Jump to content

Antivirus 2010?


jekyll
 Share

Recommended Posts

Hello,

I'm quite embarrassed to say... I think the same virus (updated version) from last year got me again this year. =(

Melwarebytes have been disabled and changing the file name did not work.

safemode did not run the program either.

However, the program DID work yesterday with... 68? infections found. removed and all, but the following day, today, the melware was still there... (Unfortunately, I'm not sure where the log file is for that scan result...)

Here are some steps that didn't happen when I tried to prepare prior opening this thread... (I'm not sure if it is relevant but I wanted to make a note of it just in case.)

1) After running DeFogger the program did not ask to reboot the machine. (so, I manually reboot the machine)

2) GMER Rootkit Scanner: the program did ask me if it would like to do a full scan and I selected No and unchecked IAT/EAT, other driver/partician other than "C" drive and "show all" was already unchecked. After pressing scan the program automatically shut down and was not able to run the program any more. I tried the step again by downloading the program but it simply repeated the above.

* So, there will be no "ark.txt" file in the zip.

Below would be the DDS.txt log.

Much appreciatioin for all your time and assistance here!

Best regards,

Jekyll

DDS (Ver_10-10-21.02) - NTFSx86

Run by Restaurant Kazoo at 0:54:27.92 on Sun 10/31/2010

Internet Explorer: 7.0.6001.18000

Microsoft

Attach.zip

Link to post
Share on other sites

  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop.

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Note:

If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save iexplore.exe to your Desktop

Double click on the iexplore.exe ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • Double click on iexplore.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7 or you don't have a internet connection.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hi LDTate,

Thank you for your reply!

I've downloaded combofix and renamed it to iexplore.exe before downloading it and it did not open. Same thing happened while i tried it on the USB.

after completing to open the file (around 90%) my McAfee asked me if I want to change the registery. I did no on the first round and since nothing happened I did yes at the second round... but it didn't do anything as well...

=(

jekyll

Link to post
Share on other sites

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hello Ldtate,

here's the log. It did not find any malicious object, two suspicious objects but the program didn't ask anything about cure or reboot.

By the way. I don't know if this changes anything but, each day, I'm affraid to shut down the computer so, the computer is usually in sleep mode.

Thank you,

Jekyll

2010/11/03 20:57:26.0534 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/03 20:57:26.0534 ================================================================================

2010/11/03 20:57:26.0534 SystemInfo:

2010/11/03 20:57:26.0534

2010/11/03 20:57:26.0534 OS Version: 6.0.6001 ServicePack: 1.0

2010/11/03 20:57:26.0534 Product type: Workstation

2010/11/03 20:57:26.0535 ComputerName: KAZOO-PC

2010/11/03 20:57:26.0538 UserName: Restaurant Kazoo

2010/11/03 20:57:26.0538 Windows directory: C:\Windows

2010/11/03 20:57:26.0538 System windows directory: C:\Windows

2010/11/03 20:57:26.0538 Processor architecture: Intel x86

2010/11/03 20:57:26.0538 Number of processors: 2

2010/11/03 20:57:26.0538 Page size: 0x1000

2010/11/03 20:57:26.0538 Boot type: Normal boot

2010/11/03 20:57:26.0538 ================================================================================

2010/11/03 20:57:26.0855 Initialize success

2010/11/03 20:57:39.0324 ================================================================================

2010/11/03 20:57:39.0324 Scan started

2010/11/03 20:57:39.0324 Mode: Manual;

2010/11/03 20:57:39.0324 ================================================================================

2010/11/03 20:57:42.0156 Suspicious service (NoAccess): lobti

2010/11/03 20:57:42.0158 lobti - detected Locked service (1)

2010/11/03 20:57:46.0285 Suspicious service (NoAccess): vbma92a1

2010/11/03 20:57:46.0305 vbma92a1 - detected Locked service (1)

2010/11/03 20:57:47.0185 ================================================================================

2010/11/03 20:57:47.0185 Scan finished

2010/11/03 20:57:47.0185 ================================================================================

2010/11/03 20:57:47.0204 Detected object count: 2

2010/11/03 20:58:06.0509 Locked service(lobti) - User select action: Skip

2010/11/03 20:58:06.0513 Locked service(vbma92a1) - User select action: Skip

2010/11/03 20:59:19.0232 ================================================================================

2010/11/03 20:59:19.0232 Scan started

2010/11/03 20:59:19.0233 Mode: Manual;

2010/11/03 20:59:19.0233 ================================================================================

