems connecting to the net or opening certain programs.
Since getting infected he has installed and run Avira, but by the look of it his original AV (BitDefender) is still installed too.
Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:27, on 08/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Users\RUSSEL~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [lphc9cmj0en31] C:\Windows\system32\lphc9cmj0en31.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RUSSEL~1\AppData\Local\Temp\fccyxxYQ.dll,#1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Russell Kirk\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11881 bytes

Reluctant_spender

Bitdefender is still installed - you only need ONE anti virus product on the computer.

I also see BitTorrent installed - a possible cause of the problems

Also you/they are running an old version of java;

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

1. Download the latest version of Java Runtime Environment (JRE) Version6 and save it to your desktop.
2. Scroll down to where it says "Java Runtime Environment (JRE)6 Update 13...allows end-users to run Java applications".
3. Click the "Download" button to the right.
4. Select your Platform: "Windows".
5. Select your Language: "Multi-Language".
6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
7. Click Continue and the page will refresh.
8. Click on the link to download Windows Offline Installation and save the file to your desktop.
9. Close any programs you may have running - especially your web browser.
10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
12. Click the Remove or Change/Remove button.
13. Follow the onscreen instructions for the Java uninstaller.
14. Repeat as many times as necessary to remove each Java version.
15. Reboot your computer once all Java components are removed.
16. Then from your desktop double-click on jre-6u13-windows-i586-p.exe
17. Follow the on screen instructions to install the latest Java version.

Nothing obvious - do the above and then let us know if there are still problems

macman

Thanks, that was fast. Yes, I already told him to get rid of BitDefender and leave Avira.
BitTorrent noted. teenager = music= file sharing=trouble...
I wondered about Wormradar.com?
Will get him to update Java now and report back.

aliEnRIK

Use the AVG REMOVAL TOOL as there still some running
http://www.avg.com/download-tools

Uninstall BITDEFENDER
Uninstall ASK TOOLBAR

FIX these using hijack ~
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [lphc9cmj0en31] C:\Windows\system32\lphc9cmj0en31.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\RUSSEL~1\AppData\Local\Temp\fccyxxYQ.dll, #1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

Open malwarebytes and goto LOGS and post the last WHOLE log please

Did you use Spybots IMMUNISE feature? If not please do so

Then run COMBOFIX (Follow the simple instructions it gives)
Post the WHOLE log here it creates (Split into sections if need be)

GunJack

mac - it still looks like some remnants of avg on there (wormradar is one of them) as well....best run the 32-bit removal tool here:-

http://www.avg.com/download-tools

...and also the usual {no file} and {file missing} entries to fix in hjt.....

I'm amazed it runs at all with all that acer bloatware on it...I'm sure someone up on acer comps will be able to tell you which can be safely stopped from running on startup which will also help...

GunJack

:doh: RiK, you're psychic, man you know when I'm typing

aliEnRIK

OR

Im just bored

GunJack

I'll b00ger off and play Resi 5 then

macman

RIK: here is the MBAM log as requested, teenager is working on the other stuff and Combofix log, but as you know they don't get out of bed much before mid-day, so not sure how long this will take...

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 6.0.6001 Service Pack 1
07/04/2009 19:24:50
mbam-log-2009-04-07 (19-24-50).txt
Scan type: Quick Scan
Objects scanned: 62819
Time elapsed: 3 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm431859f6 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\402b6a6a (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Russell Kirk\AppData\Local\Temp\~tmpl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Russell Kirk\AppData\Local\Temp\~tmpe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Russell Kirk\AppData\Local\Temp\~tmpg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Russell Kirk\AppData\Local\Temp\~tmpi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Russell Kirk\AppData\Local\Temp\~tmpp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Browntoa

thats showing it's removed a vundo infection , so definately run combofix and then post that log

Malwarebytes has done what it's meant to though

macman

OK guys, here is the Combofix log, he has finished all the other stages you already advised.

ComboFix 09-04-04.01 - Russell Kirk 2009-04-09 13:33:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1013 [GMT 1:00]
Running from: c:\users\Russell Kirk\Documents\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Russell Kirk\AppData\Roaming\.#
c:\windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.
2009-04-09 13:02 . 2009-04-09 13:02 <DIR> d

---

c:\program files\Malwarebytes' Anti-Malware
2009-04-09 13:02 . 2009-04-06 15:32 38,496 --a

---

c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-09 13:02 . 2009-04-06 15:32 15,504 --a

