DaniWeb IT Discussion Community - Re: explorer.exe problem~Keeps restarting

Re: explorer.exe problem - Keeps restarting #13 6 Hours Ago | Add to steeko7071's Reputation | Flag Bad Post
Having same issue with explorer.exe. ran combofix, which Temporarily fixes my system, but after another 15 min or so its back to acting up. I deleted all restore points (purposely) because they were all infected. Any ideas on what im missing? Here are combofix, hijack, vundofix logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:27, on 2007-11-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator.AS400.000\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\iifghij.dll
O2 - BHO: (no name) - {6F910420-8761-479E-9085-1569ACC42CA1} - C:\WINDOWS\system32\awvvv.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - Winlogon Notify: iifghij - C:\WINDOWS\SYSTEM32\iifghij.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - cmd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 3672 bytes

ComboFix 07-11-08.1 - James Clark 2007-11-08 23:59:47.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.608 [GMT -5:00]
Running from: C:\Documents and Settings\James Clark\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.ini
.
---- Previous Run -------
.
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\mlljj.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-08 22:06 <DIR> d-------- C:\Documents and Settings\James Clark\Application Data\Webroot
2007-11-08 22:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-08 22:01 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-11-08 22:01 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-08 22:01 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-08 22:01 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-11-08 22:00 <DIR> d-------- C:\Program Files\Webroot
2007-11-08 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-08 22:00 <DIR> d-------- C:\Documents and Settings\Administrator.AS400.000\Application Data\Webroot
2007-11-08 22:00 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-11-08 21:10 164 --a------ C:\install.dat
2007-11-08 20:39 <DIR> d-------- C:\Program Files\Roguescanfix
2007-11-07 18:57 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-11-07 18:57 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-07 18:57 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-11-07 18:57 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-11-07 18:55 <DIR> d-------- C:\Program Files\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 05:09 --------- d-----w C:\Program Files\Windows Defender
2007-11-09 04:41 --------- d-----w C:\Program Files\wxovqxxx
2007-11-07 23:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-07 23:57 --------- d-----w C:\Documents and Settings\James Clark\Application Data\Symantec
2007-11-07 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-07 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-04 06:11 7,467,056 ----a-w C:\spybotsd15.exe
2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-02-16 22:09 23,352 ----a-w C:\Documents and Settings\James Clark\Application Data\GDIPFONTCACHEV1.DAT
2007-02-04 03:25 14,390 ----a-w C:\Program Files\INSTALL.LOG
2005-12-15 20:29 9,070 ----a-w C:\Program Files\Auto-Tune 4 PC VST Read Me.rtf
2005-03-28 19:28 6,461 ----a-w C:\Program Files\AT4 DX Read Me.rtf
2005-03-21 18:33 5,981 ----a-w C:\Program Files\ReadMe DX.txt
2005-03-17 17:20 29,696 ----a-w C:\Program Files\AT4 PC RTAS Read Me.doc
2004-03-16 17:12 594,571 ----a-w C:\Program Files\Auto-Tune4_Manual.pdf
2003-08-25 02:05 339,944 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-11-07_16.06.35.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-01 23:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-11-07 23:57:12 32,768 ----a-r C:\WINDOWS\Installer\{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}\_D904164A6024_4D6A_BD1A_DF13008894B0.exe
+ 2007-11-07 23:57:12 10,134 ----a-r C:\WINDOWS\Installer\{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}\Ghost.exe
+ 2007-11-07 23:57:12 8,478 ----a-r C:\WINDOWS\Installer\{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}\ghostimage.exe
- 2006-10-19 02:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 21:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2006-11-01 23:31:34 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2006-10-19 02:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
- 2006-10-19 02:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2007-10-01 21:24:34 16,184 ----a-w C:\WINDOWS\system32\ssiefr.EXE
- 2006-10-19 02:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-10-01 21:24:36 219,448 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2007-10-01 21:24:36 26,424 ----a-w C:\WINDOWS\system32\wrlzma.dll
+ 2007-11-09 05:12:20 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_1c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-02-04 23:46 36352 --a------ C:\WINDOWS\system32\iifghij.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\iifghij.dll [2007-02-04 23:46 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifghij]
iifghij.dll 2007-02-04 23:46 36352 C:\WINDOWS\system32\iifghij.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\d_kmd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^James Clark^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\James Clark\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU1]
C:\Program Files\Common Files\VCClient\VCClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU2]
C:\Program Files\Common Files\VCClient\VCMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
"C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexPPS.exe]
C:\WINDOWS\system32\lexpps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware12]
"C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 d_kmd;d_kmd;\??\C:\WINDOWS\system32\drivers\d_kmd.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 mapledxp;mapledxp;C:\WINDOWS\system32\drivers\mapledxp.SYS
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys
R2 RVIEG01;VSC Engine;\??\C:\Program Files\Image-Line\FL Studio 6\Plugins\VST\RVIEg01.sys
R2 RVIEGVST;VSC VST Engine;\??\C:\Program Files\Image-Line\FLStudio5\Plugins\VST\RVIEg01VST.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
S2 PLUSBRW;BUSlink USB-Optical Adapter;C:\WINDOWS\system32\DRIVERS\scd1pl.sys
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
S3 mr97310c;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 PLSCSIRW;PLSCSIRW;C:\WINDOWS\system32\DRIVERS\scd0pl.sys
S3 RDID1045;Roland FANTOM-X;C:\WINDOWS\system32\Drivers\RDWM1045.SYS
S3 USBMIDI;UF USB MIDI Driver;C:\WINDOWS\system32\Drivers\Mdusb.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 05:15:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-02-07 00:33:34 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 00:14:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 0:17:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-07 18:04
C:\ComboFix3.txt ... 2007-11-07 16:08
.
--- E O F ---

