Retour à Forum Microsoft Windows

Console de récupération XP se bloque. (réglé)

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • Avatar de l’utilisateur
  • Inscription: Mai 28, 2003
  • Messages: 23404
  • Loc: Woodbridge VA
  • Status: Offline

Message Septembre 28th, 2009, 10:21 am

Il s'agit d'un nouveau sur moi. Vous recherchez des idées.

Possédez un PC Dell qui BSODd ce matin avec UNMOUNTABLE_BOOT_VOLUME
Même erreur en tentant de démarrer en mode sans échec.

Got en RC, une fois et j'ai fait un fixmbr qui fonctionne habituellement très bien.
Cette fois, il n'a pas, donc Im essayant de revenir à la console de récupération pour exécuter un chkdsk fixmbr et peut-être encore, mais maintenant RC se bloque à "l'examen MB Disk 252587 0 à l'ID 0 du bus 0 sur iastor..."

Vu de nombreux postes de personnes ayant le même problème sur les recherches, mais n'ont trouvé aucune avec une résolution ou la raison potentiels.

Toute réflexion sur la résolution de ce?

(Je peux accéder à l'option d'installation de réparation XP, mais Im sauver une installation de réparation en tant que dernière option. )

Le disque est en SATA si cela est utile
"There's no place like 127.0.0.1 except for ::1."
Alexandria Networks. Leader in IT consulting for associations/non-profits, and small to medium sized businesses around the northern Virginia and Washington D.C. metro area.
  • Anonymous
  • Bot
  • No Avatar
  • Inscription: 25 Feb 2008
  • Messages: ?
  • Loc: Ozzuland
  • Status: Online

Message Septembre 28th, 2009, 10:21 am

  • Don2007
  • Web Master
  • Web Master
  • No Avatar
  • Inscription: Nov 21, 2006
  • Messages: 4924
  • Loc: NY
  • Status: Offline

Message Septembre 28th, 2009, 10:28 am

Consulter le CD de démarrage. Il pourrait être endommagé ou juste sale. Nettoyez-le, de voir ce qui se passe.
How do you know when a politician is lying? His mouth is moving.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • Avatar de l’utilisateur
  • Inscription: Mai 28, 2003
  • Messages: 23404
  • Loc: Woodbridge VA
  • Status: Offline

Message Septembre 29th, 2009, 6:28 am

Merci pour le tuyau Don, mais le CD est propre et très bien.

Cela devient intéressant. Ive été voir beaucoup plus de ce récents (en fait 6 fois au cours des deux derniers mois). J'ai utilisé un truc "vieux" je me suis souvenu et débranché la machine, se sont retirés de la pile CMOS et laissez reposer pendant une demi-heure de décharge des condensateurs. Remettez-le dans et démarrez sur le programme d'installation pour tester le matériel. Gère un système de quatre heures de diagnostic et de tous les tests passent donc je exclure une défaillance matérielle.

Ensuite a été en mesure de démarrer la console de récupération.
Ran un chkdsk et fixmbr et réussi à le faire démarrer.

Heres la partie intéressante. Depuis Ive a déjà vu cela se produire plusieurs fois dans le mois dernier, j'ai immédiatement couru ComboFix (its still running) et sa conclusion selon toutes sortes de problèmes épineux. En un mot, ma meilleure conjecture est theres au moins plusieurs virus / malware là-bas, maintenant que l'air d'apprécier réécrire le MBR.

Et je ne sais comment il l'a obtenu. Il fait une recherche Google pour une Legit Nuclear Regulatory Commission, la page, et cliqué sur le lien qui ressemblait exactement à ce qu'il cherchait. Malheureusement, il n'a pas regardé le lien hypertexte de près quand il clique dessus, et BAM! (Symantec Enterprise Même pas pu l'arrêter). J'ai regardé plusieurs des dlls ComboFix a déjà trouvé et chacun d'entre eux sont résistants à des interrogatoires par des produits de sécurité.

Deviner un exemple de son, peu importe la façon dont vous surfez en toute sécurité, vous pouvez toujours obtenir cloué.
"There's no place like 127.0.0.1 except for ::1."
Alexandria Networks. Leader in IT consulting for associations/non-profits, and small to medium sized businesses around the northern Virginia and Washington D.C. metro area.
  • Don2007
  • Web Master
  • Web Master
  • No Avatar
  • Inscription: Nov 21, 2006
  • Messages: 4924
  • Loc: NY
  • Status: Offline

Message Septembre 29th, 2009, 6:52 am

Comment vas-tu si sûr que la cause est ce lien?
How do you know when a politician is lying? His mouth is moving.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • Avatar de l’utilisateur
  • Inscription: Mai 28, 2003
  • Messages: 23404
  • Loc: Woodbridge VA
  • Status: Offline

Message Septembre 29th, 2009, 7:19 am

J'avais nettoyé son ordinateur il ya une semaine parce qu'il avait certains antivirus voyous.

Il m'a montré le lien qu'il a cliqué. À ce moment l'ordinateur n'avait pas été redémarré. Il a été redémarré le week-end, et thats quand tout est devenu vraiment très active, je pense (vous allez la voir dans une grande partie des entrées de démarrage).

En plus d'une entrée dans le journal me montre que l'un des méchants de surveillance antivirus désactivé sur Symantec.

Quote:
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001


L'autre chose qu'il fait est ntvdm.exe infecter qui est un système central de fichier qui permet à des applications 16 bits de fonctionner sur les machines 32 bits.

Quote:
#Copie infectée de c: \ windows \ system32 \ ntvdm.exe a été trouvé et désinfectés
#Copie restaurée à partir du - c: \ windows \ system32 \ dllcache \ ntvdm.exe
Code: [ Select ]
ComboFix 09-09-28.01 - Administrator 09/29/2009 9:05.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2360 [GMT -4:00]
Running from: i:\userhomes\bowkerm\Utilities\Spyware\Combo-Fix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.ALARON-NUCLEAR\Application Data\alot
c:\documents and settings\All Users\Microsoft Private Data
c:\documents and settings\All Users\Microsoft Private Data\Microsoft\t.id
c:\documents and settings\collins\Application Data\alot
c:\documents and settings\faulkp\Application Data\alot
c:\documents and settings\faulkp\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\faulkp\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\faulkp\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\faulkp\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\faulkp\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\faulkp\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\faulkp\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\faulkp\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\faulkp\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\faulkp\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\faulkp\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\faulkp\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\faulkp\Application Data\alot\configurator\configurator.xml
c:\documents and settings\faulkp\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\faulkp\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\faulkp\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\faulkp\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\faulkp\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\faulkp\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\faulkp\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\faulkp\Application Data\alot\products\products.xml
c:\documents and settings\faulkp\Application Data\alot\products\products.xml.backup
c:\documents and settings\faulkp\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_3\images\default_1042_alot_video_vault.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_3\images\default_1042_alot_video_vault.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_4\images\default_1605_ALOT_Email.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_4\images\default_1605_ALOT_Email.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_6\images\alert-icon.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_6\images\mcloud.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_7\images\default_1897_alot_scr_screensavers.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_7\images\default_1897_alot_scr_screensavers.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_8\images\default_1045_alot_rea_laughs.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_8\images\default_1045_alot_rea_laughs.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_9\images\default_1602_alot_mrkt_livinghealthy.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Button_9\images\default_1602_alot_mrkt_livinghealthy.png
c:\documents and settings\faulkp\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\faulkp\Application Data\alot\SiteMetrics\SiteMetrics.xml
c:\documents and settings\faulkp\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup
c:\documents and settings\faulkp\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\faulkp\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\faulkp\Application Data\alot\toolbar.xml
c:\documents and settings\faulkp\Application Data\alot\toolbar.xml.backup
c:\documents and settings\faulkp\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\faulkp\Application Data\alot\Updater\Updater.xml
c:\documents and settings\faulkp\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\millerm\Application Data\alot
c:\documents and settings\millerm\Local Settings\Temporary Internet Files\hardcopy.log
c:\documents and settings\millerm\Local Settings\Temporary Internet Files\plot.log
c:\documents and settings\millerm\Start Menu\Programs\Total Security
c:\documents and settings\millerm\Start Menu\Programs\Total Security\Total Security 2009.lnk
c:\documents and settings\noravitz\Application Data\alot
c:\windows\Installer5a8.msi
c:\windows\Installer2b3a1.msp
c:\windows\Installer2b3a7.msp
c:\windows\system32\_003209_.tmp.dll
c:\windows\system32\_003210_.tmp.dll
c:\windows\system32\_003211_.tmp.dll
c:\windows\system32\_003212_.tmp.dll
c:\windows\system32\_003219_.tmp.dll
c:\windows\system32\_003220_.tmp.dll
c:\windows\system32\_003221_.tmp.dll
c:\windows\system32\_003223_.tmp.dll
c:\windows\system32\_003224_.tmp.dll
c:\windows\system32\_003227_.tmp.dll
c:\windows\system32\_003228_.tmp.dll
c:\windows\system32\_003231_.tmp.dll
c:\windows\system32\_003232_.tmp.dll
c:\windows\system32\_003234_.tmp.dll
c:\windows\system32\_003237_.tmp.dll
c:\windows\system32\_003238_.tmp.dll
c:\windows\system32\_003243_.tmp.dll
c:\windows\system32\_003245_.tmp.dll
c:\windows\system32\_003248_.tmp.dll
c:\windows\system32\_003250_.tmp.dll
c:\windows\system32\_003251_.tmp.dll
c:\windows\system32\_003252_.tmp.dll
c:\windows\system32\_003253_.tmp.dll
c:\windows\system32\_003256_.tmp.dll
c:\windows\system32\_003257_.tmp.dll
c:\windows\system32\_003258_.tmp.dll
c:\windows\system32\_003259_.tmp.dll
c:\windows\system32\_003260_.tmp.dll
c:\windows\system32\_003265_.tmp.dll
c:\windows\system32\_003267_.tmp.dll
c:\windows\system32\bikuhagu.dll
c:\windows\system32\diwunawo.dll
c:\windows\system32\dumenebi.dll
c:\windows\system32\fugudipi.dll
c:\windows\system32\gurutipa.exe
c:\windows\system32\jaduzumi.dll
c:\windows\system32\jisiponu.dll
c:\windows\system32\jugopive.dll
c:\windows\system32\lahesumo.dll
c:\windows\system32\lozetasa.exe
c:\windows\system32\mipasowu.dll
c:\windows\system32\nigobani.dll
c:\windows\system32\nubayiri.dll
c:\windows\system32\pavebade.exe
c:\windows\system32\sarefojo.exe
c:\windows\system32\sibidapi.dll
c:\windows\system32\tahemehu.dll
c:\windows\system32\tijojepe.exe
c:\windows\system32\tizabedi.dll
c:\windows\system32\visujowo.dll
c:\windows\system32\vizaleso.dll
c:\windows\system32\wazonaya.dll
c:\windows\system32\werohage.dll
c:\windows\system32\yavipomu.dll
c:\windows\system32\zurasujo.dll

Infected copy of c:\windows\system32\ntvdm.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\ntvdm.exe

.
(((((((((((((((((((((((((  Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 12:58 . 2009-09-29 13:00    --------    d-----w-    C:\Combo-Fix
2009-09-29 12:50 . 2009-09-29 12:50    --------    d-----w-    c:\documents and settings\Administrator.ALARON-NUCLEAR\Application Data\Research In Motion
2009-09-29 12:49 . 2009-09-29 12:49    --------    d-sh--w-    c:\documents and settings\Administrator.ALARON-NUCLEAR\IETldCache
2009-09-21 13:03 . 2009-09-21 13:03    --------    d--h--w-    c:\windows\PIF
2009-09-21 12:34 . 2009-09-21 12:34    --------    d-----w-    c:\documents and settings\millerm\Application Data\Malwarebytes
2009-09-18 14:36 . 2009-09-21 11:49    --------    d-----w-    c:\documents and settings\All Users\Application Data920314
2009-09-16 11:53 . 2009-09-16 11:53    --------    d-----w-    c:\documents and settings\millerm\Application Data\Juniper Networks

