Jump to content

Unexplained zero byte files in Windows temp directory


Recommended Posts

I have an unusual situation. I recently noticed that for the past month my C:\WINDOWS|TEMP directory has been getting new zero-byte files with random names, but somewhat incremental extensions: .30, .31, .32, .33 ... .3t, .3u, .3v and then it starts again with .40, over and over again. I had over 64,000 zero byte files in my TEMP directory when I noticed it.

I ran ComboFix and have pasted the log below. I have narrowed it down to a process called M86 Authenticator (authenticat_s.exe). When I stop the process, the files stop being added, but I am wondering what the process is.

Can anyone help me?

ComboFix Log:

ComboFix 10-10-18.01 - lbryant 10/18/2010 18:14:26.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2003.1006 [GMT -5:00]

Running from: c:\users\lbryant\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\Fonts\usps4cb.ttf

c:\windows\system32\drivers\npf.sys

c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll

----- BITS: Possible infected sites -----

hxxp://s050smssec01.na.ipaper.com:80

.

((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))

.

2010-10-18 15:49 . 2010-10-18 16:41 -------- d-----w- c:\users\lbryant\AppData\Roaming\gtk-2.0

2010-10-18 15:49 . 2010-10-18 15:49 -------- d-----w- c:\users\lbryant\.thumbnails

2010-10-18 15:45 . 2010-10-18 16:41 -------- d-----w- c:\users\lbryant\.gimp-2.6

2010-10-18 15:44 . 2010-10-18 15:44 -------- d-----w- c:\program files\GIMP-2.0

2010-10-16 15:14 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-10-16 15:14 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-10-16 15:14 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2010-10-16 15:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-10-16 15:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-10-16 15:12 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-16 15:12 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll

2010-10-16 15:12 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-10-16 15:12 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-10-16 15:12 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2010-10-16 15:10 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll

2010-10-16 15:10 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll

2010-09-28 16:08 . 2010-09-28 16:08 -------- d-----w- c:\program files\SequoiaView

2010-09-20 01:10 . 1999-12-17 14:13 86016 ----a-w- c:\windows\unvise32.exe

2010-09-20 01:09 . 2002-06-27 08:51 33792 ----a-w- c:\windows\system32\LXASUSCI.EXE

2010-09-20 01:09 . 2002-06-27 08:47 4672 ----a-w- c:\windows\system32\LXASUSCI.DLL

2010-09-20 01:09 . 2010-09-20 16:46 -------- d-----w- c:\program files\LexmarkX83

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\lbryant\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-02 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-13 115560]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-12-17 5160288]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-31 458844]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-10-02 4685824]

"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-08-14 562456]

"WatcherHelper"="c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-08-14 62744]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 166936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\users\lbryant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-5-26 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 3 (0x3)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableInstallerDetection"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideShutdownScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisallowCpl"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoHardwareTab"= 1 (0x1)

"ForceStartMenuLogOff"= 1 (0x1)

"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-33692873-1312185598-736107824-2237\Scripts\Logon\0\0]

"Script"=ippage.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]

R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]

R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-01 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\aestsrv.exe [2009-03-02 81920]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\Notes\nsd.exe [2009-09-29 3397000]

S2 M86_Auth;M86 Security Authenticator;c:\program files\M86 Security\Authenticator\Authenticat_s.exe [2010-07-22 322048]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-01 102448]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33692873-1312185598-736107824-2237Core.job

- c:\users\lbryant\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 00:20]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-33692873-1312185598-736107824-2237UA.job

- c:\users\lbryant\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 00:20]

.

.

------- Supplementary Scan -------

.

uStart Page = ipnet.ipaper.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: airgas.com

Trusted Zone: amforem.com\logon

Trusted Zone: ariba.com

Trusted Zone: arifleet.com

Trusted Zone: bcdtravel.com

Trusted Zone: bek.com\pw

Trusted Zone: bek.com\secure

Trusted Zone: bna.com

Trusted Zone: bravosolution.com\xe

Trusted Zone: buzone.com\www

Trusted Zone: cch.com

Trusted Zone: cexp.com

Trusted Zone: cicnet

Trusted Zone: cissltd.com

Trusted Zone: claritynet.com

Trusted Zone: com.mx\*.bancanetempresarial.banamex

Trusted Zone: compensationstandards.com\www

Trusted Zone: concursolutions.com

Trusted Zone: covisint.com\www

Trusted Zone: cynops.com

Trusted Zone: distributioninvoicing.com

Trusted Zone: easternconnection.com

Trusted Zone: elcompanies.com

Trusted Zone: elcompanies.coml

Trusted Zone: emptoris.com

Trusted Zone: facdn.com

Trusted Zone: fastenal.com

Trusted Zone: fieont13

Trusted Zone: fiservhealthservices.com

Trusted Zone: fishersci.com

Trusted Zone: fxpress.com\treasury

Trusted Zone: gkservices.com\*.gkadvantage

Trusted Zone: grainger.com

Trusted Zone: gwrr.com\webmail

Trusted Zone: hp.com

Trusted Zone: hubspan.net

Trusted Zone: integreon.com/

Trusted Zone: internationalpaper.com

Trusted Zone: internet

Trusted Zone: IPBSIMS

Trusted Zone: ipcbpr.com

Trusted Zone: ipportal

Trusted Zone: ITRS

Trusted Zone: landamconnection.net

Trusted Zone: marketingiq.com\www

Trusted Zone: microsoft.com\*.windowsupdate

Trusted Zone: microsoft.com\oca

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: mscdirect.com

Trusted Zone: msdsonline.com

Trusted Zone: mycitrix

Trusted Zone: mycitrixtest

Trusted Zone: mystatestreet.com

Trusted Zone: navy.mil\webmail.west.nmci

Trusted Zone: Oracle11i

Trusted Zone: peopleclick.com

Trusted Zone: pg.com

Trusted Zone: pgsupplier.com

Trusted Zone: s02acedev

Trusted Zone: s02aceprod01

Trusted Zone: s02aceprod02

Trusted Zone: s02aceprod03

Trusted Zone: s02aceprod04

Trusted Zone: s02aceprod05

Trusted Zone: s02aceprod06

Trusted Zone: s02aceprod07

Trusted Zone: s02aceprod08

Trusted Zone: s02aceprod09

Trusted Zone: s02acesbx

Trusted Zone: s02aeatest01

Trusted Zone: s02aeppp01

Trusted Zone: s02aeppp02

Trusted Zone: s02aepsb01

Trusted Zone: s02afip01

Trusted Zone: s02ahelpivsprd

Trusted Zone: s02avmxpdxrfp

Trusted Zone: s02awebxprof

Trusted Zone: s02awesdev01

Trusted Zone: s02axprofweb

Trusted Zone: s31csnow

Trusted Zone: s337acq1

Trusted Zone: s337web02

Trusted Zone: s519ap04

Trusted Zone: s769ap03

Trusted Zone: s769ap08

Trusted Zone: saddlecrk.com

Trusted Zone: sartestream02

Trusted Zone: serverdb

Trusted Zone: shorepak.com

Trusted Zone: shorepak.com\shor01

Trusted Zone: shorepak.com\shor02

Trusted Zone: shorepak.com\shor03

Trusted Zone: shorepak.com\shor04

Trusted Zone: shorepak.com\shor05

Trusted Zone: shorepak.com\shor06

Trusted Zone: shorepak.com\shor07

Trusted Zone: skillport.com

Trusted Zone: skillsoft.com

Trusted Zone: skillwsa.com

Trusted Zone: smartforce.com

Trusted Zone: smurfit.com

Trusted Zone: softscape.com

Trusted Zone: softscape.com\ip

Trusted Zone: staples.com\partners

Trusted Zone: stapleslink.com

Trusted Zone: staplespartners.com \www

Trusted Zone: stf.com

Trusted Zone: sts.com

Trusted Zone: studley.com

Trusted Zone: svweb

Trusted Zone: swebustest2

Trusted Zone: swweb01

Trusted Zone: swwid1

Trusted Zone: tax.com\*.bna

Trusted Zone: tpconline.com

Trusted Zone: tymetrix360.com

Trusted Zone: virtualearth.net

Trusted Zone: w00c1220

Trusted Zone: windowsupdate.com

Trusted Zone: wishoo.com\stream

Trusted Zone: witstracking.net \www

Trusted Zone: workbrain.com\ip

Trusted Zone: x519qalabserv1

Trusted Zone: x769qalabserv1

Trusted Zone: xatanet.net

Trusted Zone: xatanet.net\webservices

Trusted Zone: xatanet.net \www

Trusted Zone: xign.net

Trusted Zone: xpedx.com

Trusted Zone: xpedx.com\fors

Trusted Zone: airgas.com

Trusted Zone: amforem.com\logon

Trusted Zone: ariba.com

Trusted Zone: arifleet.com

Trusted Zone: bcdtravel.com

Trusted Zone: bek.com\pw

Trusted Zone: bek.com\secure

Trusted Zone: bna.com

Trusted Zone: bravosolution.com\xe

Trusted Zone: buzone.com\www

Trusted Zone: cch.com

Trusted Zone: cexp.com

Trusted Zone: cicnet

Trusted Zone: cissltd.com

Trusted Zone: claritynet.com

Trusted Zone: com.mx\*.bancanetempresarial.banamex

Trusted Zone: compensationstandards.com\www

Trusted Zone: concursolutions.com

Trusted Zone: covisint.com\www

Trusted Zone: cynops.com

Trusted Zone: distributioninvoicing.com

Trusted Zone: easternconnection.com