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 7:59:47 PM 2/6/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:56:01 PM 2/7/2007

Listing files found while scanning....

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 1:50:57 PM 11/7/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

I KNOW ITS LONG..... THANKS FOR THE HELP... CHEERS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:54 PM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\James Clark\Desktop\imabunny.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2826 bytes

ComboFix 07-11-08.1 - James Clark 2007-11-12 18:01:27.16 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.558 [GMT -5:00]
Running from: C:\Documents and Settings\James Clark\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\James Clark\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\install.dat
C:\WINDOWS\system32\iifghij.dll
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.dat
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\iifghij.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
.

2007-11-11 12:47 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-10 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-10 13:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-10 13:48 <DIR> d-------- C:\Documents and Settings\James Clark\Application Data\SUPERAntiSpyware.com
2007-11-09 15:22 <DIR> d-------- C:\Program Files\Real
2007-11-09 01:02 <DIR> d-------- C:\Documents and Settings\Administrator.AS400.000\Application Data\EmuPatchMixDSP
2007-11-08 22:06 <DIR> d-------- C:\Documents and Settings\James Clark\Application Data\Webroot
2007-11-08 22:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-08 22:01 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-11-08 22:01 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-08 22:01 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-08 22:01 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-11-08 22:00 <DIR> d-------- C:\Program Files\Webroot
2007-11-08 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-08 22:00 <DIR> d-------- C:\Documents and Settings\Administrator.AS400.000\Application Data\Webroot
2007-11-08 22:00 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-11-08 20:39 <DIR> d-------- C:\Program Files\Roguescanfix
2007-11-07 18:57 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-11-07 18:57 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-11-07 18:57 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2007-11-07 18:57 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2007-11-07 18:55 <DIR> d-------- C:\Program Files\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 18:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-10 18:16 --------- d-----w C:\Program Files\Lavasoft
2007-11-10 18:16 --------- d-----w C:\Documents and Settings\James Clark\Application Data\Lavasoft
2007-11-09 05:09 --------- d-----w C:\Program Files\Windows Defender
2007-11-07 23:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-07 23:57 --------- d-----w C:\Documents and Settings\James Clark\Application Data\Symantec
2007-11-07 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-07 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-04 06:11 7,467,056 ----a-w C:\spybotsd15.exe
2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-02-16 22:09 23,352 ----a-w C:\Documents and Settings\James Clark\Application Data\GDIPFONTCACHEV1.DAT
2007-02-04 03:25 14,390 ----a-w C:\Program Files\INSTALL.LOG
2005-12-15 20:29 9,070 ----a-w C:\Program Files\Auto-Tune 4 PC VST Read Me.rtf
2005-03-28 19:28 6,461 ----a-w C:\Program Files\AT4 DX Read Me.rtf
2005-03-21 18:33 5,981 ----a-w C:\Program Files\ReadMe DX.txt
2005-03-17 17:20 29,696 ----a-w C:\Program Files\AT4 PC RTAS Read Me.doc