2010/11/03 20:59:21.0973 Suspicious service (NoAccess): lobti

2010/11/03 20:59:21.0991 lobti - detected Locked service (1)

2010/11/03 20:59:25.0876 Suspicious service (NoAccess): vbma92a1

2010/11/03 20:59:25.0890 vbma92a1 - detected Locked service (1)

2010/11/03 20:59:26.0630 ================================================================================

2010/11/03 20:59:26.0630 Scan finished

2010/11/03 20:59:26.0630 ================================================================================

2010/11/03 20:59:26.0649 Detected object count: 2

2010/11/03 20:59:29.0383 Locked service(lobti) - User select action: Skip

2010/11/03 20:59:29.0390 Locked service(vbma92a1) - User select action: Skip

Link to post
Share on other sites

2010/11/03 20:59:29.0383 Locked service(lobti) - User select action: Skip

2010/11/03 20:59:29.0390 Locked service(vbma92a1) - User select action: Skip

Those need to be fixed.

Don't forget:

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Link to post
Share on other sites

Hello,

Here's the log after I have deleted those two objects. Sorry that I can't get to it right away and thanks again for your help, LdTate.

Best regards,

Jekyll

2010/11/04 20:07:37.0187 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/04 20:07:37.0187 ================================================================================

2010/11/04 20:07:37.0187 SystemInfo:

2010/11/04 20:07:37.0187

2010/11/04 20:07:37.0187 OS Version: 6.0.6001 ServicePack: 1.0

2010/11/04 20:07:37.0187 Product type: Workstation

2010/11/04 20:07:37.0187 ComputerName: KAZOO-PC

2010/11/04 20:07:37.0188 UserName: Restaurant Kazoo

2010/11/04 20:07:37.0188 Windows directory: C:\Windows

2010/11/04 20:07:37.0188 System windows directory: C:\Windows

2010/11/04 20:07:37.0188 Processor architecture: Intel x86

2010/11/04 20:07:37.0188 Number of processors: 2

2010/11/04 20:07:37.0188 Page size: 0x1000

2010/11/04 20:07:37.0188 Boot type: Normal boot

2010/11/04 20:07:37.0188 ================================================================================

2010/11/04 20:07:37.0440 Initialize success

2010/11/04 20:07:38.0173 ================================================================================

2010/11/04 20:07:38.0173 Scan started

2010/11/04 20:07:38.0173 Mode: Manual;

2010/11/04 20:07:38.0173 ================================================================================

2010/11/04 20:07:40.0863 Suspicious service (NoAccess): lobti

2010/11/04 20:07:40.0881 lobti - detected Locked service (1)

2010/11/04 20:07:44.0887 Suspicious service (NoAccess): vbma92a1

2010/11/04 20:07:44.0902 vbma92a1 - detected Locked service (1)

2010/11/04 20:07:45.0808 ================================================================================

2010/11/04 20:07:45.0808 Scan finished

2010/11/04 20:07:45.0808 ================================================================================

2010/11/04 20:07:45.0827 Detected object count: 2

2010/11/04 20:08:06.0355 Locked service(lobti) - User select action: Quarantine

2010/11/04 20:08:06.0373 Locked service(vbma92a1) - User select action: Quarantine

2010/11/04 20:08:10.0837 ================================================================================

2010/11/04 20:08:10.0837 Scan started

2010/11/04 20:08:10.0837 Mode: Manual;

2010/11/04 20:08:10.0837 ================================================================================

2010/11/04 20:08:13.0160 Suspicious service (NoAccess): lobti

2010/11/04 20:08:13.0174 lobti - detected Locked service (1)

2010/11/04 20:08:17.0071 Suspicious service (NoAccess): vbma92a1

2010/11/04 20:08:17.0083 vbma92a1 - detected Locked service (1)

2010/11/04 20:08:17.0851 ================================================================================

2010/11/04 20:08:17.0851 Scan finished

2010/11/04 20:08:17.0851 ================================================================================

2010/11/04 20:08:17.0869 Detected object count: 2

2010/11/04 20:08:31.0357 HKLM\SYSTEM\ControlSet001\services\lobti - will be deleted after reboot

2010/11/04 20:08:31.0432 HKLM\SYSTEM\ControlSet002\services\lobti - will be deleted after reboot

2010/11/04 20:08:31.0444 C:\Windows\system32\drivers\lobti.sys - will be deleted after reboot

2010/11/04 20:08:31.0444 Locked service(lobti) - User select action: Delete

2010/11/04 20:08:31.0451 HKLM\SYSTEM\ControlSet001\services\vbma92a1 - will be deleted after reboot

2010/11/04 20:08:31.0452 HKLM\SYSTEM\ControlSet002\services\vbma92a1 - will be deleted after reboot

2010/11/04 20:08:31.0456 C:\Windows\system32\drivers\vbma92a1.sys - will be deleted after reboot

2010/11/04 20:08:31.0456 Locked service(vbma92a1) - User select action: Delete

2010/11/04 20:08:37.0283 Deinitialize success

Link to post
Share on other sites

Hi LDTate,

I still have the same problem. The "iexplore.exe" doesn't open. I've downloaded and tried opening throug both from the desktop and the USB.

After double clicking it looks like the status bar have went all the way 100% and my mouse will be thinking but it eventually doesn't do anything.

Best regards,

Jekyll

Link to post
Share on other sites

Unplug / disconnect your internet connection.

Restart your computer in Safe Mode.

Press F8 after the Power-On Self Test (POST) is done. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

On the Advanced Boot Options screen, use the arrow keys to highlight the safe mode option you want, and then press ENTER. For more information about options, see Advanced startup options (including safe mode).

Log on to your computer with a user account that has administrator rights.

When your computer is in safe mode, you'll see the words Safe Mode in the corners of the display. To exit safe mode, restart your computer and let Windows start normally.

Now try running it.

Link to post
Share on other sites

So, I ran the TDSKiller and deleted the same two object and did a reboot as the application asked me. I actually ran the TDSKiller again and it still found the same objects... both posts are pasted below.

2010/11/06 10:45:32.0387 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/06 10:45:32.0387 ================================================================================

2010/11/06 10:45:32.0387 SystemInfo:

2010/11/06 10:45:32.0387

2010/11/06 10:45:32.0387 OS Version: 6.0.6001 ServicePack: 1.0

2010/11/06 10:45:32.0387 Product type: Workstation

2010/11/06 10:45:32.0387 ComputerName: KAZOO-PC

2010/11/06 10:45:32.0387 UserName: Restaurant Kazoo

2010/11/06 10:45:32.0387 Windows directory: C:\Windows

2010/11/06 10:45:32.0387 System windows directory: C:\Windows

2010/11/06 10:45:32.0387 Processor architecture: Intel x86

2010/11/06 10:45:32.0387 Number of processors: 2

2010/11/06 10:45:32.0387 Page size: 0x1000

2010/11/06 10:45:32.0387 Boot type: Normal boot

2010/11/06 10:45:32.0387 ================================================================================

2010/11/06 10:45:32.0668 Initialize success

2010/11/06 10:45:34.0930 ================================================================================

2010/11/06 10:45:34.0930 Scan started

2010/11/06 10:45:34.0930 Mode: Manual;

2010/11/06 10:45:34.0930 ================================================================================

2010/11/06 10:45:37.0441 Suspicious service (NoAccess): lobti

2010/11/06 10:45:37.0441 lobti - detected Locked service (1)

2010/11/06 10:45:40.0327 Suspicious service (NoAccess): vbma92a1

2010/11/06 10:45:40.0327 vbma92a1 - detected Locked service (1)

2010/11/06 10:45:40.0967 ================================================================================

2010/11/06 10:45:40.0967 Scan finished

2010/11/06 10:45:40.0967 ================================================================================

2010/11/06 10:45:40.0983 Detected object count: 2

2010/11/06 10:45:57.0175 HKLM\SYSTEM\ControlSet001\services\lobti - will be deleted after reboot

2010/11/06 10:45:57.0207 HKLM\SYSTEM\ControlSet002\services\lobti - will be deleted after reboot

2010/11/06 10:45:57.0222 C:\Windows\system32\drivers\lobti.sys - will be deleted after reboot

2010/11/06 10:45:57.0222 Locked service(lobti) - User select action: Delete

2010/11/06 10:45:57.0238 HKLM\SYSTEM\ControlSet001\services\vbma92a1 - will be deleted after reboot

2010/11/06 10:45:57.0238 HKLM\SYSTEM\ControlSet002\services\vbma92a1 - will be deleted after reboot

2010/11/06 10:45:57.0238 C:\Windows\system32\drivers\vbma92a1.sys - will be deleted after reboot

2010/11/06 10:45:57.0238 Locked service(vbma92a1) - User select action: Delete

2010/11/06 10:46:04.0523 Deinitialize success

///After reboot I ran the TDSSkiller again. (I took no action this time.)