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 13:28 . 2009-06-24 14:28    256    ----a-w-    c:\windows\system32\pool.bin
2009-09-29 13:14 . 2009-06-08 16:55    --------    d-----w-    c:\program files\Symantec AntiVirus
2009-09-29 12:37 . 2009-06-29 12:37    91136    ----a-w-    c:\windows\system32\pomijowu.dll.vir
2009-09-29 12:36 . 2009-06-29 12:36    87552    ----a-w-    c:\windows\system32\dataheme.dll.vir
2009-09-28 02:22 . 2009-06-28 02:22    87552    ----a-w-    c:\windows\system32\fowibiya.dll.vir
2009-09-27 14:22 . 2009-06-27 14:22    88064    --sha-w-    c:\windows\system32\hifibugo.dll
2009-09-27 02:22 . 2009-06-27 02:22    88064    --sha-w-    c:\windows\system32\fodadowa.dll
2009-09-26 14:22 . 2009-06-26 14:22    87552    --sha-w-    c:\windows\system32\zowiyari.dll
2009-09-26 02:22 . 2009-06-26 02:22    49664    --sha-w-    c:\windows\system32\bojapume.dll
2009-09-23 14:21 . 2009-06-23 14:21    88576    ----a-w-    c:\windows\system32\bunofalo.dll.vir
2009-09-23 02:20 . 2009-06-23 02:20    87552    --sha-w-    c:\windows\system32\reporelo.dll
2009-09-22 14:20 . 2009-06-22 14:20    88064    --sha-w-    c:\windows\system32\niwazuba.dll
2009-09-22 02:22 . 2009-06-22 02:22    88064    --sha-w-    c:\windows\system32\dusuvivu.dll
2009-09-21 14:20 . 2009-06-21 14:20    88576    --sha-w-    c:\windows\system32\sesotoja.dll
2009-09-21 14:13 . 2009-06-21 14:13    49152    --sha-w-    c:\windows\system32\peluloge.dll
2009-09-21 14:13 . 2009-06-21 14:13    88576    --sha-w-    c:\windows\system32\gijiyeli.dll
2009-09-21 13:48 . 2009-08-24 13:05    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2009-08-24 16:49 . 2009-08-24 16:49    --------    d-----w-    c:\program files\CPUID
2009-08-24 16:47 . 2009-08-24 16:47    --------    d-----w-    c:\documents and settings\collins\Application Data\Xerox
2009-08-24 13:22 . 2009-08-24 13:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 13:06 . 2009-08-24 13:06    --------    d-----w-    c:\documents and settings\collins\Application Data\Malwarebytes
2009-08-24 12:57 . 2009-08-24 12:57    --------    d-----w-    c:\documents and settings\collins\Application Data\Research In Motion
2009-08-24 12:57 . 2008-06-12 20:05    115128    ----a-w-    c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 12:56 . 2008-11-11 18:59    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
2009-08-24 12:51 . 2008-06-23 17:07    --------    d-----w-    c:\program files\Microsoft Silverlight
2009-08-24 12:43 . 2008-06-12 19:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 13:14 . 2008-10-20 17:46    115128    ----a-w-    c:\documents and settings\millerm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 12:58 . 2009-06-24 14:08    --------    d-----w-    c:\program files\Common Files\Roxio Shared
2009-08-12 12:57 . 2009-08-12 12:56    --------    d-----w-    c:\program files\Roxio
2009-08-12 12:56 . 2009-06-24 14:08    --------    d-----w-    c:\documents and settings\All Users\Application Data\Roxio
2009-08-12 12:56 . 2009-08-12 12:56    --------    d-----w-    c:\program files\Common Files\Sonic Shared
2009-08-12 12:51 . 2009-08-12 12:51    --------    d-----w-    c:\documents and settings\All Users\Application Data\Research In Motion
2009-08-12 12:51 . 2009-06-24 14:03    --------    d-----w-    c:\program files\Research In Motion
2009-08-12 12:49 . 2009-06-24 14:03    --------    d-----w-    c:\program files\Common Files\Research In Motion
2009-08-06 05:28 . 2008-06-12 20:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-05 09:01 . 2004-08-11 21:00    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-11 21:00    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2004-08-11 21:00    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2004-08-11 21:00    58880    ----a-w-    c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-11 21:00    286208    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-07-10 13:13 . 2009-07-10 13:13    94208    ----a-w-    c:\windows\system32\msstkprp.dll
2009-07-10 13:13 . 2009-07-10 13:13    43160    ----a-w-    c:\windows\system32\AcSignIcon.dll
2009-07-10 13:13 . 2009-07-10 13:13    429720    ----a-w-    c:\windows\system32\AcSignOpt.exe
2009-07-10 13:13 . 2009-07-10 13:13    29848    ----a-w-    c:\windows\system32\AcSignExt.dll
2009-07-10 13:13 . 2009-07-10 13:13    14488    ----a-w-    c:\windows\system32\AcSignExtRes.dll
2009-07-03 17:09 . 2004-08-11 21:00    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-06-21 14:13 . 2009-06-21 14:13    49152    --sha-w-    c:\windows\system32\kofirawa.dll.tmp
2009-06-21 14:13 . 2009-06-21 14:13    49152    --sha-w-    c:\windows\system32\koyagahu.dll.tmp
2009-06-26 02:23 . 2009-06-26 02:23    49664    --sha-w-    c:\windows\system32\likepuzu.dll.tmp
2009-06-26 14:22 . 2009-06-26 14:22    521216    --sha-w-    c:\windows\system32\lizimobu.exe
2009-06-26 02:23 . 2009-06-26 02:23    49664    --sha-w-    c:\windows\system32\tiyeyoma.dll.tmp
2009-06-26 02:23 . 2009-06-26 02:23    49664    --sha-w-    c:\windows\system32\velajoya.dll.tmp
2009-06-21 14:13 . 2009-06-21 14:13    49152    --sha-w-    c:\windows\system32\wiseyiwi.dll.tmp
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 137752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-26 136600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-24 1036288]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-12 29744]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-24 185896]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]

