Tech Support Forum - View Single Post - Pop Ups

laughalot · 01-07-2008, 06:50 AM

C:\i386\detoured.dll - 4096 Bytes
C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Document Manager Lite\System32\detoured.dll - 4096 Bytes

ComboFix 08-01-07.4 - lcramer 2008-01-07 8:42:25.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.496 [GMT -5:00]
Running from: C:\Documents and Settings\lcramer\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2007-12-11 08:35 . 2007-12-11 08:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-11 08:35 . 2007-12-11 08:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-10 08:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 17:18 --------- d-----w C:\Program Files\Trend Micro
2007-12-05 16:44 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-05 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-03 21:14 --------- d-----w C:\Documents and Settings\bblakeney\Application Data\Autodesk
2007-11-29 18:40 --------- d-----w C:\Program Files\RealVNC
2007-11-09 16:02 996 ----a-w C:\reg5.reg
2007-11-09 16:02 654 ----a-w C:\reg30.reg
2007-11-09 16:02 6,844 ----a-w C:\reg19.reg
2007-11-09 16:02 6,668 ----a-w C:\reg29.reg
2007-11-09 16:02 572 ----a-w C:\reg28.reg
2007-11-09 16:02 5,068 ----a-w C:\reg20.reg
2007-11-09 16:02 426 ----a-w C:\reg33.reg
2007-11-09 16:02 322 ----a-w C:\reg23.reg
2007-11-09 16:02 314 ----a-w C:\reg43.reg
2007-11-09 16:02 300 ----a-w C:\reg21.reg
2007-11-09 16:02 3,490 ----a-w C:\reg1.reg
2007-11-09 16:02 28,564 ----a-w C:\reg18.reg
2007-11-09 16:02 278 ----a-w C:\reg38.reg
2007-11-09 16:02 276 ----a-w C:\reg32.reg
2007-11-09 16:02 248 ----a-w C:\reg44.reg
2007-11-09 16:02 248 ----a-w C:\reg42.reg
2007-11-09 16:02 248 ----a-w C:\reg41.reg
2007-11-09 16:02 248 ----a-w C:\reg40.reg
2007-11-09 16:02 230 ----a-w C:\reg2.reg
2007-11-09 16:02 212 ----a-w C:\reg39.reg
2007-11-09 16:02 212 ----a-w C:\reg37.reg
2007-11-09 16:02 212 ----a-w C:\reg36.reg
2007-11-09 16:02 212 ----a-w C:\reg35.reg
2007-11-09 16:02 12,480 ----a-w C:\reg27.reg
2007-11-09 16:02 1,294 ----a-w C:\reg34.reg
2007-11-09 15:05 --------- d-----w C:\Program Files\XoftSpySE
2007-11-07 21:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-07 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-11-07 14:26 --------- d-----w C:\Program Files\Google
2007-11-05 19:14 115,712 ----a-w C:\VundoFix.exe
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((( snapshot@2007-12-10_10.19.14.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-12-03 21:11:20 101,419 ----a-w C:\WINDOWS\system32\nvModes.dat
+ 2007-12-19 15:28:16 101,374 ----a-w C:\WINDOWS\system32\nvModes.dat
- 2007-12-10 13:25:39 64,038 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-19 15:30:58 64,038 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-10 13:25:39 403,594 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-19 15:30:58 403,594 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 13:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 15:14 7401472]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 397312 C:\WINDOWS\stsystra.exe]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2007-01-16 21:27 407632]
"nwiz"="nwiz.exe" [2006-01-19 15:14 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-01-19 15:14 73728 C:\WINDOWS\system32\nvhotkey.dll]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 12:26 98304]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-02-20 12:39 839680]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 19:13 176128]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-28 21:31:58]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 09:39:02]
GroupWise Notify.lnk - C:\Novell\GroupWise\Notify.exe [2006-05-12 07:34:00]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 15:35]
R2 MB4-TOMCAT;MB4-TOMCAT;C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe [2001-10-14 10:14]
S1 abpicw2k;AB PIC/AIC+ Driver;C:\WINDOWS\system32\DRIVERS\abpicw2k.sys [2004-06-03 03:08]
S1 VirtualBackplane;A-B Virtual Backplane;C:\WINDOWS\system32\Drivers\VirtualBackplane.sys []
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys [2004-06-03 03:08]
S3 HMI;HMI;C:\WINDOWS\system32\drivers\g3usb.sys [2006-03-07 06:55]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;C:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 10:55]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS [2004-06-03 03:08]
S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS [2004-06-03 03:08]
S3 RSSERIAL;RSLinx Classic Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS [2004-06-03 03:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 08:45:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 8:47:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 13:47:51