---

c:\windows\System32\drivers\mbam.sys
2009-04-08 19:48 . 2009-04-08 19:48 <DIR> d

---

c:\program files\Trend Micro
2009-04-08 17:28 . 2009-04-08 17:28 0 --a

---

c:\windows\System32\commonpriv.log.lock
2009-04-08 17:26 . 2009-04-08 17:26 23,832 --a

---

c:\windows\System32\drivers\avgfwd6x.sys
2009-04-08 14:12 . 2009-04-09 12:53 <DIR> d

---

c:\users\All Users\Spybot - Search & Destroy
2009-04-08 14:12 . 2009-04-09 12:53 <DIR> d

---

c:\programdata\Spybot - Search & Destroy
2009-04-08 14:12 . 2009-04-09 12:53 <DIR> d

---

c:\program files\Spybot - Search & Destroy
2009-04-07 19:20 . 2009-04-07 19:20 <DIR> d

---

c:\users\Russell Kirk\AppData\Roaming\Malwarebytes
2009-04-07 19:20 . 2009-04-07 19:20 <DIR> d

---

c:\users\All Users\Malwarebytes
2009-04-07 19:20 . 2009-04-07 19:20 <DIR> d

---

c:\programdata\Malwarebytes
2009-04-06 20:06 . 2009-02-13 11:31 55,640 --a

---

c:\windows\System32\drivers\avgntflt.sys
2009-03-29 11:24 . 2009-03-29 11:24 0 --ah

---

c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-27 20:34 . 2009-03-27 20:34 <DIR> d

---

c:\users\Russell Kirk\Program Files
2009-03-27 15:11 . 2009-04-09 11:09 <DIR> d

---

c:\users\Russell Kirk\AppData\Roaming\DNA
2009-03-27 15:11 . 2009-03-27 15:11 <DIR> d

---

c:\program files\DNA
2009-03-11 17:36 . 2009-03-11 17:36 286,944,121 --a

---

c:\windows\MEMORY.DMP
2009-03-11 17:19 . 2009-02-09 04:10 2,033,152 --a

---

c:\windows\System32\win32k.sys
2009-03-11 15:27 . 2008-12-16 04:29 8,147,456 --a

---

c:\windows\System32\wmploc.DLL
2009-03-11 15:27 . 2008-11-27 05:43 268,288 --a

---

c:\windows\System32\schannel.dll
2009-03-11 15:27 . 2008-12-16 06:31 7,680 --a

---

c:\windows\System32\spwmp.dll
2009-03-11 15:27 . 2008-12-16 06:31 4,096 --a

---

c:\windows\System32\msdxm.ocx
2009-03-11 15:27 . 2008-12-16 06:31 4,096 --a

---

c:\windows\System32\dxmasf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 11:58

---

d

---

w c:\programdata\avg8
2009-04-09 10:17

---

d

---

w c:\program files\Common Files\BitDefender
2009-04-07 12:23

---

d

---

w c:\users\Russell Kirk\AppData\Roaming\skypePM
2009-04-06 22:18 764 ----a-w c:\users\Russell Kirk\AppData\Roaming\wklnhst.dat
2009-04-06 03:03

---

d

---

w c:\users\Russell Kirk\AppData\Roaming\Skype
2009-04-05 22:38 81,984 ----a-w c:\windows\System32\bdod.bin
2009-03-29 18:42

---

d

---

w c:\users\Russell Kirk\AppData\Roaming\LimeWire
2009-02-24 14:19

---

d

---

w c:\programdata\Microsoft Help
2009-02-20 00:05

---

d

---

w c:\program files\Google
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-27 15:49 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-09-27 15:49 56 ---ha-w c:\programdata\ezsidmv.dat
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-10-06 17:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-06 17:05 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-06 17:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 --a

