Jump to content

jubei208

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jubei208
    Update: I read a few other threads with the same virus and found one step that worked after all other cleanups I posted. I uninstalled Spybot, then rebooted and ran Malwarebytes again and no virus was found this time and everything is working properly. Thanks.
  2. jubei208
    I ran Malwarebytes, Spybot & Combofix. Everything was removed (.dll, .tmp and registry entries) except one registry autorun entry which keeps coming back after reboot. I recently removed previous Java versions and updated to the latest version. Malware log Malwarebytes' Anti-Malware 1.33 Database version: 1702 Windows 5.1.2600 Service Pack 3 1/28/2009 12:40:11 PM mbam-log-2009-01-28 (12-40-11).txt Scan type: Quick Scan Objects scanned: 62969 Time elapsed: 5 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sivafobibu (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Trend Micro Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:19:21 PM, on 1/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\pcAnywhere\awhost32.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\TEMP\MH751D.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\AOL\1169239142\ee\AOLSoftware.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Protector Suite QL\menusw.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Apoint\Apntex.exe C:\Documents and Settings\sebastian.herald\Desktop\TrendMicro (HiJackThis)(Displays a report of changes and settings to your system).exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Workstation] C:\WINDOWS\system32\svchost.exe -k netsvcs O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1169239142\ee\AOLSoftware.exe O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [biomenu] "C:\Program Files\Protector Suite QL\menusw.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [sivafobibu] Rundll32.exe "C:\WINDOWS\system32\bulilufu.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BlackBerry Desktop Redirector.lnk = C:\Program Files\Blackberry\Redirector.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Blackberry\DesktopMgr.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://192.168.0.11:4343/officescan/consol...ll/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://192.168.0.11:4343/officescan/consol...ll/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://192.168.0.11:4343/officescan/consol...stall/setup.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://192.168.0.11:4343/SMB/console/html/root/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://192.168.0.11:4343/officescan/consol.../RemoveCtrl.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mw...bex/ieatgpc.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- End of file - 16514 bytes ComboFix log ComboFix 09-01-21.04 - sebastian.herald 2009-01-28 10:56:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1506 [GMT -5:00] Running from: c:\documents and settings\sebastian.herald\Desktop\ComboFix.exe FW: Trend Micro Client-Server Security Agent Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\MyWebEx c:\windows\Downloaded Program Files\MyWebEx\419\atarm.dll c:\windows\Downloaded Program Files\MyWebEx\419\atas32.dll c:\windows\Downloaded Program Files\MyWebEx\419\atasanot.exe c:\windows\Downloaded Program Files\MyWebEx\419\atasctrl.dll c:\windows\Downloaded Program Files\MyWebEx\419\atasnt40.dll c:\windows\Downloaded Program Files\MyWebEx\419\atcarmcl.dll c:\windows\Downloaded Program Files\MyWebEx\419\atdl2006.dll c:\windows\Downloaded Program Files\MyWebEx\419\atjpeg60.dll c:\windows\Downloaded Program Files\MyWebEx\419\atkbctl.dll c:\windows\Downloaded Program Files\MyWebEx\419\atlchat.dll c:\windows\Downloaded Program Files\MyWebEx\419\atmemmgr.dll c:\windows\Downloaded Program Files\MyWebEx\419\atnetext.dll c:\windows\Downloaded Program Files\MyWebEx\419\atpack.dll c:\windows\Downloaded Program Files\MyWebEx\419\atres.dll c:\windows\Downloaded Program Files\MyWebEx\419\attp.dll c:\windows\Downloaded Program Files\MyWebEx\419\atwbxui6.dll c:\windows\Downloaded Program Files\MyWebEx\419\h264dec.dll c:\windows\Downloaded Program Files\MyWebEx\419\h264enc.dll c:\windows\Downloaded Program Files\MyWebEx\419\mmssl32.dll c:\windows\Downloaded Program Files\MyWebEx\419\msess.dll c:\windows\Downloaded Program Files\MyWebEx\419\mticket.dll c:\windows\Downloaded Program Files\MyWebEx\419\mutiltpd.dll c:\windows\Downloaded Program Files\MyWebEx\419\mvc.dll c:\windows\Downloaded Program Files\MyWebEx\419\mwm.ini c:\windows\Downloaded Program Files\MyWebEx\419\mwmcliun.exe