Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect Virus


  • Please log in to reply

#1
patinva

patinva

    New Member

  • Member
  • Pip
  • 1 posts
Hello:

I ran Combo Fix and it was suggested that I post my log file...does anyone see anything else that will cause problems?

ComboFix 09-01-21.04 - pward 2009-01-28 12:27:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2030.1521 [GMT -5:00]
Running from: c:\documents and settings\pward\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\aaISDcdd.ini
c:\windows\system32\aaISDcdd.ini2
c:\windows\system32\awtqrpmj.dll
c:\windows\system32\bywditgl.ini
c:\windows\system32\drivers\gaopdxijxvmlkt.sys
c:\windows\system32\gaopdxexwpuysi.dll
c:\windows\system32\rebprivx.dll
c:\windows\system32\srrutBeg.ini
c:\windows\system32\srrutBeg.ini2
c:\windows\system32\vnasuvjp.ini
c:\windows\Tasks\sejkyzbv.job

----- BITS: Possible infected sites -----

hxxp://SMS-SJ1:80
hxxp://10.8.189.146:80
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-27 22:07 . 2009-01-18 16:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-27 21:05 . 2009-01-18 16:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-27 21:04 . 2009-01-27 21:04 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-27 21:03 . 2009-01-27 21:03 <DIR> d-------- c:\program files\Lavasoft
2009-01-27 20:36 . 2009-01-27 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-27 09:42 . 2009-01-27 09:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 09:42 . 2009-01-27 09:42 <DIR> d-------- c:\documents and settings\pward\Application Data\Malwarebytes
2009-01-27 09:42 . 2009-01-27 09:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-27 09:42 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 09:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 21:58 . 2009-01-26 21:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-26 21:58 . 2009-01-26 21:58 262,144 --a------ C:\ntuser.dat
2009-01-26 21:39 . 2009-01-26 21:58 <DIR> d-------- c:\program files\Yahoo!
2009-01-26 21:39 . 2009-01-26 21:39 <DIR> d-------- c:\program files\Common Files\Scanner
2009-01-26 16:21 . 2009-01-26 16:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-26 16:21 . 2009-01-26 21:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-20 16:46 . 2009-01-20 16:46 <DIR> d-------- c:\program files\FLPQuoteTool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 02:59 --------- d-----w c:\documents and settings\pward\Application Data\Yahoo!
2009-01-27 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-26 18:14 --------- d-----w c:\documents and settings\pward\Application Data\Apple Computer
2009-01-05 19:34 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-12 17:57 --------- d-----w c:\program files\Common Files\AOL
2008-12-11 15:22 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-07 00:39 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-07 00:37 --------- d-----w c:\program files\Common Files\Software Update Utility
2008-12-07 00:37 --------- d-----w c:\program files\AIM Search
2008-06-25 12:22 62,910 ----a-w c:\program files\Uninstall.exe
2008-06-25 12:22 0 ----a-w c:\program files\uninstall.dat
2006-12-29 19:15 626,688 ----a-w c:\program files\Common Files\sapconsaccess.dll
2006-12-29 19:15 40,960 ----a-w c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 19:15 3,100,672 ----a-w c:\program files\Common Files\sapxlhelper.dll
2006-12-29 19:15 192,512 ----a-w c:\program files\Common Files\sapconsr3.dll
2006-12-07 14:26 1,129,984 ----a-w c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 14:26 1,124,864 ----a-w c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-08-18 91440]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-01 8495104]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-04-04 136512]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-05-22 33280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-08-18 91440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 18:54 89600 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 10:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=mxjjlr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0HiberNative\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=PKIWirelessReg.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-762979615-2031575299-929701000-87781\Scripts\Logon\0\0]
"Script"=SP2_FW_Disable.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-762979615-2031575299-929701000-87781\Scripts\Logon\1\0]
"Script"=Admin2Computer.vbe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-762979615-2031575299-929701000-87781\Scripts\Logon\2\0]
"Script"=SMSLogonScriptGA.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-762979615-2031575299-929701000-87781\Scripts\Logon\3\0]
"Script"=ComputersContainerToOU.vbe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Windows\\PCHealth\\HelpCTR\\Binaries\\helpsvc.exe"= ”c:\\Windows\\PCHealth\\HelpCTR\\Binaries\\helpsvc.exe
"c:\\Windows\\system32\\sessmgr.exe"= ”c:\\Windows\\system32\\sessmgr.exe
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AT&T\\Communication Manager\\SwiApiMux.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Offer Remote Assistance Service
"62515:UDP"= 62515:UDP:Cisco VPN Service
"8081:TCP"= 8081:TCP:EPO Update
"3389:TCP"= 3389:TCP:Remote Desktop

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"RemoteAddresses"= *

R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [2005-04-27 11456]
R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [2005-04-28 90688]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-27 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-03-02 19760]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-01-03 59904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-01-04 4442]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-05-27 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-05-27 51968]
R3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2006-09-20 8064]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2008-01-04 81280]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
R4 GtDetectSc;GT Detect;c:\windows\system32\GtDetectSc.exe [2006-09-21 167936]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R4 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [2007-07-25 45640]
R4 PCG Protect;PCG Protect;c:\program files\PC Guardian\EP Hard Disk\User\PCGProt.exe [2005-06-29 61440]
R4 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-19 24652]
R4 WebClientSrv;WebClientSrv;c:\program files\PC Guardian\Encryption Plus Management Console Client\WebClientSrv.exe [2005-06-21 262144]
R4 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-03-06 106496]
S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2006-09-20 16128]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2006-09-20 113408]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2006-09-20 34560]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2008-09-30 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2008-09-30 73856]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-06-13 15744]
S4 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [2007-07-25 5218304]
S4 EphdXlatService;EphdXlatService;c:\program files\PC Guardian\EP Hard Disk\User\DISrv.exe [2005-06-29 192512]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51
*Deregistered* - ephdlink
.
Contents of the 'Scheduled Tasks' folder

2009-01-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]

2009-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-06-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-21 00:19]
.
- - - - ORPHANS REMOVED - - - -

BHO-{96AD8821-B1CD-4F80-A9AA-344588F4AE90} - c:\windows\system32\ddcDSIaa.dll
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {292CBB36-AC91-11D1-B911-080009EF1192} - hxxp://mercedes.corp.adobe.com:99/fm/ui/CabFiles/jfITEnvelopeCtrl.cab
FF - ProfilePath - c:\documents and settings\pward\Application Data\Mozilla\Firefox\Profiles\w6i69qlp.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPJPI142_16.dll
FF - plugin: c:\program files\Java\j2re1.4.2_16\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 12:38:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1360)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\windows\system32\bmnet.dll
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(7960)
c:\windows\system32\EntApi.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bmwebcfg.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\system32\CCM\SMSCliUI.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2009-01-28 12:48:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-28 17:48:21

Pre-Run: 122,973,618,176 bytes free
Post-Run: 124,158,275,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

288
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP