malware and hiujack this wont run

chrislord · October 15, 2009

hi,

i have a virus that stops malware and hijack this, i have down loded and ran combo fix her is the log

Thanks

chris

ComboFix 09-10-15.01 - chrislord 15/10/2009 21:42.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.564 [GMT 1:00]

Running from: c:\documents and settings\chrislord\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\CHRISL~1\LOCALS~1\Temp\install_flash_player.exe

c:\program files\MalwareRemovalBot

c:\program files\MalwareRemovalBot\MalwareRemovalBot.url

c:\program files\MalwareRemovalBot\vistaCPtasks.xml

c:\recycler\S-1-5-21-85640706-2510883121-2761705237-1009

c:\windows\Installer\11b4b7.msp

c:\windows\Installer\15f5be8.msi

c:\windows\Installer\2293892.msp

c:\windows\Installer\350582.msi

c:\windows\Installer\3894a0.msp

c:\windows\Installer\389502.msp

c:\windows\Installer\39b54e.msp

c:\windows\Installer\39b558.msp

c:\windows\Installer\3f1ca.msi

c:\windows\Installer\5403d1.msp

c:\windows\Installer\5c3d3a.msp

c:\windows\Installer\62e246.msp

c:\windows\Installer\62e2a7.msp

c:\windows\Installer\64568.msi

c:\windows\Installer\7c6dfb2.msp

c:\windows\Installer\874461.msi

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

c:\windows\win32k.sys

C:\xcrashdump.dat

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))

.

2009-10-14 23:17 . 2009-10-14 23:17 -------- d-----w- c:\program files\Trend Micro

2009-10-14 21:21 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-10-14 21:21 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-10-14 21:21 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-10-14 21:21 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-10-14 21:21 . 2009-10-14 21:21 -------- d-----w- c:\program files\Avira

2009-10-14 21:21 . 2009-10-14 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-10-10 09:32 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2009-09-21 14:28 . 2009-10-13 23:28 -------- d-----w- c:\documents and settings\chrislord\Local Settings\Application Data\Temp

2009-09-21 08:55 . 2009-09-21 09:58 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-21 08:55 . 2009-09-21 08:55 -------- d-----w- c:\documents and settings\chrislord\Application Data\SUPERAntiSpyware.com

2009-09-21 08:20 . 2009-09-21 08:20 -------- d-----w- c:\windows\system32\wbem\Repository

2009-09-20 15:17 . 2009-09-21 08:27 -------- d-----w- c:\documents and settings\chrislord\Application Data\GetRightToGo

2009-09-20 10:46 . 2009-09-20 10:46 -------- d-----w- c:\program files\Huawei Modems

2009-09-20 10:45 . 2009-09-20 10:45 -------- d-----w- c:\program files\3 Mobile Broadband

2009-09-20 10:45 . 2009-09-20 10:45 -------- d-----w- c:\documents and settings\chrislord\Application Data\Birdstep Technology

2009-09-20 10:43 . 2009-09-20 10:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Birdstep Technology

2009-09-20 10:06 . 2009-09-20 10:45 -------- d-----w- c:\documents and settings\chrislord\Application Data\MalwareRemovalBot

2009-09-18 09:53 . 2009-09-20 10:45 -------- d-----w- c:\documents and settings\chrislord\Application Data\Birdstep Technology(2)

2009-09-18 09:52 . 2009-09-20 10:45 -------- d-----w- c:\program files\Huawei Modems(2)

2009-09-18 09:51 . 2009-09-20 10:45 -------- d-----w- c:\program files\3 Mobile Broadband(2)

2009-09-17 13:05 . 2009-09-17 13:05 -------- d-----w- c:\program files\XviD

2009-09-17 13:05 . 2006-02-25 13:12 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2009-09-17 13:05 . 2006-02-25 13:09 774144 ----a-w- c:\windows\system32\xvidcore.dll

2009-09-17 12:42 . 2009-09-17 14:22 -------- d-----w- c:\documents and settings\chrislord\Application Data\DivX

2009-09-17 12:24 . 2009-09-17 12:24 -------- d-----w- c:\program files\Full Pack Codecs

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-14 23:12 . 2008-12-08 23:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-10 11:05 . 2007-08-07 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-10-10 09:54 . 2008-08-03 13:06 -------- d-----w- c:\documents and settings\chrislord\Application Data\LimeWire

2009-10-03 16:41 . 2007-08-07 22:02 -------- d-----w- c:\program files\Microsoft SQL Server

2009-10-02 10:00 . 2008-05-14 10:01 -------- d-----w- c:\program files\Lx_cats

2009-09-29 17:51 . 2008-04-29 01:52 -------- d-----w- c:\program files\Launch Manager