c:\documents and settings\millerm\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-7-1 1717592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-7-1 1717592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"c:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"=
"c:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 2:30 PM 79168]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 6:34 AM 115952]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [6/23/2008 12:25 PM 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/15/2009 8:10 AM 102448]
S0 tvay;tvay;c:\windows\system32\drivers\hxjrgpgw.sys --> c:\windows\system32\drivers\hxjrgpgw.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080612
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: {950A1CFE-8577-4FDF-92C3-7CA4FE2D19B2} = 77.74.48.113
TCP: {DE1DCEA5-F2D3-48E5-AA35-E29468364622} = 77.74.48.113
FF - ProfilePath - c:\documents and settings\Administrator.ALARON-NUCLEAR\Application Data\Mozilla\Firefox\Profiles\wl6kdhla.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-negunasok - c:\windows\system32\dataheme.dll
SharedTaskScheduler-{3284e2fa-ff22-4498-9fc7-2b6d416b115c} - c:\windows\system32\dataheme.dll
SSODL-lakehiviw-{3284e2fa-ff22-4498-9fc7-2b6d416b115c} - c:\windows\system32\dataheme.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 09:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\windows\system32\hccutils.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-29 9:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 13:43

Pre-Run: 130,088,759,296 bytes free
Post-Run: 131,111,776,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

