this is really screwed up

Unknown

and noone I know has ever heard anything like it...

I had this virus, Java/ByteVerify, also Obfustat.RFY

I dont think I was able to completely eliminate them, and the weird thing is my ctrl-alt-del has been disabled, as well as my desktop properties, supposedly by the administrator, but that would be me.

I also have something annoying that keeps popping up asking me to download a fake spyware remover thing, AVG apparently didnt remove this either.

chiaz

Hello.

1) Please download HijackThis and save it to your desktop. Do not run it yet.
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe


2) Next download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Shazane

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

192.168.200.3 download.microsoft.com
192.168.200.3 downloads.microsoft.com
192.168.200.3 go.microsoft.com
192.168.200.3 microsoft.com
192.168.200.3 msdn.microsoft.com
192.168.200.3 office.microsoft.com
192.168.200.3 support.microsoft.com
192.168.200.3 windowsupdate.microsoft.com
192.168.200.3 www.microsoft.com
192.168.200.3 pandasoftware.com
192.168.200.3 www.pandasoftware.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\svhjdsah.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\printer.exe FOUND !
C:\WINDOWS\system32\vtr???.dll FOUND !
C:\WINDOWS\system32\WinAvXX.exe FOUND !
C:\WINDOWS\system32\zlbw.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Shazane.Zantinir


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Shazane.Zantinir\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\SHAZAN~1.ZAN\STARTM~1\Programs\SiteEnt ry FOUND !
C:\DOCUME~1\SHAZAN~1.ZAN\STARTM~1\Programs\Startup \system.exe FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\aut orun.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SHAZAN~1.ZAN\FAVORI~1

C:\DOCUME~1\SHAZAN~1.ZAN\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly"

[HKEY_CLASSES_ROOT\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32]
@="C:\WINDOWS\system32\tczij.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8aa7a4d 2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32]
@="C:\WINDOWS\system32\tczij.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\sulimo. dat"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.65.90.202

HKLM\SYSTEM\CCS\Services\Tcpip\..\{75ABB3A5-E186-485E-A3F2-8A59AA504FC3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{75ABB3A5-E186-485E-A3F2-8A59AA504FC3}: NameServer=192.65.90.202
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7D54B88A-9A55-495A-9A12-F0BCF76829E8}: NameServer=192.65.90.202
HKLM\SYSTEM\CS1\Services\Tcpip\..\{75ABB3A5-E186-485E-A3F2-8A59AA504FC3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{75ABB3A5-E186-485E-A3F2-8A59AA504FC3}: NameServer=192.65.90.202
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7D54B88A-9A55-495A-9A12-F0BCF76829E8}: NameServer=192.65.90.202
HKLM\SYSTEM\CS3\Services\Tcpip\..\{75ABB3A5-E186-485E-A3F2-8A59AA504FC3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{75ABB3A5-E186-485E-A3F2-8A59AA504FC3}: NameServer=192.65.90.202
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7D54B88A-9A55-495A-9A12-F0BCF76829E8}: NameServer=192.65.90.202
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

chiaz

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Shazane

ok... I can't clean the registry because this action is also forbidden by the "administrator"

Though, it did get rid of the annoying spyware. I didnt get a report because once it discovered that it couldn't do anything with the registry all it did was keep bringing that error back up and I had to restart to end the loop.

chiaz

Did you boot into Safe Mode before trying what I posted above?

Shazane

Yes I did, I followed your instructions precisely.

chiaz

OK...we'll try another tool instead. Let's hope this works.

1) Please download Malwarebytes' RogueRemover Free.
2) Install it and start it up.
3) Press Check for Updates
4) It will tell you that there is a newer version of the database. Press Download
5) Go back to the main screen and press Scan
6) Remove all objects found.
7) Tell us if it found anything at all.

Shazane

One problem after another... it won't run because apparently I lack MSVBVM60.dll, and I cant find that on its own.

chiaz

Try this instead.
http://icrontic.com/forum/showthread.php?t=55039

Shazane

It's defeated!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Thank you so much, and sorry for breaking the rules.

Here's my report:



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\system.exe
C:\Program Files\Common Files\{30409~1
C:\Program Files\Common Files\{70409~1
C:\Program Files\inetget2
C:\Program Files\pedevice
C:\Program Files\pedevice\communication.xml
C:\Program Files\pedevice\Domain.Watchlist.txt
C:\Program Files\pedevice\pae-options.xml
C:\Program Files\pedevice\pae_url.xml
C:\Program Files\pedevice\PeDev.exe
C:\Program Files\pedevice\pedevPS.dll
C:\Program Files\pedevice\search.watchlist.txt
C:\Program Files\pedevice\statistic.xml
C:\Program Files\pedevice\tmp\tmp.html
C:\Program Files\pedevice\watchlist.xml
C:\Program Files\winupdates
C:\WINDOWS\b.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

