ComboFix 08-05-15.3 - Administrator 2008-05-16 21:05:14.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1292 [GMT 9.5:30] Running from: C:\Users\Administrator\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\ltdkstjr.ini C:\Windows\system32\pqshqyfo.ini C:\Windows\system32\qoMfdbyx.dll C:\Windows\System32\qvhvitui.ini C:\Windows\system32\ryrxkbay.ini C:\Windows\System32\xybdfMoq.ini C:\Windows\System32\xybdfMoq.ini2 C:\Windows\system32\yepovbof.ini . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-16 14:07 . 2008-05-16 14:07 1,410,612 ---hs---- C:\Windows\System32\ltdkstjr.tmp 2008-05-16 14:06 . 2008-05-16 14:06 91,264 --------- C:\Windows\System32\rjtskdtl.dll 2008-05-16 13:00 . 2008-05-16 13:00 d-------- C:\VundoFix Backups 2008-05-16 10:46 . 2008-05-16 10:46 91,264 --a------ C:\Windows\System32\iutivhvq.dll 2008-05-16 10:28 . 2008-05-16 09:32 253,952 --a------ C:\Windows\vbksrofa.dll 2008-05-16 10:28 . 2008-05-16 09:31 237,568 --a------ C:\Windows\mpfanvqg.dll 2008-05-16 10:28 . 2008-05-16 09:32 159,744 --a------ C:\Windows\exnk.exe 2008-05-15 21:53 . 2008-05-15 21:53 d-------- C:\Users\All Users\Trymedia 2008-05-15 21:53 . 2008-05-15 21:53 d-------- C:\PROGRA~2\Trymedia 2008-05-15 21:41 . 2008-05-15 22:56 d-------- C:\Program Files\rFactor 2008-05-09 11:03 . 2008-05-09 11:03 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-05-09 09:59 . 2008-05-09 09:59 1,419,232 --a------ C:\Windows\System32\wdfcoinstaller01005.dll 2008-05-09 09:59 . 2008-05-09 09:59 20,520 --a------ C:\Windows\System32\drivers\ggsemc.sys 2008-05-09 09:59 . 2008-05-09 09:59 13,352 --a------ C:\Windows\System32\drivers\ggflt.sys 2008-05-07 21:20 . 2008-05-08 23:25 54,156 --ah----- C:\Windows\QTFont.qfn 2008-05-07 21:20 . 2008-05-07 21:20 1,409 --a------ C:\Windows\QTFont.for 2008-05-07 19:22 . 2008-05-07 19:22 d-------- C:\Users\All Users\Sony 2008-05-07 19:22 . 2008-05-07 19:22 d-------- C:\Users\Administrator\AppData\Roaming\Sony 2008-05-07 19:22 . 2008-05-07 19:22 d-------- C:\PROGRA~2\Sony 2008-05-07 17:35 . 2008-05-07 17:35 d-------- C:\Users\All Users\BVRP Software 2008-05-07 17:35 . 2008-05-07 17:40 d-------- C:\Program Files\Avanquest update 2008-05-07 17:35 . 2008-05-07 17:35 d-------- C:\PROGRA~2\BVRP Software 2008-05-07 17:14 . 2008-05-09 09:59 d-------- C:\Users\All Users\Sony Ericsson 2008-05-07 17:14 . 2008-05-09 09:58 d-------- C:\Program Files\Sony Ericsson 2008-05-07 17:14 . 2008-05-09 09:59 d-------- C:\PROGRA~2\Sony Ericsson 2008-04-17 14:11 . 2008-04-17 14:11 d-------- C:\Users\All Users\OrbNetworks 2008-04-17 14:11 . 2008-04-17 14:11 d-------- C:\Program Files\Winamp Remote 2008-04-17 14:11 . 2008-04-17 14:11 d-------- C:\PROGRA~2\OrbNetworks 2008-04-17 11:11 . 2008-04-17 11:11 1,160 --a------ C:\Windows\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 11:41 73,362,720 --sha-w C:\Windows\system32\drivers\fidbox.dat 2008-05-16 11:41 --------- d-----w C:\PROGRA~2\Kaspersky Lab 2008-05-16 11:39 985,628 --sha-w C:\Windows\system32\drivers\fidbox.idx 2008-05-16 10:35 --------- d---a-w C:\PROGRA~2\TEMP 2008-05-16 02:18 --------- d-----w C:\Program Files\Spyware Doctor 2008-05-16 01:16 --------- d-----w C:\Program Files\WebSite-Watcher 2008-05-16 00:16 --------- d-----w C:\Users\Administrator\AppData\Roaming\LimeWire 2008-05-15 04:38 19,460 ----a-w C:\Users\Administrator\AppData\Roaming\CTPErrorLog.dat 2008-05-14 11:32 --------- d-----w C:\Program Files\Windows Mail 2008-05-14 11:32 --------- d-----w C:\PROGRA~2\Microsoft Help 2008-05-14 11:24 --------- d-----w C:\Users\Administrator\AppData\Roaming\Azureus 2008-05-08 04:36 --------- d-----w C:\Users\Administrator\AppData\Roaming\dvdcss 2008-05-07 08:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-05 23:52 --------- d-----w C:\Users\Administrator\AppData\Roaming\CTP 2008-04-29 06:12 --------- d-----w C:\Program Files\LimeWire 2008-04-17 12:43 96,645 ----a-w C:\Windows\system32\drivers\klin.dat 2008-04-17 12:43 87,941 ----a-w C:\Windows\system32\drivers\klick.dat 2008-04-17 06:31 --------- d-----w C:\Program Files\Azureus 2008-04-17 05:44 --------- d-----w C:\Program Files\AoA DVD Ripper 2008-04-17 05:43 --------- d-----w C:\Program Files\Right Web Monitor Pro 2008-04-17 05:43 --------- d-----w C:\Program Files\PokerRoom.com 2008-04-17 04:41 --------- d-----w C:\Program Files\Winamp 2008-04-17 04:39 --------- d-----w C:\Users\Administrator\AppData\Roaming\Winamp 2008-04-15 03:48 --------- d-----w C:\Users\Administrator\AppData\Roaming\Talkback 2008-04-11 03:38 --------- d-----w C:\PROGRA~2\Office Genuine Advantage 2008-04-01 01:47 --------- d-----w C:\Program Files\Java 2008-03-24 22:36 --------- d-----w C:\Program Files\Equis 2008-02-22 02:56 44,661 ----a-w C:\Users\Administrator\TVC2603_CRK.zip 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-08-31 23:20 174 --sha-w C:\Program Files\desktop.ini 2006-04-04 17:06 45,728 ----a-w C:\Users\Administrator\TVC2603_CRK.exe 2005-08-30 16:48 5,257,216 ----a-w C:\Users\Administrator\W40k.exe 2008-01-23 00:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-23 00:24 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-23 00:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2007-04-25 00:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat 2007-04-25 00:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007042520070426\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:02 81920] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:24 1232896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-21 23:29 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:37 4390912 C:\Windows\RtHDVCpl.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 19:20 200768] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:10 155648] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-28 00:29 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-28 00:29 8473120] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-28 00:29 81920] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 06:00 33648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-22 12:44 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "mpfanvqg"= {90489911-67EC-46BF-85D8-6FB394A8E046} - C:\Windows\mpfanvqg.dll [2008-05-16 09:31 237568] "vbksrofa"= {469AFC7C-3CEF-496D-A5A3-AFDB89E4D25B} - C:\Windows\vbksrofa.dll [2008-05-16 09:32 253952] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\qoMfdbyx [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:54 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" "MSServer"=rundll32.exe C:\Windows\system32\wvUkKecb.dll,#1 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{865BC150-CFC0-463D-BB64-E45575B3E1AC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{BD88C5A0-F817-4DA6-96B4-61A9CFF3DF0D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{2C71052F-C944-42C8-BF05-7999AB92D2A7}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{475D5563-87E7-4A18-9D8C-1EE536E868BB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{87EE03D1-6EE5-45BB-804A-39D3E4A8E096}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{1F1BC96C-01CD-490A-9A42-0C8142AFE140}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{42B3DDB8-3DD4-48DE-9026-46DB85D5BC8D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{D7DE9625-3D68-4355-96A0-303073628835}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{57CC95C1-E2B6-4480-AB51-45F8065EC256}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{1448DE47-E468-4D78-91E1-453DFF265643}"= UDP:C:\Program Files\Marketmaker\CFD-FX Asia Pacific Client Live\MM5\iiDownloader.exe:Marketmaker Asia Pacific Client Live "{4EA2F443-2C97-448F-9C15-2B0F810665A8}"= TCP:C:\Program Files\Marketmaker\CFD-FX Asia Pacific Client Live\MM5\iiDownloader.exe:Marketmaker Asia Pacific Client Live "{8F4D10AE-7E0C-4ECD-ABBD-27DF21F04E07}"= UDP:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0 "{C8F14D73-3942-4D99-9242-809EB3D38C50}"= TCP:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0 "TCP Query