386    --- E O F ---    2009-06-29 15:02
  1. ComboFix 09-09-28.01 - Administrator 09/29/2009 9:05.1.2 - NTFSx86
  2. Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2360 [GMT -4:00]
  3. Running from: i:\userhomes\bowkerm\Utilities\Spyware\Combo-Fix.exe
  4. AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
  5. * Created a new restore point
  6. .
  8. (((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
  9. .
  11. c:\documents and settings\Administrator.ALARON-NUCLEAR\Application Data\alot
  12. c:\documents and settings\All Users\Microsoft Private Data
  13. c:\documents and settings\All Users\Microsoft Private Data\Microsoft\t.id
  14. c:\documents and settings\collins\Application Data\alot
  15. c:\documents and settings\faulkp\Application Data\alot
  16. c:\documents and settings\faulkp\Application Data\alot\BrowserSearch\BrowserSearch.xml
  17. c:\documents and settings\faulkp\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
  18. c:\documents and settings\faulkp\Application Data\alot\Button_0\Button_0.xml
  19. c:\documents and settings\faulkp\Application Data\alot\Button_0\Button_0.xml.backup
  20. c:\documents and settings\faulkp\Application Data\alot\Button_1\Button_1.xml
  21. c:\documents and settings\faulkp\Application Data\alot\Button_1\Button_1.xml.backup
  22. c:\documents and settings\faulkp\Application Data\alot\Button_2\Button_2.xml
  23. c:\documents and settings\faulkp\Application Data\alot\Button_2\Button_2.xml.backup
  24. c:\documents and settings\faulkp\Application Data\alot\Button_3\Button_3.xml
  25. c:\documents and settings\faulkp\Application Data\alot\Button_3\Button_3.xml.backup
  26. c:\documents and settings\faulkp\Application Data\alot\Button_4\Button_4.xml
  27. c:\documents and settings\faulkp\Application Data\alot\Button_4\Button_4.xml.backup
  28. c:\documents and settings\faulkp\Application Data\alot\Button_5\Button_5.xml
  29. c:\documents and settings\faulkp\Application Data\alot\Button_5\Button_5.xml.backup
  30. c:\documents and settings\faulkp\Application Data\alot\Button_6\Button_6.xml
  31. c:\documents and settings\faulkp\Application Data\alot\Button_6\Button_6.xml.backup
  32. c:\documents and settings\faulkp\Application Data\alot\Button_7\Button_7.xml
  33. c:\documents and settings\faulkp\Application Data\alot\Button_7\Button_7.xml.backup
  34. c:\documents and settings\faulkp\Application Data\alot\Button_8\Button_8.xml
  35. c:\documents and settings\faulkp\Application Data\alot\Button_8\Button_8.xml.backup
  36. c:\documents and settings\faulkp\Application Data\alot\Button_9\Button_9.xml
  37. c:\documents and settings\faulkp\Application Data\alot\Button_9\Button_9.xml.backup
  38. c:\documents and settings\faulkp\Application Data\alot\configurator\configurator.xml
  39. c:\documents and settings\faulkp\Application Data\alot\configurator\configurator.xml.backup
  40. c:\documents and settings\faulkp\Application Data\alot\contextMenu\contextMenu.xml
  41. c:\documents and settings\faulkp\Application Data\alot\contextMenu\contextMenu.xml.backup
  42. c:\documents and settings\faulkp\Application Data\alot\ErrorSearch\ErrorSearch.xml
  43. c:\documents and settings\faulkp\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
  44. c:\documents and settings\faulkp\Application Data\alot\postInstallLayout\postInstallLayout.xml
  45. c:\documents and settings\faulkp\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
  46. c:\documents and settings\faulkp\Application Data\alot\products\products.xml
  47. c:\documents and settings\faulkp\Application Data\alot\products\products.xml.backup
  48. c:\documents and settings\faulkp\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
  49. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
  50. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
  51. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
  52. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_1\images\alot_search_button.png
  53. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.bmp
  54. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_2\images\default_1002_alot_videos_videosearch.png
  55. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_3\images\default_1042_alot_video_vault.bmp
  56. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_3\images\default_1042_alot_video_vault.png
  57. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_4\images\default_1605_ALOT_Email.bmp
  58. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_4\images\default_1605_ALOT_Email.png
  59. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.bmp
  60. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_5\images\default_1667_www.youtube.com_button.png
  61. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_6\images\alert-icon.png
  62. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.bmp
  63. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_6\images\default_1007_alot_weather_widget.png
  64. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_6\images\mcloud.png
  65. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_7\images\default_1897_alot_scr_screensavers.bmp
  66. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_7\images\default_1897_alot_scr_screensavers.png
  67. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_8\images\default_1045_alot_rea_laughs.bmp
  68. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_8\images\default_1045_alot_rea_laughs.png
  69. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_9\images\default_1602_alot_mrkt_livinghealthy.bmp
  70. c:\documents and settings\faulkp\Application Data\alot\Resources\Button_9\images\default_1602_alot_mrkt_livinghealthy.png
  71. c:\documents and settings\faulkp\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
  72. c:\documents and settings\faulkp\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
  73. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\domains.dat
  74. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\alot_brand.png
  75. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\alot_splitter.png
  76. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\spinner.bmp
  77. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
  78. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
  79. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
  80. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_caption.bmp
  81. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
  82. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
  83. c:\documents and settings\faulkp\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
  84. c:\documents and settings\faulkp\Application Data\alot\SiteMetrics\SiteMetrics.xml
  85. c:\documents and settings\faulkp\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup
  86. c:\documents and settings\faulkp\Application Data\alot\TimerManager\TimerManager.xml
  87. c:\documents and settings\faulkp\Application Data\alot\TimerManager\TimerManager.xml.backup
  88. c:\documents and settings\faulkp\Application Data\alot\toolbar.xml
  89. c:\documents and settings\faulkp\Application Data\alot\toolbar.xml.backup
  90. c:\documents and settings\faulkp\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
  91. c:\documents and settings\faulkp\Application Data\alot\Updater\Updater.xml
  92. c:\documents and settings\faulkp\Application Data\alot\Updater\Updater.xml.backup
  93. c:\documents and settings\millerm\Application Data\alot
  94. c:\documents and settings\millerm\Local Settings\Temporary Internet Files\hardcopy.log
  95. c:\documents and settings\millerm\Local Settings\Temporary Internet Files\plot.log
  96. c:\documents and settings\millerm\Start Menu\Programs\Total Security
  97. c:\documents and settings\millerm\Start Menu\Programs\Total Security\Total Security 2009.lnk
  98. c:\documents and settings\noravitz\Application Data\alot
  99. c:\windows\Installer5a8.msi
  100. c:\windows\Installer2b3a1.msp
  101. c:\windows\Installer2b3a7.msp
  102. c:\windows\system32\_003209_.tmp.dll
  103. c:\windows\system32\_003210_.tmp.dll
  104. c:\windows\system32\_003211_.tmp.dll
  105. c:\windows\system32\_003212_.tmp.dll
  106. c:\windows\system32\_003219_.tmp.dll
  107. c:\windows\system32\_003220_.tmp.dll
  108. c:\windows\system32\_003221_.tmp.dll
  109. c:\windows\system32\_003223_.tmp.dll
  110. c:\windows\system32\_003224_.tmp.dll
  111. c:\windows\system32\_003227_.tmp.dll
  112. c:\windows\system32\_003228_.tmp.dll
  113. c:\windows\system32\_003231_.tmp.dll
  114. c:\windows\system32\_003232_.tmp.dll
  115. c:\windows\system32\_003234_.tmp.dll
  116. c:\windows\system32\_003237_.tmp.dll
  117. c:\windows\system32\_003238_.tmp.dll
  118. c:\windows\system32\_003243_.tmp.dll
  119. c:\windows\system32\_003245_.tmp.dll
  120. c:\windows\system32\_003248_.tmp.dll