c:\windows\Downloaded Program Files\MyWebEx\419\mwmproxy.dll c:\windows\Downloaded Program Files\MyWebEx\419\mwmres.dll c:\windows\Downloaded Program Files\MyWebEx\419\mwmupd.exe c:\windows\Downloaded Program Files\MyWebEx\419\raurl.dll c:\windows\Downloaded Program Files\MyWebEx\419\uilibres.dll c:\windows\Downloaded Program Files\MyWebEx\419\wbxcrypt.dll c:\windows\Downloaded Program Files\MyWebEx\419\webexmgr.dll c:\windows\setup.exe c:\windows\system32\awedirem.ini c:\windows\system32\azimasuh.ini c:\windows\system32\balumoke.dll.tmp c:\windows\system32\bamukitu.dll c:\windows\system32\bawuyopu.dll c:\windows\system32\boyimeta.dll c:\windows\system32\bozujeyi.dll c:\windows\system32\bupuyafo.dll c:\windows\system32\efajutiy.ini c:\windows\system32\ezalodot.ini c:\windows\system32\guzuyavu.dll.tmp c:\windows\system32\harupeza.dll c:\windows\system32\hemofape.dll.tmp c:\windows\system32\hilozepi.dll.tmp c:\windows\system32\huhevita.dll c:\windows\system32\jculrv.dll c:\windows\system32\jokigaju.dll c:\windows\system32\lehebofi.dll c:\windows\system32\lojonuda.dll c:\windows\system32\majiriho.dll c:\windows\system32\mebarepo.dll.tmp c:\windows\system32\mirupibe.dll c:\windows\system32\muzupera.dll.tmp c:\windows\system32\nusayuta.dll c:\windows\system32\obewojot.ini c:\windows\system32\pekuveme.dll c:\windows\system32\penoniha.dll c:\windows\system32\puseveni.dll c:\windows\system32\qcmqof.dll c:\windows\system32\rigivika.dll c:\windows\system32\rjmlle.dll c:\windows\system32\sebajuyo.dll c:\windows\system32\seruyone.dll c:\windows\system32\tadezuzu.dll.tmp c:\windows\system32\uritejoz.ini c:\windows\system32\walikahe.dll.tmp c:\windows\system32\wogisewo.dll c:\windows\system32\wolizapa.dll c:\windows\system32\yinazeku.dll.tmp c:\windows\system32\yitofoyi.dll c:\windows\system32\zepulabe.dll c:\windows\system32\zeyoheko.dll.tmp c:\windows\system32\zheebc.dll c:\windows\system32\zotogogo.dll.tmp . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 ))))))))))))))))))))))))))))))) . 2009-01-27 18:04 . 2009-01-27 18:04 250 --a------ c:\windows\gmer.ini 2009-01-26 14:53 . 2009-01-26 14:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-26 14:53 . 2009-01-26 14:53 <DIR> d-------- c:\documents and settings\sebastian.herald\Application Data\Malwarebytes 2009-01-26 14:53 . 2009-01-26 14:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-26 14:53 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-26 14:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-24 07:54 . 2009-01-24 07:54 2,713 ---hs---- c:\windows\system32\jijejamu.exe 2009-01-23 13:08 . 2009-01-23 13:08 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-01-23 13:07 . 2009-01-23 14:51 <DIR> d-------- c:\documents and settings\sebastian.herald\.housecall6.6 2009-01-16 15:48 . 2009-01-16 15:49 <DIR> d-------- C:\8325a5e596a2b4de8108c71f 2009-01-09 14:31 . 2009-01-09 14:31 <DIR> d-------- c:\program files\Common Files\Skype 2009-01-09 14:31 . 2009-01-28 10:35 <DIR> d-------- c:\documents and settings\sebastian.herald\Application Data\Skype 2009-01-05 12:28 . 2009-01-13 10:50 <DIR> d-------- c:\documents and settings\sebastian.herald\Application Data\webex 2008-12-31 14:31 . 2008-12-31 14:31 <DIR> d-------- c:\documents and settings\sebastian.herald\Application Data\ZoomBrowser EX 2008-12-31 14:30 . 2008-12-31 14:30 <DIR> d-------- c:\documents and settings\sebastian.herald\Application Data\CANON INC 2008-12-31 14:30 . 2008-12-31 14:31 <DIR> d-------- c:\documents and settings\sebastian.herald\Application Data\CameraWindowDC 2008-12-31 14:29 . 2008-04-13 20:12 159,232 --a------ c:\windows\system32\ptpusd.dll 2008-12-31 14:29 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2008-12-31 14:29 . 2008-04-13 14:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2008-12-31 14:29 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-12-31 14:23 . 2008-12-31 14:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser 2008-12-31 14:22 . 2008-12-31 14:24 <DIR> d-------- c:\program files\Canon 2008-12-31 14:20 . 2008-12-31 14:20 <DIR> d-------- c:\program files\Common Files\Canon . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-26 13:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-25 02:57 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-09 19:31 --------- d-----w c:\program files\Skype 2009-01-09 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-01-06 14:25 --------- d-----w c:\program files\Blackberry 2008-10-30 15:14 722,176 ----a-w c:\documents and settings\Administrator\gotomypc_428.exe 2007-08-21 17:55 4,312 ----a-w c:\program files\uninstalPFH.log 1601-01-01 00:12 12,288 --sha-w c:\windows\system32\barusaya.dll 2008-09-22 14:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092220080923\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Workstation"="c:\windows\system32\svchost.exe" [2008-04-13 14336] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088] "OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-11-02 372813] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824] "HostManager"="c:\program files\Common Files\AOL\1169239142\ee\AOLSoftware.exe" [2006-04-13 50792] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413] "Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784] "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-11-13 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] BlackBerry Desktop Redirector.lnk - c:\program files\Blackberry\Redirector.exe [2006-09-07 1319024] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568] Desktop Manager.lnk - c:\program files\Blackberry\DesktopMgr.exe [2006-09-07 1114217] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-02-22 21:11 39936 c:\windows\system32\fusstub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli fusstub [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\LMabcoms.exe"= "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"= "c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"= "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"= "c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= "c:\\WINDOWS\\system32\\WgaTray.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-07-22 9216] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-07-22 36352] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-07-22 30080] R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-07-22 71961] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-07-22 226304] R4 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440] R4 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024] R4 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2007-06-12 205328] R4 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [2007-06-12 36368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58fa67e4-a7f9-11db-b060-806d6172696f}] \Shell\AutoRun\command - i:\sony\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d33354d2-9166-11dd-a041-0016fe969d2c}] \Shell\AutoRun\command - f:\wd_windows_tools\setup.exe . Contents of the 'Scheduled Tasks' folder 2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . - - - - ORPHANS REMOVED - - - - BHO-{702c4dcc-b08f-486f-9718-5357964e2559} - (no file) HKLM-Run-Adobe_ID0EYTHM - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE HKLM-Run-sivafobibu - c:\windows\system32\bulilufu.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://192.168.0.11:4343/SMB/console/html/root/AtxEnc.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-28 11:00:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(880) c:\windows\system32\awgina.dll c:\windows\system32\PSLogon.dll c:\program files\Protector Suite QL\vrlogon.dll c:\program files\Protector Suite QL\ExtVapi.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus.dll c:\windows\system32\fusstub.dll c:\windows\system32\biologon.dll c:\program files\Protector Suite QL\homepass.dll c:\program files\Protector Suite QL\passport.dll c:\program files\Protector Suite QL\BhTcAll.dll c:\program files\Protector Suite QL\BhDevTfm.dll c:\program files\Protector Suite QL\AlgVer.dll c:\program files\Protector Suite QL\TCBioLib.dll c:\program files\Protector Suite QL\remote.dll c:\windows\system32\VESWinlogon.dll c:\program files\Protector Suite QL\mysafe.dll - - - - - - - > 'lsass.exe'(936) c:\windows\system32\fusstub.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\pcAnywhere\AWHOST32.EXE c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\program files\Trend Micro\Client Server Security Agent\NTRtScan.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Trend Micro\Client Server Security Agent\TmListen.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\Temp\HU6A8F.EXE c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Apoint\ApntEx.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe c:\windows\system32\dwwin.exe . ************************************************************************** . Completion time: 2009-01-28 11:12:25 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-28 16:12:21 Pre-Run: 44,447,059,968 bytes free Post-Run: 44,485,210,112 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 325 --- E O F --- 2009-01-28 15:23:55
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.