---

\Driver


((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-06 23:15 51,200 --a

---

C:\WINDOWS\NirCmd.exe
2007-10-06 17:03 <DIR> d

---

C:\Program Files\RogueRemover FREE
2007-10-06 00:54 <DIR> d

---

C:\Documents and Settings\Administrator\WINDOWS
2007-10-06 00:54 <DIR> d

---

C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-06 00:54 <DIR> d

---

C:\Documents and Settings\Administrator\Application Data\SampleView
2007-10-06 00:54 <DIR> d

---

C:\Documents and Settings\Administrator\Application Data\Real
2007-10-06 00:54 <DIR> d

---

C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-10-05 17:22 53,248 --a

---

C:\WINDOWS\system32\Process.exe
2007-10-05 17:22 51,200 --a

---

C:\WINDOWS\system32\dumphive.exe
2007-10-05 17:22 289,144 --a

---

C:\WINDOWS\system32\VCCLSID.exe
2007-10-05 17:22 288,417 --a

---

C:\WINDOWS\system32\SrchSTS.exe
2007-10-05 17:22 25,088 --a

---

C:\WINDOWS\system32\WS2Fix.exe
2007-10-03 16:07 4,754 --a

---

C:\WINDOWS\system32\tmp.reg
2007-09-30 10:28 <DIR> d

---

C:\Program Files\Renoise 1.8.0b1
2007-09-21 19:07 <DIR> d

---

C:\Python25
2007-09-20 17:15 <DIR> d

---

C:\Program Files\SEGA
2007-09-17 17:32 <DIR> d

---

C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-09-17 17:21 2,463,976 --a

---

C:\WINDOWS\system32\NPSWF32.dll
2007-09-17 17:21 190,696 --a

---

C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-09-17 17:20 <DIR> d

---

C:\Program Files\Bonjour
2007-09-17 17:11 <DIR> d

---

C:\Program Files\Common Files\Macrovision Shared
2007-09-09 10:01 685,816 --a

---

C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 23:04

---

d

---

C:\Documents and Settings\Shazane.Zantinir\Application Data\foobar2000
2007-10-06 18:52

---

d

---

C:\Program Files\Zoom Player
2007-10-05 22:47

---

d

---

C:\Program Files\Soulseek
2007-10-04 22:48

---

d

---

C:\Program Files\AltoMP3 Gold
2007-10-03 19:26

---

d

---

C:\Documents and Settings\Shazane.Zantinir\Application Data\REAPER
2007-10-03 19:23

---

d

---

C:\Program Files\REAPER
2007-10-02 16:41 3888 --a

---

C:\WINDOWS\viassary-hp.reg
2007-09-23 09:18

---

d

---

C:\Program Files\OpenSource Flash Video Splitter
2007-09-23 09:10

---

d

---

C:\Program Files\Microsoft Games
2007-09-04 16:39

---

d

---

C:\Documents and Settings\Shazane.Zantinir\Application Data\Renoise
2007-09-02 00:13 0 -ra

---

C:\logwmemory.bin
2007-09-02 00:10

---

d

---

C:\Documents and Settings\Shazane.Zantinir\Application Data\Soldat
2007-08-28 16:25

---

d

---

C:\Program Files\Trillian
2007-08-25 18:34

---

d

---

C:\Program Files\Ares
2007-08-16 18:09

---

d

---

C:\Program Files\MySpace
2007-08-16 18:09

---

d

---

C:\Documents and Settings\Shazane.Zantinir\Application Data\Yahoo!
2007-08-16 18:09

---

d

---

C:\Documents and Settings\All Users\Application Data\yahoo!
2007-08-13 19:40

---

d

---

C:\Program Files\FLVPlayer
2007-08-13 17:05

---

d

---

C:\Documents and Settings\Shazane.Zantinir\Application Data\MySpace
2007-02-20 04:27 32768 --a

---

C:\Documents and Settings\Shazane.Zantinir\dispwd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-03 21:43]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-10 11:04]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-04-21 21:28]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43]
"VTTimer"="VTTimer.exe" []
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 23:13]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 21:58 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 04:05 C:\WINDOWS\ALCWZRD.EXE]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 13:55]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 11:46]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 17:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 17:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 17:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 17:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 10:49]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-10 11:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:00]
"areslite"="C:\Program Files\Ares Lite Edition\AresLite.exe" []
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 17:54]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Compaq Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2004-08-10 11:42:58]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-01-29 17:33:41]

C:\Documents and Settings\Shazane.Zantinir\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2005-02-23 01:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\sulimo.dat

S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3440bd23-6ecd-11dc-bf86-00112f7dbb74}]
AutoRun\command- K:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 17:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-07 03:44:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 23:43:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-06 23:45:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-06 23:45
.
--- E O F ---