  121. c:\windows\system32\_003250_.tmp.dll
  122. c:\windows\system32\_003251_.tmp.dll
  123. c:\windows\system32\_003252_.tmp.dll
  124. c:\windows\system32\_003253_.tmp.dll
  125. c:\windows\system32\_003256_.tmp.dll
  126. c:\windows\system32\_003257_.tmp.dll
  127. c:\windows\system32\_003258_.tmp.dll
  128. c:\windows\system32\_003259_.tmp.dll
  129. c:\windows\system32\_003260_.tmp.dll
  130. c:\windows\system32\_003265_.tmp.dll
  131. c:\windows\system32\_003267_.tmp.dll
  132. c:\windows\system32\bikuhagu.dll
  133. c:\windows\system32\diwunawo.dll
  134. c:\windows\system32\dumenebi.dll
  135. c:\windows\system32\fugudipi.dll
  136. c:\windows\system32\gurutipa.exe
  137. c:\windows\system32\jaduzumi.dll
  138. c:\windows\system32\jisiponu.dll
  139. c:\windows\system32\jugopive.dll
  140. c:\windows\system32\lahesumo.dll
  141. c:\windows\system32\lozetasa.exe
  142. c:\windows\system32\mipasowu.dll
  143. c:\windows\system32\nigobani.dll
  144. c:\windows\system32\nubayiri.dll
  145. c:\windows\system32\pavebade.exe
  146. c:\windows\system32\sarefojo.exe
  147. c:\windows\system32\sibidapi.dll
  148. c:\windows\system32\tahemehu.dll
  149. c:\windows\system32\tijojepe.exe
  150. c:\windows\system32\tizabedi.dll
  151. c:\windows\system32\visujowo.dll
  152. c:\windows\system32\vizaleso.dll
  153. c:\windows\system32\wazonaya.dll
  154. c:\windows\system32\werohage.dll
  155. c:\windows\system32\yavipomu.dll
  156. c:\windows\system32\zurasujo.dll
  158. Infected copy of c:\windows\system32\ntvdm.exe was found and disinfected
  159. Restored copy from - c:\windows\system32\dllcache\ntvdm.exe
  161. .
  162. (((((((((((((((((((((((((  Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
  163. .
  165. 2009-09-29 12:58 . 2009-09-29 13:00    --------    d-----w-    C:\Combo-Fix
  166. 2009-09-29 12:50 . 2009-09-29 12:50    --------    d-----w-    c:\documents and settings\Administrator.ALARON-NUCLEAR\Application Data\Research In Motion
  167. 2009-09-29 12:49 . 2009-09-29 12:49    --------    d-sh--w-    c:\documents and settings\Administrator.ALARON-NUCLEAR\IETldCache
  168. 2009-09-21 13:03 . 2009-09-21 13:03    --------    d--h--w-    c:\windows\PIF
  169. 2009-09-21 12:34 . 2009-09-21 12:34    --------    d-----w-    c:\documents and settings\millerm\Application Data\Malwarebytes
  170. 2009-09-18 14:36 . 2009-09-21 11:49    --------    d-----w-    c:\documents and settings\All Users\Application Data920314
  171. 2009-09-16 11:53 . 2009-09-16 11:53    --------    d-----w-    c:\documents and settings\millerm\Application Data\Juniper Networks
  173. .
  174. ((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
  175. .
  176. 2009-09-29 13:28 . 2009-06-24 14:28    256    ----a-w-    c:\windows\system32\pool.bin
  177. 2009-09-29 13:14 . 2009-06-08 16:55    --------    d-----w-    c:\program files\Symantec AntiVirus
  178. 2009-09-29 12:37 . 2009-06-29 12:37    91136    ----a-w-    c:\windows\system32\pomijowu.dll.vir
  179. 2009-09-29 12:36 . 2009-06-29 12:36    87552    ----a-w-    c:\windows\system32\dataheme.dll.vir
  180. 2009-09-28 02:22 . 2009-06-28 02:22    87552    ----a-w-    c:\windows\system32\fowibiya.dll.vir
  181. 2009-09-27 14:22 . 2009-06-27 14:22    88064    --sha-w-    c:\windows\system32\hifibugo.dll
  182. 2009-09-27 02:22 . 2009-06-27 02:22    88064    --sha-w-    c:\windows\system32\fodadowa.dll
  183. 2009-09-26 14:22 . 2009-06-26 14:22    87552    --sha-w-    c:\windows\system32\zowiyari.dll
  184. 2009-09-26 02:22 . 2009-06-26 02:22    49664    --sha-w-    c:\windows\system32\bojapume.dll
  185. 2009-09-23 14:21 . 2009-06-23 14:21    88576    ----a-w-    c:\windows\system32\bunofalo.dll.vir
  186. 2009-09-23 02:20 . 2009-06-23 02:20    87552    --sha-w-    c:\windows\system32\reporelo.dll
  187. 2009-09-22 14:20 . 2009-06-22 14:20    88064    --sha-w-    c:\windows\system32\niwazuba.dll
  188. 2009-09-22 02:22 . 2009-06-22 02:22    88064    --sha-w-    c:\windows\system32\dusuvivu.dll
  189. 2009-09-21 14:20 . 2009-06-21 14:20    88576    --sha-w-    c:\windows\system32\sesotoja.dll
  190. 2009-09-21 14:13 . 2009-06-21 14:13    49152    --sha-w-    c:\windows\system32\peluloge.dll
  191. 2009-09-21 14:13 . 2009-06-21 14:13    88576    --sha-w-    c:\windows\system32\gijiyeli.dll
  192. 2009-09-21 13:48 . 2009-08-24 13:05    --------    d-----w-    c:\program files\Spybot - Search & Destroy
  193. 2009-08-24 16:49 . 2009-08-24 16:49    --------    d-----w-    c:\program files\CPUID
  194. 2009-08-24 16:47 . 2009-08-24 16:47    --------    d-----w-    c:\documents and settings\collins\Application Data\Xerox
  195. 2009-08-24 13:22 . 2009-08-24 13:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  196. 2009-08-24 13:06 . 2009-08-24 13:06    --------    d-----w-    c:\documents and settings\collins\Application Data\Malwarebytes
  197. 2009-08-24 12:57 . 2009-08-24 12:57    --------    d-----w-    c:\documents and settings\collins\Application Data\Research In Motion
  198. 2009-08-24 12:57 . 2008-06-12 20:05    115128    ----a-w-    c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  199. 2009-08-24 12:56 . 2008-11-11 18:59    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
  200. 2009-08-24 12:51 . 2008-06-23 17:07    --------    d-----w-    c:\program files\Microsoft Silverlight
  201. 2009-08-24 12:43 . 2008-06-12 19:55    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
  202. 2009-08-12 13:14 . 2008-10-20 17:46    115128    ----a-w-    c:\documents and settings\millerm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  203. 2009-08-12 12:58 . 2009-06-24 14:08    --------    d-----w-    c:\program files\Common Files\Roxio Shared
  204. 2009-08-12 12:57 . 2009-08-12 12:56    --------    d-----w-    c:\program files\Roxio
  205. 2009-08-12 12:56 . 2009-06-24 14:08    --------    d-----w-    c:\documents and settings\All Users\Application Data\Roxio
  206. 2009-08-12 12:56 . 2009-08-12 12:56    --------    d-----w-    c:\program files\Common Files\Sonic Shared
  207. 2009-08-12 12:51 . 2009-08-12 12:51    --------    d-----w-    c:\documents and settings\All Users\Application Data\Research In Motion
  208. 2009-08-12 12:51 . 2009-06-24 14:03    --------    d-----w-    c:\program files\Research In Motion
  209. 2009-08-12 12:49 . 2009-06-24 14:03    --------    d-----w-    c:\program files\Common Files\Research In Motion
  210. 2009-08-06 05:28 . 2008-06-12 20:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\FLEXnet
  211. 2009-08-05 09:01 . 2004-08-11 21:00    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
  212. 2009-07-29 04:37 . 2004-08-11 21:00    119808    ----a-w-    c:\windows\system32\t2embed.dll
  213. 2009-07-29 04:37 . 2004-08-11 21:00    81920    ----a-w-    c:\windows\system32\fontsub.dll
  214. 2009-07-17 19:01 . 2004-08-11 21:00    58880    ----a-w-    c:\windows\system32\atl.dll
  215. 2009-07-14 03:43 . 2004-08-11 21:00    286208    ----a-w-    c:\windows\system32\wmpdxm.dll
  216. 2009-07-10 13:13 . 2009-07-10 13:13    94208    ----a-w-    c:\windows\system32\msstkprp.dll
  217. 2009-07-10 13:13 . 2009-07-10 13:13    43160    ----a-w-    c:\windows\system32\AcSignIcon.dll
  218. 2009-07-10 13:13 . 2009-07-10 13:13    429720    ----a-w-    c:\windows\system32\AcSignOpt.exe
  219. 2009-07-10 13:13 . 2009-07-10 13:13    29848    ----a-w-    c:\windows\system32\AcSignExt.dll
  220. 2009-07-10 13:13 . 2009-07-10 13:13    14488    ----a-w-    c:\windows\system32\AcSignExtRes.dll
  221. 2009-07-03 17:09 . 2004-08-11 21:00    915456    ----a-w-    c:\windows\system32\wininet.dll
  222. 2009-06-21 14:13 . 2009-06-21 14:13    49152    --sha-w-    c:\windows\system32\kofirawa.dll.tmp
  223. 2009-06-21 14:13 . 2009-06-21 14:13    49152    --sha-w-    c:\windows\system32\koyagahu.dll.tmp
  224. 2009-06-26 02:23 . 2009-06-26 02:23    49664    --sha-w-    c:\windows\system32\likepuzu.dll.tmp
  225. 2009-06-26 14:22 . 2009-06-26 14:22    521216    --sha-w-    c:\windows\system32\lizimobu.exe
  226. 2009-06-26 02:23 . 2009-06-26 02:23    49664    --sha-w-    c:\windows\system32\tiyeyoma.dll.tmp
  227. 2009-06-26 02:23 . 2009-06-26 02:23    49664    --sha-w-    c:\windows\system32\velajoya.dll.tmp
  228. 2009-06-21 14:13 . 2009-06-21 14:13    49152    --sha-w-    c:\windows\system32\wiseyiwi.dll.tmp
  229. .
  231. (((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
  232. .
  233. .
  234. *Note* empty entries & legit default entries are not shown
  235. REGEDIT4
  237. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  238. "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
  240. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  241. "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 141848]
  242. "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162328]
  243. "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 137752]
