1
Thanks Guys on Wed Apr 28, 2010 4:08 am
AlexanderAndro
New Member
ComboFix 10-04-26.05 - Alexander 04/28/2010 9:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.665 [GMT 1:00]
Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alexander\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\desktop.ini
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.
2010-04-28 07:31 . 2010-04-28 07:31 194560 ----a-w- c:\windows\ASUS_Ai_Proactive_Screensaver (E).scr
2010-04-28 07:31 . 2010-04-28 07:31 -------- d-----w- c:\windows\ASUS_Ai_Proactive_Screensaver (E) dir
2010-04-28 07:31 . 2010-04-28 07:31 606848 ----a-w- c:\windows\flashax.exe
2010-04-28 07:31 . 2010-04-28 07:31 12288 ----a-w- c:\windows\impborl.dll
2010-04-28 07:31 . 2004-06-24 10:00 6656 ----a-w- c:\windows\system32\drivers\AsProbe.sys
2010-04-28 07:31 . 1998-05-18 09:52 458752 ----a-w- c:\windows\system\COMCTL32.DLL
2010-04-28 07:31 . 1998-02-08 18:00 996872 ----a-w- c:\windows\system\CP3240MT.DLL
2010-04-28 07:31 . 1998-02-08 18:00 29952 ----a-w- c:\windows\system\BORLNDMM.DLL
2010-04-28 07:31 . 2010-04-28 07:31 -------- d-----w- c:\program files\ASUS
2010-04-28 07:31 . 1997-04-22 09:16 6272 ----a-w- c:\windows\system32\drivers\ASLM75.SYS
2010-04-28 07:31 . 1996-11-05 15:13 299008 ----a-w- c:\windows\uninst.exe
2010-04-28 07:31 . 2010-04-28 07:31 -------- d-----w- c:\documents and settings\Alexander\WINDOWS
2010-04-28 07:30 . 2010-04-28 07:30 -------- d-----w- c:\windows\LastGood.Tmp
2010-04-28 07:30 . 2010-04-28 07:30 -------- d-----w- c:\program files\Marvell
2010-04-28 07:28 . 2004-09-14 20:55 88960 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2010-04-28 07:28 . 2006-01-06 14:53 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-04-28 07:28 . 2006-01-06 14:53 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-04-28 07:28 . 2006-01-06 14:53 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-04-28 07:28 . 2006-01-06 14:53 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-04-28 07:28 . 2006-01-06 14:53 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-04-28 07:28 . 2006-01-06 14:53 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2010-04-28 07:28 . 2006-01-06 14:53 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-04-28 07:28 . 2006-01-06 14:53 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-04-28 07:28 . 2006-01-06 14:53 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-04-28 07:28 . 2006-01-06 14:53 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-04-28 07:26 . 2010-04-28 07:26 -------- d-----w- c:\program files\Intel
2010-04-28 07:26 . 2005-04-30 12:30 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-04-28 07:24 . 2010-04-28 07:24 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Help
2010-04-28 07:19 . 2010-04-28 07:19 -------- d-----w- c:\windows\system32\URTTemp
2010-04-28 07:17 . 2005-08-30 20:05 516096 ------w- c:\windows\system32\ati2sgag.exe
2010-04-28 07:11 . 2010-04-28 07:11 8192 ----a-w- c:\windows\d3dx.dat
2010-04-28 07:08 . 2010-04-28 07:08 36864 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{1AB16B10-3B55-499E-9918-5527DD082C6D}\_56645BBFD407_48ED_BB67_66EACFC2B0D1.exe
2010-04-28 07:03 . 2010-04-28 07:03 -------- d-----w- c:\program files\illusion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 07:30 . 2010-04-28 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-28 07:27 . 2010-04-28 07:27 -------- d-----w- c:\program files\Analog Devices
2010-04-28 07:27 . 2010-04-28 06:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 07:17 . 2010-04-28 06:10 -------- d-----w- c:\program files\ATI Technologies
2010-04-28 07:14 . 2010-04-28 06:04 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-28 06:50 . 2010-04-28 06:50 -------- d-----w- c:\documents and settings\Alexander\Application Data\Avira
2010-04-28 06:06 . 2010-04-28 06:06 60516 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2010-04-28 06:06 . 2010-04-28 06:06 49246 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2010-04-28 06:06 . 2010-04-28 06:06 165990 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys
[-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-12-14 7095344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/28/2010 7:37 AM 135336]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\1t7nfwh0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 09:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-04-28 09:05:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-28 08:04
Pre-Run: 34,064,351,232 bytes free
Post-Run: 34,043,228,160 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 5EA3E160966E4F716D4614E7F8E03BA7
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.665 [GMT 1:00]
Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alexander\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\desktop.ini
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
.