User{58B3AF50-0326-4599-8B8C-1CB224DB7642}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{581911EE-9FC3-4CB0-A982-052919326447}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "{09C2975D-E659-4140-82DA-A05508DECECA}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{FD319690-F5D5-4E92-A793-0D691A6C830D}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{E08DAE36-011D-40F9-8C2A-2869B652C11E}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{224E2F8F-D195-4547-AB80-75AEBAF675E3}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{3F47098A-4AFB-4E63-B677-E1EB130CB391}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{2691D0EB-995A-421E-A6A9-76DF75C1C81D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "TCP Query User{D5283A37-A06D-449E-9E23-69244C8594E8}C:\\program files\\market data ltd\\l2 dealer\\l2dealerapp.exe"= UDP:C:\program files\market data ltd\l2 dealer\l2dealerapp.exe:L2DealerApp "UDP Query User{831E9DEF-34AB-4882-BC8C-0062FBD7C436}C:\\program files\\market data ltd\\l2 dealer\\l2dealerapp.exe"= TCP:C:\program files\market data ltd\l2 dealer\l2dealerapp.exe:L2DealerApp "TCP Query User{95E82028-7E6E-4CE2-98BA-A0904A8DCF9C}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java(TM) Platform SE binary "UDP Query User{A2F26A06-5C0E-4406-BB7E-D3ADB84F2C0B}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java(TM) Platform SE binary "{04A07F6C-6170-454E-81C5-6CF347C1B5DD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{B6BDCD89-B1C3-44B6-806B-630285058EB8}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{17413E74-1099-45FF-867D-F4E811B52890}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{2188F3FD-DF5B-4B64-902E-006B80DEDDE3}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{A0CD430A-52A3-4284-8805-6B8321D2D1C2}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{12476F13-6D5E-44B4-8FF2-129CAFA0D533}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{98ADCC6C-8ECF-4AB7-8FBA-A8E245E6C506}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{6ABFB695-4402-48B1-B33A-5B91D39016B5}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{1DB55908-648E-4B32-AD50-2D42F33FE480}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{04AEB95C-3EEA-4521-935D-4B489915533E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{42C5A013-A5C1-4941-840D-FFB0437075B5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{EC37E9C5-2B12-4684-87B2-BFA9A7F636B0}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "{A97908F4-0768-4A69-9B14-C033D2B97458}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0 "TCP Query User{63B6C68F-A21D-4B7F-B08D-89B93F0A2606}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{35BB4508-AED3-4D0C-9A84-3B8CE4431C65}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-01-25 19:03] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 19:15] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-05-09 09:59] S3 s217bus;Sony Ericsson Device 217 driver (WDM);C:\Windows\system32\DRIVERS\s217bus.sys [2007-11-02 22:52] S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s217mdfl.sys [2007-11-02 22:52] S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s217mdm.sys [2007-11-02 22:52] S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s217mgmt.sys [2007-11-02 22:52] S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS);C:\Windows\system32\DRIVERS\s217nd5.sys [2007-11-02 22:52] S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s217obex.sys [2007-11-02 22:52] S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM);C:\Windows\system32\DRIVERS\s217unic.sys [2007-11-02 22:52] S3 Z;Z;C:\Users\ADMINI~1\AppData\Local\Temp\Z.exe [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{056bbe85-949a-11dc-b190-806e6f6e6963}] \shell\AutoRun\command - D:\AUTORUN.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 21:11:43 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2008-05-16 21:20:26 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2008-05-16 11:50:08 Pre-Run: 127,162,253,312 bytes free Post-Run: 128,283,111,424 bytes free 222 --- E O F --- 2008-05-14 11:33:01