  244. "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-26 136600]
  245. "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
  246. "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-09-24 1036288]
  247. "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
  248. "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
  249. "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-12 29744]
  250. "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920]
  251. "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
  252. "WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-06-18 712704]
  253. "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
  254. "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
  255. "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-24 185896]
  256. "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
  257. "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
  258. "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-17 124656]
  259. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
  260. "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
  261. "RoxWatchTray"="c:\program files\Common Files\Roxio Shared.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
  263. c:\documents and settings\millerm\Start Menu\Programs\Startup\
  264. Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-7-1 1717592]
  266. c:\documents and settings\All Users\Start Menu\Programs\Startup\
  267. Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-7-1 1717592]
  269. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  270. "disablecad"= 1 (0x1)
  272. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
  273. "NoWelcomeScreen"= 1 (0x1)
  275. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
  276. "Bonjour Service"=2 (0x2)
  278. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  279. "UpdatesDisableNotify"=dword:00000001
  281. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  282. "DisableMonitoring"=dword:00000001
  284. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  285. "%windir%\system32\sessmgr.exe"=
  286. "c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
  287. "c:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"=
  288. "c:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"=
  289. "%windir%\Network Diagnostic\xpnetdiag.exe"=
  291. R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 2:30 PM 79168]
  292. R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 6:34 AM 115952]
  293. R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [6/23/2008 12:25 PM 6016]
  294. R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/15/2009 8:10 AM 102448]
  295. S0 tvay;tvay;c:\windows\system32\drivers\hxjrgpgw.sys --> c:\windows\system32\drivers\hxjrgpgw.sys [?]
  297. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  298. HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
  299. hpdevmgmt    REG_MULTI_SZ      hpqcxs08
  301. [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
  302. "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
  303. .
  304. Contents of the 'Scheduled Tasks' folder
  306. 2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
  307. - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
  308. .
  309. .
  310. ------- Supplementary Scan -------
  311. .
  312. uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080612
  313. uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  314. IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  315. IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  316. IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  317. IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  318. IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  319. IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  320. IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  321. IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  322. TCP: {950A1CFE-8577-4FDF-92C3-7CA4FE2D19B2} = 77.74.48.113
  323. TCP: {DE1DCEA5-F2D3-48E5-AA35-E29468364622} = 77.74.48.113
  324. FF - ProfilePath - c:\documents and settings\Administrator.ALARON-NUCLEAR\Application Data\Mozilla\Firefox\Profiles\wl6kdhla.default\
  325. FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
  326. FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
  327. .
  328. - - - - ORPHANS REMOVED - - - -
  330. HKLM-Run-negunasok - c:\windows\system32\dataheme.dll
  331. SharedTaskScheduler-{3284e2fa-ff22-4498-9fc7-2b6d416b115c} - c:\windows\system32\dataheme.dll
  332. SSODL-lakehiviw-{3284e2fa-ff22-4498-9fc7-2b6d416b115c} - c:\windows\system32\dataheme.dll
  336. **************************************************************************
  338. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  339. Rootkit scan 2009-09-29 09:27
  340. Windows 5.1.2600 Service Pack 3 NTFS
  342. scanning hidden processes ... 
  344. scanning hidden autostart entries ...
  346. scanning hidden files ... 
  348. scan completed successfully
  349. hidden files: 0
  351. **************************************************************************
  352. .
  353. --------------------- LOCKED REGISTRY KEYS ---------------------
  355. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
  356. @Denied: (A 2) (Everyone)
  357. @="FlashBroker"
  358. "LocalizedString"="@c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe,-101"
  360. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
  361. "Enabled"=dword:00000001
  363. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
  364. @="c:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe"
  366. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
  367. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  369. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  370. @Denied: (A 2) (Everyone)
  371. @="IFlashBroker3"
  373. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
  374. @="{00020424-0000-0000-C000-000000000046}"
  376. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
  377. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  378. "Version"="1.0"
  379. .
  380. --------------------- DLLs Loaded Under Running Processes ---------------------
  382. - - - - - - - > 'explorer.exe'(3548)
  383. c:\windows\system32\WININET.dll
  384. c:\windows\system32\ieframe.dll
  385. c:\windows\system32\webcheck.dll
  386. c:\windows\system32\WPDShServiceObj.dll
  387. c:\windows\system32\PortableDeviceTypes.dll
  388. c:\windows\system32\PortableDeviceApi.dll
  389. c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
  390. c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
  391. c:\program files\Spybot - Search & Destroy\SDHelper.dll
  392. c:\windows\system32\hccutils.DLL
  393. c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  394. .
  395. ------------------------ Other Running Processes ------------------------
  396. .
  397. c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
  398. c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
  399. c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  400. c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  401. c:\program files\Symantec AntiVirus\DefWatch.exe
  402. c:\program files\Juniper Networks\Common Files\dsNcService.exe
  403. c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
  404. c:\program files\Java\jre6\bin\jqs.exe
  405. c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  406. c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
  407. c:\program files\Symantec AntiVirus\Rtvscan.exe
  408. c:\windows\system32\igfxsrvc.exe
  409. c:\program files\iPod\bin\iPodService.exe
  410. c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  411. c:\program files\Java\jre6\bin\jucheck.exe
  412. .
  413. **************************************************************************
  414. .
  415. Completion time: 2009-09-29 9:52 - machine was rebooted
  416. ComboFix-quarantined-files.txt 2009-09-29 13:43
  418. Pre-Run: 130,088,759,296 bytes free
  419. Post-Run: 131,111,776,256 bytes free
  421. WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
  422. [boot loader]
  423. timeout=2
  424. default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
  425. [operating systems]
  426. c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  427. multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
  429. 386    --- E O F ---    2009-06-29 15:02
"There's no place like 127.0.0.1 except for ::1."
Alexandria Networks. Leader in IT consulting for associations/non-profits, and small to medium sized businesses around the northern Virginia and Washington D.C. metro area.
  • Don2007
  • Web Master
  • Web Master
  • No Avatar
  • Inscription: Nov 21, 2006
  • Messages: 4924
  • Loc: NY
  • Status: Offline