2010/11/06 10:48:50.0884 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/06 10:48:50.0884 ================================================================================

2010/11/06 10:48:50.0884 SystemInfo:

2010/11/06 10:48:50.0884

2010/11/06 10:48:50.0884 OS Version: 6.0.6001 ServicePack: 1.0

2010/11/06 10:48:50.0884 Product type: Workstation

2010/11/06 10:48:50.0884 ComputerName: KAZOO-PC

2010/11/06 10:48:50.0885 UserName: Restaurant Kazoo

2010/11/06 10:48:50.0885 Windows directory: C:\Windows

2010/11/06 10:48:50.0885 System windows directory: C:\Windows

2010/11/06 10:48:50.0885 Processor architecture: Intel x86

2010/11/06 10:48:50.0885 Number of processors: 2

2010/11/06 10:48:50.0885 Page size: 0x1000

2010/11/06 10:48:50.0885 Boot type: Normal boot

2010/11/06 10:48:50.0885 ================================================================================

2010/11/06 10:48:52.0178 Initialize success

2010/11/06 10:48:55.0566 ================================================================================

2010/11/06 10:48:55.0566 Scan started

2010/11/06 10:48:55.0566 Mode: Manual;

2010/11/06 10:48:55.0566 ================================================================================

2010/11/06 10:49:02.0249 Suspicious service (NoAccess): lobti

2010/11/06 10:49:02.0284 lobti - detected Locked service (1)

2010/11/06 10:49:06.0370 Suspicious service (NoAccess): vbma92a1

2010/11/06 10:49:06.0433 vbma92a1 - detected Locked service (1)

2010/11/06 10:49:07.0132 ================================================================================

2010/11/06 10:49:07.0133 Scan finished

2010/11/06 10:49:07.0133 ================================================================================

2010/11/06 10:49:07.0154 Detected object count: 2

2010/11/06 10:49:18.0735 Locked service(lobti) - User select action: Skip

2010/11/06 10:49:18.0741 Locked service(vbma92a1) - User select action: Skip

Link to post
Share on other sites

Print this out.

ONLY use this In case you can't boot the computer after running Combofix.

Fix MBR in Vista

In Vista, the procedure to fix the master boot record is a bit different. You have to start up Vista in the Recovery Environment and then run the bootrec command. Here

Link to post
Share on other sites

Do you still need help with this?

Hi LDTate,

Yes, I actually logged in to note that I couldn't get to it earlier this week and 'am now away from where the computer is located so, it will be toward end of this week to go through your advice.

I'll appreciate it if you could keep the thread open. I should be back home this Friday and will let you know on the progress!

Best regards,

Jekyll

Link to post
Share on other sites

Hi LDTate,

Much thanks for your patience.

Since the combofix isn't working, I'm going to write my exact steps here...

1) After booting the computer, I disabled the McAfee security center through task bar.

2) I opened the desktop file and deleted the previous "iexplore.exe" that I had.

3) I opened up IE and came to this forum and from your last post I downloaded the Combofix naming iexplore.exe and saved it on the desktop.

4) I double clicked on the "iexplore.exe" and saw the status bar go through all the way and nothing happened...

I repeated the steps again on a USB next. then the computer automatically rebooted with an error screen that the program(system?) didn't shut properly and if I want to boot in safe more or normal reboot.

Sorry if I missed anything.

Jekyll

Link to post
Share on other sites

Hi LDTate,

Here's the log from TDSSKiller. But after reboot it have found the same suspicious services when I ran the TDSSKiller again.

Jekyll

2010/11/13 10:40:16.0795 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/13 10:40:16.0796 ================================================================================

2010/11/13 10:40:16.0796 SystemInfo:

2010/11/13 10:40:16.0796

2010/11/13 10:40:16.0796 OS Version: 6.0.6001 ServicePack: 1.0

2010/11/13 10:40:16.0796 Product type: Workstation

2010/11/13 10:40:16.0796 ComputerName: KAZOO-PC

2010/11/13 10:40:16.0796 UserName: Restaurant Kazoo

2010/11/13 10:40:16.0796 Windows directory: C:\Windows

2010/11/13 10:40:16.0796 System windows directory: C:\Windows

2010/11/13 10:40:16.0796 Processor architecture: Intel x86

2010/11/13 10:40:16.0796 Number of processors: 2

2010/11/13 10:40:16.0796 Page size: 0x1000

2010/11/13 10:40:16.0796 Boot type: Normal boot

2010/11/13 10:40:16.0796 ================================================================================

2010/11/13 10:40:17.0040 Initialize success

2010/11/13 10:40:30.0000 ================================================================================

2010/11/13 10:40:30.0000 Scan started

2010/11/13 10:40:30.0000 Mode: Manual;

