ComboFix 10-09-19.04 - hong01 09/20/2010 11:21:24.1.

2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2554 [GMT -4:0
0]
Running from: c:\documents and settings\Hong01.micrium01\Desktop\CF.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB0644
8E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB
6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\sysReserve.ini
c:\documents and settings\Hong01.micrium01\g2mdlhlpx.exe
c:\windows\system32\spool\prtprocs\w32x86\o1o9oC79.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\zlibwapi.dll
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected

Restored copy from - Kitty had a snack :p

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
))))))))))))))))))))))))))))))
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))

))))))))))))))))))))))))
.
2010-09-09 13:29 . 2010-09-09 13:29 -------- d-----w- c:\docum
ents and settings\Hong01.micrium01\Application Data\MiKTeX
2010-09-09 13:28 . 2010-09-09 13:28 -------- d-----w- c:\docum
ents and settings\Hong01.micrium01\Local Settings\Application Data\MiKTeX
2010-09-09 13:23 . 2010-09-09 13:23 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\MiKTeX
2010-09-09 13:10 . 2010-09-09 13:20 -------- d-----w- c:\progr
am files\MiKTeX 2.8
2010-09-09 13:06 . 2010-09-09 14:42 -------- d-----w- C:\cot54
07
2010-09-09 13:03 . 2010-09-09 13:05 -------- d-----w- C:\ProTe
Xt
2010-09-09 13:01 . 2010-09-06 20:42 821488567 ----a-w- C:\ProTe
Xt-2.2.1-102109.exe
2010-09-02 20:09 . 2010-09-02 20:09 -------- d-----w- c:\progr
am files\Wireshark
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2010-09-20 15:43 . 2010-01-20 20:31 -------- d-----w- c:\docum
ents and settings\Hong01.micrium01\Application Data\Dropbox
2010-09-20 14:47 . 2008-05-27 12:58 -------- d-----w- c:\docum
ents and settings\Hong01.micrium01\Application Data\.purple
2010-09-20 14:25 . 2010-05-18 14:31 -------- d-----r- c:\progr
am files\Skype
2010-09-20 13:13 . 2007-08-22 23:29 -------- d-----w- c:\progr
am files\Symantec AntiVirus
2010-09-16 16:18 . 2009-05-28 13:00 -------- d-----w- c:\docum
ents and settings\Hong01.micrium01\Application Data\Skype
2010-09-16 12:04 . 2009-08-18 16:18 -------- d-----w- c:\docum
ents and settings\Hong01.micrium01\Application Data\skypePM
2010-09-13 13:16 . 2010-05-06 13:46 -------- d-----w- c:\docum
ents and settings\Hong01.micrium01\Application Data\FedEx
2010-09-13 13:16 . 2010-05-06 13:44 -------- d-----w- c:\progr
am files\FedEx
2010-09-13 13:10 . 2008-07-21 18:49 -------- d-----w- c:\progr
am files\Microsoft Silverlight
2010-09-08 13:09 . 2010-08-17 13:13 664 ----a-w- c:\windows\syste
m32\d3d9caps.dat
2010-09-02 21:03 . 2008-01-22 13:43 -------- d-----w- c:\docum
ents and settings\Hong01.micrium01\Application Data\Wireshark
2010-09-02 20:09 . 2008-01-07 15:13 -------- d-----w- c:\progr
am files\WinPcap
2010-08-18 14:25 . 2010-08-18 14:25 -------- d-----w- c:\progr
am files\Micrium
2010-08-13 21:47 . 2010-07-02 21:33 319400 ----a-w- c:\documents and
settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-13 21:46 . 2007-10-08 19:20 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Microsoft Help
2010-08-13 21:46 . 2010-03-15 20:35 5058 ----a-w- c:\windows\syste
m32\PerfStringBackup.TMP
2010-08-12 13:49 . 2008-05-27 12:57 -------- d-----w- c:\progr
am files\Pidgin
2010-07-27 15:40 . 2008-05-27 17:09 -------- d-----w- c:\docum
ents and settings\Hong01.micrium01\Application Data\gtk-2.0
2010-07-23 15:52 . 2007-08-23 15:27 1159 ----a-w- c:\windows\syste
m32\lsprst7.dll
2010-07-20 19:58 . 2010-07-20 19:58 4664 ----a-w- c:\program files
\uninstal.log
2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\syste
m32\schannel.dll
2010-06-25 22:13 . 2008-10-03 04:43 161920 ----a-w- c:\windows\syste
m32\drivers\WpsHelper.sys