01-07-2008, 06:50 AM	#21 (permalink)
laughalot Registered User Join Date: Dec 2007 Posts: 12 OS: XP	Re: Pop Ups - Vundo.GN C:\i386\detoured.dll - 4096 Bytes C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Document Manager Lite\System32\detoured.dll - 4096 Bytes ComboFix 08-01-07.4 - lcramer 2008-01-07 8:42:25.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.496 [GMT -5:00] Running from: C:\Documents and Settings\lcramer\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))) . 2007-12-11 08:35 . 2007-12-11 08:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-11 08:35 . 2007-12-11 08:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-10 08:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 17:18 --------- d-----w C:\Program Files\Trend Micro 2007-12-05 16:44 --------- d-----w C:\Program Files\SpywareBlaster 2007-12-05 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-03 21:14 --------- d-----w C:\Documents and Settings\bblakeney\Application Data\Autodesk 2007-11-29 18:40 --------- d-----w C:\Program Files\RealVNC 2007-11-09 16:02 996 ----a-w C:\reg5.reg 2007-11-09 16:02 654 ----a-w C:\reg30.reg 2007-11-09 16:02 6,844 ----a-w C:\reg19.reg 2007-11-09 16:02 6,668 ----a-w C:\reg29.reg 2007-11-09 16:02 572 ----a-w C:\reg28.reg 2007-11-09 16:02 5,068 ----a-w C:\reg20.reg 2007-11-09 16:02 426 ----a-w C:\reg33.reg 2007-11-09 16:02 322 ----a-w C:\reg23.reg 2007-11-09 16:02 314 ----a-w C:\reg43.reg 2007-11-09 16:02 300 ----a-w C:\reg21.reg 2007-11-09 16:02 3,490 ----a-w C:\reg1.reg 2007-11-09 16:02 28,564 ----a-w C:\reg18.reg 2007-11-09 16:02 278 ----a-w C:\reg38.reg 2007-11-09 16:02 276 ----a-w C:\reg32.reg 2007-11-09 16:02 248 ----a-w C:\reg44.reg 2007-11-09 16:02 248 ----a-w C:\reg42.reg 2007-11-09 16:02 248 ----a-w C:\reg41.reg 2007-11-09 16:02 248 ----a-w C:\reg40.reg 2007-11-09 16:02 230 ----a-w C:\reg2.reg 2007-11-09 16:02 212 ----a-w C:\reg39.reg 2007-11-09 16:02 212 ----a-w C:\reg37.reg 2007-11-09 16:02 212 ----a-w C:\reg36.reg 2007-11-09 16:02 212 ----a-w C:\reg35.reg 2007-11-09 16:02 12,480 ----a-w C:\reg27.reg 2007-11-09 16:02 1,294 ----a-w C:\reg34.reg 2007-11-09 15:05 --------- d-----w C:\Program Files\XoftSpySE 2007-11-07 21:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-07 19:02 --------- d-----w C:\Program Files\Yahoo! 2007-11-07 14:26 --------- d-----w C:\Program Files\Google 2007-11-05 19:14 115,712 ----a-w C:\VundoFix.exe 1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL 1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL 1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL 1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL 1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL 1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL . ((((((((((((((((((((((((((((( snapshot@2007-12-10_10.19.14.25 ))))))))))))))))))))))))))))))))))))))))) . - 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2007-12-03 21:11:20 101,419 ----a-w C:\WINDOWS\system32\nvModes.dat + 2007-12-19 15:28:16 101,374 ----a-w C:\WINDOWS\system32\nvModes.dat - 2007-12-10 13:25:39 64,038 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-19 15:30:58 64,038 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-10 13:25:39 403,594 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-19 15:30:58 403,594 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 13:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24 20480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-19 15:14 7401472] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 397312 C:\WINDOWS\stsystra.exe] "Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2007-01-16 21:27 407632] "nwiz"="nwiz.exe" [2006-01-19 15:14 1519616 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2006-01-19 15:14 73728 C:\WINDOWS\system32\nvhotkey.dll] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152] "Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 12:26 98304] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-02-20 12:39 839680] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 19:13 176128] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-28 21:31:58] EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 09:39:02] GroupWise Notify.lnk - C:\Novell\GroupWise\Notify.exe [2006-05-12 07:34:00] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 15:35] R2 MB4-TOMCAT;MB4-TOMCAT;C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe [2001-10-14 10:14] S1 abpicw2k;AB PIC/AIC+ Driver;C:\WINDOWS\system32\DRIVERS\abpicw2k.sys [2004-06-03 03:08] S1 VirtualBackplane;A-B Virtual Backplane;C:\WINDOWS\system32\Drivers\VirtualBackplane.sys [] S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys [2004-06-03 03:08] S3 HMI;HMI;C:\WINDOWS\system32\drivers\g3usb.sys [2006-03-07 06:55] S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;C:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 10:55] S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS [2004-06-03 03:08] S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS [2004-06-03 03:08] S3 RSSERIAL;RSLinx Classic Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS [2004-06-03 03:08] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 08:45:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-07 8:47:57 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-07 13:47:51