2010/11/13 10:40:30.0000 ================================================================================

2010/11/13 10:40:32.0394 Suspicious service (NoAccess): lobti

2010/11/13 10:40:32.0408 lobti - detected Locked service (1)

2010/11/13 10:40:35.0403 Suspicious service (NoAccess): vbma92a1

2010/11/13 10:40:35.0425 vbma92a1 - detected Locked service (1)

2010/11/13 10:40:36.0087 ================================================================================

2010/11/13 10:40:36.0087 Scan finished

2010/11/13 10:40:36.0087 ================================================================================

2010/11/13 10:40:36.0101 Detected object count: 2

2010/11/13 10:41:03.0630 HKLM\SYSTEM\ControlSet001\services\lobti - will be deleted after reboot

2010/11/13 10:41:03.0668 HKLM\SYSTEM\ControlSet002\services\lobti - will be deleted after reboot

2010/11/13 10:41:03.0696 C:\Windows\system32\drivers\lobti.sys - will be deleted after reboot

2010/11/13 10:41:03.0696 Locked service(lobti) - User select action: Delete

2010/11/13 10:41:03.0703 HKLM\SYSTEM\ControlSet001\services\vbma92a1 - will be deleted after reboot

2010/11/13 10:41:03.0705 HKLM\SYSTEM\ControlSet002\services\vbma92a1 - will be deleted after reboot

2010/11/13 10:41:03.0709 C:\Windows\system32\drivers\vbma92a1.sys - will be deleted after reboot

2010/11/13 10:41:03.0709 Locked service(vbma92a1) - User select action: Delete

2010/11/13 10:41:06.0572 Deinitialize success

Link to post
Share on other sites

Should I run it again?

2010/11/13 11:05:24.0374 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/13 11:05:24.0374 ================================================================================

2010/11/13 11:05:24.0374 SystemInfo:

2010/11/13 11:05:24.0374

2010/11/13 11:05:24.0374 OS Version: 6.0.6001 ServicePack: 1.0

2010/11/13 11:05:24.0375 Product type: Workstation

2010/11/13 11:05:24.0375 ComputerName: KAZOO-PC

2010/11/13 11:05:24.0375 UserName: Restaurant Kazoo

2010/11/13 11:05:24.0375 Windows directory: C:\Windows

2010/11/13 11:05:24.0375 System windows directory: C:\Windows

2010/11/13 11:05:24.0375 Processor architecture: Intel x86

2010/11/13 11:05:24.0375 Number of processors: 2

2010/11/13 11:05:24.0375 Page size: 0x1000

2010/11/13 11:05:24.0375 Boot type: Normal boot

2010/11/13 11:05:24.0375 ================================================================================

2010/11/13 11:05:24.0608 Initialize success

2010/11/13 11:05:26.0675 ================================================================================

2010/11/13 11:05:26.0675 Scan started

2010/11/13 11:05:26.0675 Mode: Manual;

2010/11/13 11:05:26.0675 ================================================================================

2010/11/13 11:05:29.0169 Suspicious service (NoAccess): lobti

2010/11/13 11:05:29.0185 lobti - detected Locked service (1)

2010/11/13 11:05:32.0851 Suspicious service (NoAccess): vbma92a1

2010/11/13 11:05:32.0864 vbma92a1 - detected Locked service (1)

2010/11/13 11:05:33.0692 ================================================================================

2010/11/13 11:05:33.0694 Scan finished

2010/11/13 11:05:33.0694 ================================================================================

2010/11/13 11:05:33.0746 Detected object count: 2

2010/11/13 11:05:45.0598 HKLM\SYSTEM\ControlSet001\services\lobti - will be deleted after reboot

2010/11/13 11:05:45.0632 HKLM\SYSTEM\ControlSet002\services\lobti - will be deleted after reboot

2010/11/13 11:05:45.0660 C:\Windows\system32\drivers\lobti.sys - will be deleted after reboot

2010/11/13 11:05:45.0660 Locked service(lobti) - User select action: Delete

2010/11/13 11:05:45.0666 HKLM\SYSTEM\ControlSet001\services\vbma92a1 - will be deleted after reboot

2010/11/13 11:05:45.0667 HKLM\SYSTEM\ControlSet002\services\vbma92a1 - will be deleted after reboot

2010/11/13 11:05:45.0674 C:\Windows\system32\drivers\vbma92a1.sys - will be deleted after reboot

2010/11/13 11:05:45.0674 Locked service(vbma92a1) - User select action: Delete

2010/11/13 11:05:48.0901 Deinitialize success

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.