2009-09-28 11:43 . 2009-02-07 15:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-09-28 11:43 . 2008-05-05 08:16 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-28 11:43 . 2008-05-05 08:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-09-22 14:04 . 2009-08-17 08:14 -------- d-----w- c:\program files\Common Files\PC Tools

2009-09-22 14:04 . 2009-08-17 08:14 -------- d-----w- c:\program files\Spyware Doctor

2009-09-22 13:32 . 2008-12-12 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-22 13:32 . 2008-12-12 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-22 13:31 . 2009-08-17 08:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-21 11:06 . 2009-09-21 11:06 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat

2009-09-20 10:45 . 2009-04-27 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology

2009-09-20 10:45 . 2007-08-07 21:54 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-18 09:09 . 2008-12-26 10:07 90352 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-17 13:11 . 2008-05-07 09:47 1352 ----a-w- c:\documents and settings\chrislord\Application Data\filterclsid.dat

2009-09-17 12:41 . 2009-09-17 12:41 -------- d-----w- c:\program files\DivX

2009-09-17 12:41 . 2009-09-17 12:41 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-09-15 18:41 . 2009-09-14 22:10 -------- d-----w- c:\documents and settings\chrislord\Application Data\Skype

2009-09-14 22:11 . 2008-06-17 15:11 -------- d-----w- c:\program files\Google

2009-09-14 22:09 . 2009-09-14 22:08 -------- d-----r- c:\program files\Skype

2009-09-14 22:08 . 2009-09-14 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-09-10 13:54 . 2009-08-17 08:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 13:53 . 2009-08-17 08:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-17 09:23 . 2009-08-17 07:51 -------- d-----w- c:\program files\upvnql

2009-08-07 08:48 . 2007-08-07 22:01 90352 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-05 09:01 . 2004-08-05 03:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]

"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]

"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]

"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]

"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]

"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-26 148888]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-28 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-4-29 45056]

Alice Automatic Updates Agent.lnk - c:\program files\T-Mobile\Communication Center\AutoUpdateSrv.exe [2006-9-14 499712]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-09-28 11:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\T-Mobile\\Communication Center\\AutoUpdateSrv.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\CLDMA.exe"=

"c:\\Program Files\\Messenger\\Msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/05/2008 09:16 335240]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/10/2009 22:21 108289]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/02/2009 16:29 297752]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 17:50 30312]

R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [13/07/2009 09:53 10240]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S2 gupdate1ca35881108caf6;Google Update Service (gupdate1ca35881108caf6);c:\program files\Google\Update\GoogleUpdate.exe [14/09/2009 23:09 133104]

S3 GTF32BUS;GT F32 BUS;c:\windows\system32\drivers\gtf32bus.sys [01/09/2005 17:54 32000]

S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [01/09/2005 17:54 7936]

S3 GTSCSER;GT SC SER;c:\windows\system32\drivers\gtscser.sys [29/08/2005 15:45 18944]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14/04/2006 18:07 28933976]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

S3 VC4CB104;USB PC Camera;c:\windows\system32\drivers\VC4CB104.SYS [29/05/2008 16:06 81924]

.

Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 22:09]

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 22:09]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = hxxp://en.uk.acer.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

LSP: bmnet.dll

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKCU-Run-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe

HKLM-Run-eLockMonitor - c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

HKLM-Explorer_Run-oQ3UVivrMJ - c:\documents and settings\All Users\Application Data\pubqbyrw\pudyzcna.exe

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL

Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-15 21:58

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1448)

c:\windows\system32\bmnet.dll

- - - - - - - > 'explorer.exe'(1056)

c:\windows\system32\WININET.dll

c:\windows\system32\MSNCHATHOOK.DLL

c:\windows\system32\sysenv.dll

c:\windows\system32\CryptoAPI.dll

c:\windows\system32\ShowErrMsg.dll

c:\windows\system32\MFC71U.DLL

c:\acer\Empowering Technology\ePower\SysHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\bmwebcfg.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\wbem\unsecapp.exe

c:\docume~1\CHRISL~1\LOCALS~1\temp\RtkBtMnt.exe

.

**************************************************************************

.

Completion time: 2009-10-15 22:04 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-15 21:04

Pre-Run: 3,620,716,544 bytes free

Post-Run: 5,665,239,040 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

279 --- E O F --- 2009-10-01 22:15

sUBs · October 16, 2009

Closing this thread as you're being helped here > http://www.malwarebytes.org/forums/index.p...c=27907&hl=

Sign In

malware and hiujack this wont run

Recommended Posts

chrislord

Link to post

Share on other sites

sUBs

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information