Thank you.
ComboFix 10-06-25.01 - Owner 06/25/2010 17:36:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1596 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.2.inf
D:\Autorun.inf
Infected copy of c:\windows\system32\drivers\ultra.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WYEKE_SERVICE
((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))
.
2010-06-25 20:39 . 2010-06-25 20:39 -------- d-----w- c:\program files\CCleaner
2010-06-24 00:38 . 2010-06-24 00:38 -------- d--h--w- c:\windows\PIF
2010-06-23 23:41 . 2010-06-23 23:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Facebook
2010-06-23 17:21 . 2010-06-23 17:21 -------- d-----w- c:\program files\Trend Micro
2010-06-23 17:19 . 2010-06-23 17:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-06-23 17:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-23 17:19 . 2010-06-23 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-23 17:19 . 2010-06-23 17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-23 17:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-22 03:04 . 2010-06-23 20:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\cuctsvdgo
2010-06-18 17:33 . 2010-06-18 17:33 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-06-18 03:13 . 2010-06-18 03:13 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-17 12:09 . 2010-06-17 19:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\rvxbmspvt
2010-06-12 19:50 . 2010-06-12 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-11 19:00 . 2010-06-11 19:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 20:33 . 2008-08-03 12:55 -------- d-----w- c:\program files\Java
2010-06-25 20:26 . 2008-08-03 12:55 -------- d-----w- c:\program files\Common Files\Java
2010-06-25 18:55 . 2009-04-09 23:58 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-23 23:41 . 2010-06-23 23:41 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe
2010-06-23 16:16 . 2010-02-27 07:36 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-17 14:29 . 2009-04-19 03:38 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2010-06-12 19:57 . 2009-03-06 12:17 -------- d-----w- c:\program files\Alwil Software
2010-06-12 07:17 . 2009-07-28 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-05-17 19:22 . 2010-05-17 19:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-17 18:32 . 2009-05-14 20:39 -------- d-----w- c:\program files\Google
2010-05-06 20:59 . 2009-03-06 12:17 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-03-06 12:17 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-03-06 12:17 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-03-06 12:17 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-03-06 12:17 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-03-06 12:17 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-03-06 12:17 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-03-06 12:17 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-03-06 12:17 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-04 02:44 . 2009-07-27 02:15 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-05-02 05:22 . 2004-08-26 16:12 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-26 16:11 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-26 16:12 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2009-11-01 16:21 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-13 02:56 . 2010-04-13 02:56 287934 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{07DC1EB4-7B97-4DD2-A411-4368D18BBC23}\_6FEFF9B68218417F98F549.exe
2010-04-13 02:56 . 2010-04-13 02:56 287934 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{07DC1EB4-7B97-4DD2-A411-4368D18BBC23}\_138B01438DB6C7A5E6ACC4.exe
2010-04-13 02:56 . 2010-04-13 02:56 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{07DC1EB4-7B97-4DD2-A411-4368D18BBC23}\_68FC06864065C42E1A888A.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"VTTimer"="VTTimer.exe" [2003-08-20 45056]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"nwiz"="nwiz.exe" [2008-12-26 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave 8"="c:\windows\system32\Macromed\Shockwave 8\swinit.exe" [2000-03-17 86016]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 12:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 22:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-06-18 23:31 67584 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-06-23 15:01 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/6/2009 8:17 AM 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/6/2009 8:17 AM 19024]
R2 Intuit Entitlement Service v5.3;Intuit Entitlement Service v5.3;c:\program files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [7/29/2008 12:26 PM 20480]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [4/20/2009 2:43 PM 98984]
R2 QBCRPDBService2010;QBCRPDBService2010;c:\program files\Intuit\QuickBooks Cash Register Plus 2010\bin\database\CRP1DBMgr10.exe [9/2/2007 8:08 PM 131072]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/17/2010 2:32 PM 136176]
S3 PortEmulator;Port Emulator (Star);c:\program files\StarMicronics\TSP100\Software\20070601\portemu.exe [5/27/2007 2:13 PM 98304]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/31/2009 7:44 AM 721904]
.
Contents of the 'Scheduled Tasks' folder
2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 18:32]
2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 18:32]
2008-08-03 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
2008-08-03 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
2008-08-03 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gatewaybiz.com
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\r866pq8z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedengine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1047
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-S3 - c:\progra~1\S3\S3\s3setvga.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-25 17:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(2484)
c:\windows\system32\nview.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxducoms.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\VTTimer.exe
c:\windows\zHotkey.exe
c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-06-25 17:55:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-25 21:55
Pre-Run: 11,978,571,776 bytes free
Post-Run: 12,294,414,336 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 6EED57F3E0CC7B1583301B84E4B080F2