2004-03-16 17:12 594,571 ----a-w C:\Program Files\Auto-Tune4_Manual.pdf
2003-08-25 02:05 339,944 ----a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-11-07_16.06.35.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-01 23:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2007-11-07 23:57:12 32,768 ----a-r C:\WINDOWS\Installer\{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}\_D904164A6024_4D6A_BD1A_DF13008894B0.exe
+ 2007-11-07 23:57:12 10,134 ----a-r C:\WINDOWS\Installer\{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}\Ghost.exe
+ 2007-11-07 23:57:12 8,478 ----a-r C:\WINDOWS\Installer\{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}\ghostimage.exe
+ 2007-11-10 18:48:49 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-10 18:48:49 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-10 18:48:50 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2001-07-14 22:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
- 2006-10-19 02:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 21:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2006-11-01 23:31:34 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2006-10-19 02:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-10-11 19:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
- 2006-10-19 02:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2007-10-01 21:24:34 16,184 ----a-w C:\WINDOWS\system32\ssiefr.EXE
- 2006-10-19 02:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-10-01 21:24:36 219,448 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2007-10-01 21:24:36 26,424 ----a-w C:\WINDOWS\system32\wrlzma.dll
+ 2007-11-12 23:14:36 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^James Clark^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\James Clark\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU1]
C:\Program Files\Common Files\VCClient\VCClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU2]
C:\Program Files\Common Files\VCClient\VCMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
"C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexPPS.exe]
C:\WINDOWS\system32\lexpps.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware12]
"C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"niSvcLoc"=2 (0x2)
"NIDomainService"=2 (0x2)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"GoogleDesktopManager-093007-112848"=3 (0x3)

R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 mapledxp;mapledxp;C:\WINDOWS\system32\drivers\mapledxp.SYS
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys
R2 RVIEG01;VSC Engine;\??\C:\Program Files\Image-Line\FL Studio 6\Plugins\VST\RVIEg01.sys
R2 RVIEGVST;VSC VST Engine;\??\C:\Program Files\Image-Line\FLStudio5\Plugins\VST\RVIEg01VST.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
S2 PLUSBRW;BUSlink USB-Optical Adapter;C:\WINDOWS\system32\DRIVERS\scd1pl.sys
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys
S3 mr97310c;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 PLSCSIRW;PLSCSIRW;C:\WINDOWS\system32\DRIVERS\scd0pl.sys
S3 RDID1045;Roland FANTOM-X;C:\WINDOWS\system32\Drivers\RDWM1045.SYS
S3 USBMIDI;UF USB MIDI Driver;C:\WINDOWS\system32\Drivers\Mdusb.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-12 22:03:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-02-07 00:33:34 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 18:15:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 18:17:16 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-10 18:06
C:\ComboFix3.txt ... 2007-11-10 15:33
.
--- E O F ---

P.S. VUNDO FIX Yielded no results!! NOTHING WAS FOUND

Comments: Ironically, this is the longest that explorer.exe has stayed on...(could have swore that i already tried this method : )