Trusted Zone: elcompanies.com

Trusted Zone: elcompanies.coml

Trusted Zone: emptoris.com

Trusted Zone: facdn.com

Trusted Zone: fastenal.com

Trusted Zone: fieont13

Trusted Zone: fiservhealthservices.com

Trusted Zone: fishersci.com

Trusted Zone: fxpress.com\treasury

Trusted Zone: gkservices.com\*.gkadvantage

Trusted Zone: grainger.com

Trusted Zone: gwrr.com\webmail

Trusted Zone: hp.com

Trusted Zone: hubspan.net

Trusted Zone: integreon.com/

Trusted Zone: internationalpaper.com

Trusted Zone: internet

Trusted Zone: IPBSIMS

Trusted Zone: ipcbpr.com

Trusted Zone: ipportal

Trusted Zone: ITRS

Trusted Zone: landamconnection.net

Trusted Zone: marketingiq.com\www

Trusted Zone: microsoft.com\*.windowsupdate

Trusted Zone: microsoft.com\oca

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: mscdirect.com

Trusted Zone: msdsonline.com

Trusted Zone: mycitrix

Trusted Zone: mycitrixtest

Trusted Zone: mystatestreet.com

Trusted Zone: navy.mil\webmail.west.nmci

Trusted Zone: Oracle11i

Trusted Zone: peopleclick.com

Trusted Zone: pg.com

Trusted Zone: pgsupplier.com

Trusted Zone: s02acedev

Trusted Zone: s02aceprod01

Trusted Zone: s02aceprod02

Trusted Zone: s02aceprod03

Trusted Zone: s02aceprod04

Trusted Zone: s02aceprod05

Trusted Zone: s02aceprod06

Trusted Zone: s02aceprod07

Trusted Zone: s02aceprod08

Trusted Zone: s02aceprod09

Trusted Zone: s02acesbx

Trusted Zone: s02aeatest01

Trusted Zone: s02aeppp01

Trusted Zone: s02aeppp02

Trusted Zone: s02aepsb01

Trusted Zone: s02afip01

Trusted Zone: s02ahelpivsprd

Trusted Zone: s02avmxpdxrfp

Trusted Zone: s02awebxprof

Trusted Zone: s02awesdev01

Trusted Zone: s02axprofweb

Trusted Zone: s31csnow

Trusted Zone: s337acq1

Trusted Zone: s337web02

Trusted Zone: s519ap04

Trusted Zone: s769ap03

Trusted Zone: s769ap08

Trusted Zone: saddlecrk.com

Trusted Zone: sartestream02

Trusted Zone: serverdb

Trusted Zone: shorepak.com

Trusted Zone: skillport.com

Trusted Zone: skillsoft.com

Trusted Zone: skillwsa.com

Trusted Zone: smartforce.com

Trusted Zone: smurfit.com

Trusted Zone: softscape.com

Trusted Zone: staples.com\partners

Trusted Zone: stapleslink.com

Trusted Zone: staplespartners.com \www

Trusted Zone: stf.com

Trusted Zone: sts.com

Trusted Zone: studley.com

Trusted Zone: svweb

Trusted Zone: swebustest2

Trusted Zone: swweb01

Trusted Zone: swwid1

Trusted Zone: tax.com\*.bna

Trusted Zone: tpconline.com

Trusted Zone: tymetrix360.com

Trusted Zone: virtualearth.net

Trusted Zone: windowsupdate.com

Trusted Zone: wishoo.com\stream

Trusted Zone: witstracking.net \www

Trusted Zone: workbrain.com\ip

Trusted Zone: x519qalabserv1

Trusted Zone: x769qalabserv1

Trusted Zone: xatanet.net

Trusted Zone: xign.net

Trusted Zone: xpedx.com

TCP: {13C1E0EE-AE46-4B83-9D78-AE5CAB000E7A} = 209.183.35.23 209.183.33.23

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ipremote02.ipaper.com/CACHE/stc/1/binaries/vpnweb.cab

DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} - hxxp://swsametime.ipaper.com/sametime/stmeetingroomclient/STJNILoader.cab

DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} - hxxps://greenhouse.lotus.com/lotus/PA_1_3F2DNS521GKI602HUIA3VB00K5/plugins/com.ibm.wps.dm/jsp/common/plugin/DMPlugin.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} - hxxps://ipremote02.ipaper.com/CACHE/sdesktop/install/binaries/instweb.cab

FF - ProfilePath - c:\users\lbryant\AppData\Roaming\Mozilla\Firefox\Profiles\uz4yqa4c.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\users\lbryant\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\lbryant\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

------- File Associations -------

.

vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*

jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

SafeBoot-Symantec Antvirus

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-10-18 18:21:40

ComboFix-quarantined-files.txt 2010-10-18 23:21

Pre-Run: 100,638,232,576 bytes free

Post-Run: 100,307,984,384 bytes free

- - End Of File - - F58556493B7DC99D32680F429B85D7BE

Link to post
Share on other sites

  • 2 weeks later...

This case is resolved, and the topic now Closed.

The procedures used here were only for -this system- and no other.

If you are a casual viewer and are having issues, please create your own New Topic and follow forum procedures.

See http://www.malwarebytes.org/forums/index.php?showtopic=9573

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.