2010-04-28 07:31 . 2010-04-28 07:31 194560 ----a-w- c:\windows\ASUS_Ai_Proactive_Screensaver (E).scr
2010-04-28 07:31 . 2010-04-28 07:31 -------- d-----w- c:\windows\ASUS_Ai_Proactive_Screensaver (E) dir
2010-04-28 07:31 . 2010-04-28 07:31 606848 ----a-w- c:\windows\flashax.exe
2010-04-28 07:31 . 2010-04-28 07:31 12288 ----a-w- c:\windows\impborl.dll
2010-04-28 07:31 . 2004-06-24 10:00 6656 ----a-w- c:\windows\system32\drivers\AsProbe.sys
2010-04-28 07:31 . 1998-05-18 09:52 458752 ----a-w- c:\windows\system\COMCTL32.DLL
2010-04-28 07:31 . 1998-02-08 18:00 996872 ----a-w- c:\windows\system\CP3240MT.DLL
2010-04-28 07:31 . 1998-02-08 18:00 29952 ----a-w- c:\windows\system\BORLNDMM.DLL
2010-04-28 07:31 . 2010-04-28 07:31 -------- d-----w- c:\program files\ASUS
2010-04-28 07:31 . 1997-04-22 09:16 6272 ----a-w- c:\windows\system32\drivers\ASLM75.SYS
2010-04-28 07:31 . 1996-11-05 15:13 299008 ----a-w- c:\windows\uninst.exe
2010-04-28 07:31 . 2010-04-28 07:31 -------- d-----w- c:\documents and settings\Alexander\WINDOWS
2010-04-28 07:30 . 2010-04-28 07:30 -------- d-----w- c:\windows\LastGood.Tmp
2010-04-28 07:30 . 2010-04-28 07:30 -------- d-----w- c:\program files\Marvell
2010-04-28 07:28 . 2004-09-14 20:55 88960 ----a-w- c:\windows\system32\drivers\MidiSyn.sys
2010-04-28 07:28 . 2006-01-06 14:53 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-04-28 07:28 . 2006-01-06 14:53 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-04-28 07:28 . 2006-01-06 14:53 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-04-28 07:28 . 2006-01-06 14:53 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-04-28 07:28 . 2006-01-06 14:53 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-04-28 07:28 . 2006-01-06 14:53 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2010-04-28 07:28 . 2006-01-06 14:53 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-04-28 07:28 . 2006-01-06 14:53 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-04-28 07:28 . 2006-01-06 14:53 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-04-28 07:28 . 2006-01-06 14:53 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-04-28 07:26 . 2010-04-28 07:26 -------- d-----w- c:\program files\Intel
2010-04-28 07:26 . 2005-04-30 12:30 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-04-28 07:24 . 2010-04-28 07:24 -------- d-----w- c:\documents and settings\Alexander\Local Settings\Application Data\Help
2010-04-28 07:19 . 2010-04-28 07:19 -------- d-----w- c:\windows\system32\URTTemp
2010-04-28 07:17 . 2005-08-30 20:05 516096 ------w- c:\windows\system32\ati2sgag.exe
2010-04-28 07:11 . 2010-04-28 07:11 8192 ----a-w- c:\windows\d3dx.dat
2010-04-28 07:08 . 2010-04-28 07:08 36864 ----a-r- c:\documents and settings\Alexander\Application Data\Microsoft\Installer\{1AB16B10-3B55-499E-9918-5527DD082C6D}\_56645BBFD407_48ED_BB67_66EACFC2B0D1.exe
2010-04-28 07:03 . 2010-04-28 07:03 -------- d-----w- c:\program files\illusion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 07:30 . 2010-04-28 06:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-28 07:27 . 2010-04-28 07:27 -------- d-----w- c:\program files\Analog Devices
2010-04-28 07:27 . 2010-04-28 06:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 07:17 . 2010-04-28 06:10 -------- d-----w- c:\program files\ATI Technologies
2010-04-28 07:14 . 2010-04-28 06:04 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-28 06:50 . 2010-04-28 06:50 -------- d-----w- c:\documents and settings\Alexander\Application Data\Avira
2010-04-28 06:06 . 2010-04-28 06:06 60516 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2010-04-28 06:06 . 2010-04-28 06:06 49246 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2010-04-28 06:06 . 2010-04-28 06:06 165990 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
------- Sigcheck -------
[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys
[-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-12-14 7095344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/28/2010 7:37 AM 135336]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\1t7nfwh0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 09:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-04-28 09:05:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-28 08:04
Pre-Run: 34,064,351,232 bytes free
Post-Run: 34,043,228,160 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 5EA3E160966E4F716D4614E7F8E03BA7
Mon May 21, 2012 7:06 pm by 