2010-06-25 17:07 . 2010-06-25 17:07 281104 ----a-w- c:\windows\syste
m32\wpcap.dll
2010-06-25 17:07 . 2010-06-25 17:07 100880 ----a-w- c:\windows\syste
m32\Packet.dll
2010-06-25 17:07 . 2010-06-25 17:07 35088 ----a-w- c:\windows\syste
m32\drivers\npf.sys
2010-06-25 17:03 . 2010-06-25 17:03 53299 ----a-w- c:\windows\syste
m32\pthreadVC.dll
2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\syste
m32\wininet.dll
2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\syste
m32\win32k.sys
2009-12-03 20:40 . 2009-12-03 20:39 28435 --sh--r- c:\program files
\DLS8Uninstall.log
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Hong01
.micrium01\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Hong01
.micrium01\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Hong01
.micrium01\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01
486856]
"DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe"
[2009-10-29 1885944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\
Communications_Helper.exe" [2007-10-25 563984]
"DoroServer"="c:\program files\DoroPDFWriter\DoroServer.exe" [2006-12-30 106496]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-0
7 15872]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-03 11
5560]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007
-10-25 2178832]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-10
-28 55808]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-
Malware\explorer.exe" [2010-01-07 1394000]
c:\documents and settings\Hong01.micrium01\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Hong01.micrium01\Application Data\Dropbo
x\bin\Dropbox.exe [2010-2-26 21979992]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-
25 805392]
Renesas AutoUpdate.lnk - c:\program files\Renesas\Hew\AutoUpdate\AutoUpdate.exe
[2007-6-18 131155]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Lo
gitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec A
ntivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGro
up]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVi
rus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Outlook\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iperf-2.0.2\\bin\\iperf.exe"=
R0 ddSrcUSB;SourceUSB Analyzer Driver;c:\windows\system32\drivers\ddSrcUSB.sys [
3/17/2008 4:46 PM 71296]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [9/29/2008 4:53 PM 23
4140]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2
010 1:07 PM 35088]
R2 Sentinel RMS License Manager;Sentinel RMS License Manager;c:\program files\Co
mmon Files\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe [10/3
1/2007 8:10 AM 782336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symante
c Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2010 7:00 AM 102448]
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;c:\windows\system32\driver
s\ax88172.sys [5/26/2003 2:05 PM 11264]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [10/3/2008 12:42 AM 2
3888]
S3 DITOUSB;%DITOUSB.SvcDesc%;c:\windows\system32\drivers\DITOUSB.sys [2/8/2010 2
:42 PM 174336]
S3 E1USB;Renesas E-Series USB Driver;c:\windows\system32\drivers\E1usb.sys [8/23
/2007 10:56 AM 46976]
S3 ellex200;ellex200;c:\windows\system32\drivers\ellex200.sys [10/12/2007 6:06 P
M 24048]
S3 EXITOUSB;%EXITOUSB.SvcDesc%;c:\windows\system32\drivers\EXITOUSB.sys [2/8/201
0 2:42 PM 181760]
S3 HmseUsb;FDM;c:\windows\system32\drivers\HmseUsb.sys [8/23/2007 10:56 AM 26368
]
S3 JJL_IIA;JJL_IIA.Sys JJL JJL_IIA Terminal driver;c:\windows\system32\drivers\J
JL_IIA.sys [2/8/2008 5:39 PM 18560]
S3 jlink;J-Link driver;c:\windows\system32\drivers\jlink.sys [5/24/2010 10:55 AM
14208]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/09/2005, 0.1.10.1;c:\windows\system32
\DRIVERS\libusb0.sys --> c:\windows\system32\DRIVERS\libusb0.sys [?]
