greenalfonzo
2008-06-27, 05:29
I have the "Warning! Spyware detected on your computer!" problem. I followed the fix suggested in another post from to-day. Thank you for you assistance.
ComboFix 08-06-20.4 - Compaq_Owner 2008-06-26 19:00:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.43 [GMT -7:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\Compaq_Owner\Application Data\install.dat
C:\Temp\fse
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\mcrh.tmp
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.
2008-06-26 11:28 . 2008-06-26 11:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-26 11:28 . 2008-06-26 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 11:24 . 2008-06-26 11:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 16:52 . 2008-06-25 16:52 86 --a------ C:\WINDOWS\wininit.ini
2008-06-25 16:13 . 2008-06-25 16:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 16:13 . 2008-06-25 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 08:40 . 2008-06-25 08:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 08:18 . 2008-06-25 08:18 9,722,720 --a------ C:\spybotsd152.exe
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-24 18:22 . 2008-06-24 22:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-23 09:19 . 2008-06-23 09:19 60,928 --a------ C:\WINDOWS\system32\blphcnl4j0etdr.scr
2008-06-23 09:18 . 2008-06-23 09:18 109,056 --a------ C:\WINDOWS\system32\lphcnl4j0etdr.exe
2008-06-23 09:18 . 2008-06-23 09:18 90,838 --a------ C:\WINDOWS\system32\phcnl4j0etdr.bmp
2008-06-11 07:45 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:45 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 02:13 21,885,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-27 02:09 7,487,207 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-27 02:09 294,116 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-26 04:36 21,488 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-06-25 23:55 257,536 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-06-25 18:24 --------- d-----w C:\Program Files\CCleaner
2008-06-24 04:49 1,587,200 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-06-21 01:09 2,000,384 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-05-28 05:16 324,608 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-05-26 16:08 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-05-25 20:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-20 23:04 956,416 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-05-20 15:24 --------- d-----w C:\Program Files\Firefight
2008-05-13 17:31 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\dvdcss
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 00:37 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-02 00:30 --------- d-----w C:\Program Files\01 Com
2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-24 19:03 151,040 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-04-21 02:27 104,960 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-04-17 03:33 189,952 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-04-11 00:12 180,224 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-04-08 23:55 275,968 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-04-01 22:20 71,825 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_01_13_56_43_small.dmp.zip
2008-04-01 21:15 512 ----a-w C:\ScanSectorLog.dat
2007-09-04 15:29 3,551,324 ----a-w C:\Program Files\FirefightSetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{636D50B6-8A11-4671-800D-A86F9D429E21}]
C:\WINDOWS\system32\jkhhh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RDesktop"="C:\PROGRA~1\01COM~1\I'MINT~1\BIN\rdesktop.exe" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 09:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-28 21:44 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-05 13:17 385024]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 14:18 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSMPSVC]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"MSMPSVC"=2 (0x2)
"msfwsvc"=2 (0x2)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
R3 rdsdrvdm;rdsdrvdm;C:\WINDOWS\system32\DRIVERS\rdsdrvdm.sys [2007-03-29 18:15]
S2 RDesktop;RDesktop Server;"C:\PROGRA~1\01COM~1\I'MINT~1\BIN\rdesktop.exe" -service []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 03:30:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 19:10:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
.
**************************************************************************
.
Completion time: 2008-06-26 19:23:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 02:23:23
Pre-Run: 59,294,552,064 bytes free
Post-Run: 59,311,378,432 bytes free
148 --- E O F --- 2008-06-20 17:49:24
ComboFix 08-06-20.4 - Compaq_Owner 2008-06-26 19:00:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.43 [GMT -7:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\Compaq_Owner\Application Data\install.dat
C:\Temp\fse
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\mcrh.tmp
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.
2008-06-26 11:28 . 2008-06-26 11:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-26 11:28 . 2008-06-26 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 11:24 . 2008-06-26 11:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 16:52 . 2008-06-25 16:52 86 --a------ C:\WINDOWS\wininit.ini
2008-06-25 16:13 . 2008-06-25 16:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 16:13 . 2008-06-25 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-25 08:40 . 2008-06-25 08:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 08:18 . 2008-06-25 08:18 9,722,720 --a------ C:\spybotsd152.exe
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-06-24 18:22 . 2005-01-28 21:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-24 18:22 . 2008-06-24 22:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-23 09:19 . 2008-06-23 09:19 60,928 --a------ C:\WINDOWS\system32\blphcnl4j0etdr.scr
2008-06-23 09:18 . 2008-06-23 09:18 109,056 --a------ C:\WINDOWS\system32\lphcnl4j0etdr.exe
2008-06-23 09:18 . 2008-06-23 09:18 90,838 --a------ C:\WINDOWS\system32\phcnl4j0etdr.bmp
2008-06-11 07:45 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:45 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 02:13 21,885,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-27 02:09 7,487,207 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-27 02:09 294,116 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-26 04:36 21,488 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2008-06-25 23:55 257,536 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-06-25 18:24 --------- d-----w C:\Program Files\CCleaner
2008-06-24 04:49 1,587,200 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-06-21 01:09 2,000,384 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-05-28 05:16 324,608 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-05-26 16:08 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-05-25 20:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-20 23:04 956,416 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-05-20 15:24 --------- d-----w C:\Program Files\Firefight
2008-05-13 17:31 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\dvdcss
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 00:37 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-02 00:30 --------- d-----w C:\Program Files\01 Com
2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-24 19:03 151,040 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-04-21 02:27 104,960 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-04-17 03:33 189,952 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-04-11 00:12 180,224 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-04-08 23:55 275,968 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-04-01 22:20 71,825 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_04_01_13_56_43_small.dmp.zip
2008-04-01 21:15 512 ----a-w C:\ScanSectorLog.dat
2007-09-04 15:29 3,551,324 ----a-w C:\Program Files\FirefightSetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{636D50B6-8A11-4671-800D-A86F9D429E21}]
C:\WINDOWS\system32\jkhhh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RDesktop"="C:\PROGRA~1\01COM~1\I'MINT~1\BIN\rdesktop.exe" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 09:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-28 21:44 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-05 13:17 385024]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 14:18 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSMPSVC]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"MSMPSVC"=2 (0x2)
"msfwsvc"=2 (0x2)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
R3 rdsdrvdm;rdsdrvdm;C:\WINDOWS\system32\DRIVERS\rdsdrvdm.sys [2007-03-29 18:15]
S2 RDesktop;RDesktop Server;"C:\PROGRA~1\01COM~1\I'MINT~1\BIN\rdesktop.exe" -service []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7eaf834-7138-11d9-a02f-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 03:30:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 19:10:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
.
**************************************************************************
.
Completion time: 2008-06-26 19:23:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 02:23:23
Pre-Run: 59,294,552,064 bytes free
Post-Run: 59,311,378,432 bytes free
148 --- E O F --- 2008-06-20 17:49:24