---

c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-20 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 c:\windows\RtHDVCpl.exe]
c:\users\Russell Kirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-11-08 376832]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-03-13 535336]
SETAUDIO.EXE [2008-04-04 20480]
SETRES.EXE [2008-04-04 20480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{72123FFE-BB08-48F2-B7AF-257B2DDBCA8D}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{33A26CA1-D20E-48B1-8009-39DBF7D59ADC}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{419F4AE7-FEA0-457C-A110-0CCF57166A2E}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{51AE317D-CA38-483D-AC9E-4BDDE83DDAF8}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{E47BB8AF-CC1C-43AE-A5FF-1F405554A95E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B948D066-090D-4853-B422-CA46B337C418}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4DA41CE6-C4CE-4E04-81AF-E89CA060233B}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{E18B17A2-2D1A-47ED-B80C-52A04B2DBCFC}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{F3035340-19A5-4F29-A094-DA6B05DD58E4}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{7C0F8F2D-276D-4781-8301-48534F54A713}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2082FBC3-895C-4138-B054-1B70DAC70A18}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{69752926-9D17-45F3-A44F-DFB4B689B900}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{346C0A9A-BC49-43AF-933E-CC6109F5A26E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C9359863-FBC0-497E-B50B-8298B44B0CF5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8B1DB6AD-270A-471C-B1DE-311242E644D3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{23284BD6-24AD-450D-8B79-3125F4725B98}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{113E3BDC-7141-4194-917F-870324E54FDA}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C8B949EE-AC28-460D-AD89-E69D009348F9}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{61D83EF3-9675-43DE-82BE-7EC0605E480A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DF6EC7C6-D716-47E0-A7F1-35BB69A72937}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{C5800D63-FF38-4124-BCCD-905890241B77}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"TCP Query User{564C0EB8-AAEF-4805-9AB0-84A15D48B8C4}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{9E51D6AB-A369-4D73-BDEA-F918DFBD09CC}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"{94AFF9B8-C9E0-4F9A-A2A2-0B3960BFFF94}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2F9C4504-05CA-4DC5-9784-FB166B56CFF2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{8A7EE298-83ED-405E-BF6A-3A1D4D8AB714}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BF9724D3-C404-497B-97F9-2CBF7A22C3AC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{53DD62CE-7DFD-4AED-8DCC-1092541CF10D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0F24F718-A861-4B15-A762-6BA662BFC1CE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{8028FE34-BD5D-4419-B64E-72A9AADD3DC4}c:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:c:\program files\thq\dawn of war\w40k.exe:W40K
"UDP Query User{F4059CEB-8401-4832-B19C-B69A4D5CDD80}c:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:c:\program files\thq\dawn of war\w40k.exe:W40K
"TCP Query User{7730648D-AA48-4E1F-8724-B1ED2BC7B00E}c:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:c:\program files\thq\dawn of war\w40k.exe:W40K
"UDP Query User{935A9073-6693-4E72-8230-ECCD4D4DFADB}c:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:c:\program files\thq\dawn of war\w40k.exe:W40K
"TCP Query User{DC104820-DA8C-4C77-8F35-36C7BAE3E7B2}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{4D19C6BE-6C7B-4E4D-B9C2-58B980A60B22}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{E84075E4-A5B0-4108-8196-6B49ABA1E00C}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{1A02F889-8E93-44E7-809D-464C846C62C2}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{CDB8F33A-D9FA-47CE-B10E-D2C0D5FAFAE7}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{21C1CF67-024E-4856-AEDB-04AEF60048C1}c:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{099CBC28-0FB1-4329-B108-BDE091D2A784}c:\\program files\\bullfrog\\dungeon keeper 2\\dkii.exe"= UDP:c:\program files\bullfrog\dungeon keeper 2\dkii.exe:DKII
"UDP Query User{559AECDD-F940-44D3-9B7F-6763C9928FE8}c:\\program files\\bullfrog\\dungeon keeper 2\\dkii.exe"= TCP:c:\program files\bullfrog\dungeon keeper 2\dkii.exe:DKII
"{D6A9597F-57FA-4E50-A652-C428C5AC11B5}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{2FB1DD2C-C391-4D55-AE45-3502B34903DF}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{4E6252A8-484D-4C70-B226-B66CD07DC8D4}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{3FDBD09E-EAF8-420B-8A96-747DD3FD056E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{70494B3E-C129-4CCC-830C-34523A2FD1E2}c:\\users\\russell kirk\\program files\\dna\\btdna.exe"= UDP:c:\users\russell kirk\program files\dna\btdna.exe:btdna.exe
"UDP Query User{7767A7E1-03D5-4621-B5F2-8C6EF0856194}c:\\users\\russell kirk\\program files\\dna\\btdna.exe"= TCP:c:\users\russell kirk\program files\dna\btdna.exe:btdna.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-05-27 01:14:28 41456]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2008-03-13 51200]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2008-03-13 43008]
S1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [2009-04-08 23832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2008-03-13 179712]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitTorrent DNA - c:\users\Russell Kirk\Program Files\DNA\btdna.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eRecoveryService - (no file)

.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Russell Kirk\AppData\Roaming\Mozilla\Firefox\Profiles\5gj1gyrb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Russell Kirk\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 13:35:36
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'Explorer.exe'(2836)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2009-04-09 13:37:57
ComboFix-quarantined-files.txt 2009-04-09 12:37:54
Pre-Run: 60,612,255,744 bytes free
Post-Run: 60,495,876,096 bytes free
206 --- E O F --- 2009-03-14 03:04:02