S3 MCUSBPIC32MXSK;Microchip MPLAB PIC32MX Starter Kit Driver (MP32MXSK.SYS);c:\w
indows\system32\drivers\mp32mxsk.sys [6/6/2007 12:28 PM 53760]
S3 MQB2ALL;NEC Electronics MINICUBE2 USB Interface;c:\windows\system32\drivers\M
QB2ALL.sys [10/14/2005 12:23 AM 10516]
S3 NCBULK;MPLAB REAL ICE USB client driver;c:\windows\system32\drivers\RealICEBu
lk.SYS [4/5/2007 11:08 AM 12160]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Mic
rosoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 46
39136]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec AntiVirus\SmcLU
\Setup\smcinst.exe --> c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.e
xe [?]
S3 TTUSB1;TTUSB1.SYS TechTools USB device driver;c:\windows\system32\drivers\ttu
sb1.sys [2/16/2010 6:19 PM 24821]
S3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\drivers\u
mpusbvista.sys [8/12/2009 4:38 PM 45568]
S3 usbbulk;USBBulk driver;c:\windows\system32\drivers\USBBulk.sys [1/31/2008 1:3
0 PM 14208]
S3 utdrv;utdrv;c:\windows\system32\drivers\utdrv.sys [1/31/2008 12:44 PM 12288]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\sy
stem32\Drivers\yeddef.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/23/2008 9:53 AM 717296]
S4 Sysnpetbpshr;Sysnpetbpshr; [x]
.
Contents of the 'Scheduled Tasks' folder
2010-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950398448-933812292-21
75189588-2300Core.job
- c:\documents and settings\Hong01.micrium01\Local Settings\Application Data\Goo
gle\Update\GoogleUpdate.exe [2008-10-22 13:00]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2950398448-933812292-21
75189588-2300UA.job
- c:\documents and settings\Hong01.micrium01\Local Settings\Application Data\Goo
gle\Update\GoogleUpdate.exe [2008-10-22 13:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://micrium.com/admin/page
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Com
mon Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Hong01.micrium01\Application Data\M
ozilla\Firefox\Profiles\3t4fwaf1.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Hong01.micrium01\Local Settings\Applicati
on Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MI1933~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.x
n--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugin
s.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
AddRemove-DeinstallKey_NC308WA V.5.40 Release 00 8-31-2007 11:16 - c:\program fi
les\InstallShield Installation Information\{76CA0F9D-9E77-11D5-B0FC-00C04FC0E932
}\rso_uninst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Un
install\DeinstallKey_NC308WA V.5.40 Release 00 8-31-2007 11:16
AddRemove-DeinstallKey_NC30WA V.5.40 Release 00 2-18-2008 11:50 - c:\program fil
es\InstallShield Installation Information\{76CA0F9D-9E77-11D5-B0FC-00C04FC0E932}
\rso_uninst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni
nstall\DeinstallKey_NC30WA V.5.40 Release 00 2-18-2008 11:50
AddRemove-DeinstallKey_NC30WA V.5.40 Release 00 8-31-2007 11:15 - c:\program fil
es\InstallShield Installation Information\{76CA0F9D-9E77-11D5-B0FC-00C04FC0E932}
\rso_uninst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni
nstall\DeinstallKey_NC30WA V.5.40 Release 00 8-31-2007 11:15
AddRemove-DeinstallKey_NC30WA V.5.40 Release 00 9-4-2007 10:01 - c:\program file
s\InstallShield Installation Information\{76CA0F9D-9E77-11D5-B0FC-00C04FC0E932}\
rso_uninst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Unin
stall\DeinstallKey_NC30WA V.5.40 Release 00 9-4-2007 10:01
AddRemove-Diff Doc_is1 - c:\program files\Softinterface
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-09-20 11:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1100)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(1156)
c:\program files\Bonjour\mdnsNSP.dll
- - - - - - - > 'explorer.exe'(9536)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6
967989\MSVCR80.dll
c:\documents and settings\Hong01.micrium01\Application Data\Dropbox\bin\DropboxE
xt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-09-20 11:53:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 15:53
Pre-Run: 230,190,784,512 bytes free
Post-Run: 238,754,385,920 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
- - End Of File - - 2555BB606F3AE02D9E8DD8DDAD2DC2E4