Message Septembre 29th, 2009, 1:15 pm

Ill faut essayer combo fixer un certain temps. Merci pour l'info.
How do you know when a politician is lying? His mouth is moving.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • Avatar de l’utilisateur
  • Inscription: Mai 28, 2003
  • Messages: 23404
  • Loc: Woodbridge VA
  • Status: Offline

Message Septembre 29th, 2009, 2:01 pm

L'un des sujets que j'aime c'est l'avantage supplémentaire de la recherche de rootkits. Ive a trouvé et enlevé 4 déjà depuis la découverte Combofix et à ce jour, je n'avais pas trouvé d'autres logiciels qui ne l'exception de Microsofts Malicious Software Removal Tool.

Plus quand il court, il installe la console de récupération si vous ne l'avez pas déjà installé et le rend disponible au démarrage. Pas besoin de plus pour le CD OS pour accéder à la console de récupération.
"There's no place like 127.0.0.1 except for ::1."
Alexandria Networks. Leader in IT consulting for associations/non-profits, and small to medium sized businesses around the northern Virginia and Washington D.C. metro area.
  • Don2007
  • Web Master
  • Web Master
  • No Avatar
  • Inscription: Nov 21, 2006
  • Messages: 4924
  • Loc: NY
  • Status: Offline

Message Septembre 29th, 2009, 5:34 pm

Avez-vous combo fix gravé sur un CD?
How do you know when a politician is lying? His mouth is moving.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • Avatar de l’utilisateur
  • Inscription: Mai 28, 2003
  • Messages: 23404
  • Loc: Woodbridge VA
  • Status: Offline

Message Septembre 29th, 2009, 6:11 pm

De cela ainsi que d'un lecteur réseau. Effectivement, j'ai donné tout un ensemble de suppression des programmes malveillants actuels proggies gravé sur CD et sur le lecteur mappé. J'ai aussi FF et Chrome ainsi au cas où j'aurais besoin d'installer un navigateur alternatif.
"There's no place like 127.0.0.1 except for ::1."
Alexandria Networks. Leader in IT consulting for associations/non-profits, and small to medium sized businesses around the northern Virginia and Washington D.C. metro area.
  • Don2007
  • Web Master
  • Web Master
  • No Avatar
  • Inscription: Nov 21, 2006
  • Messages: 4924
  • Loc: NY
  • Status: Offline

Message Septembre 30th, 2009, 6:21 am

Alors qu'est-ce que tu fais des mises à jour quand l'anti malware programmes ont besoin d'une mise à jour? Par exemple, la lutte contre les logiciels malveillants de malwarebytes a besoin d'être mis à jour avant chaque utilisation. Après l'avoir sur un CD-ROM lorsque vous essayez de nettoyer une machine qui ne peuvent pas se connecter au net, il est sans valeur.

Combo Doesnt besoin correctif met à jour?
How do you know when a politician is lying? His mouth is moving.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • Avatar de l’utilisateur
  • Inscription: Mai 28, 2003
  • Messages: 23404
  • Loc: Woodbridge VA
  • Status: Offline

Message Septembre 30th, 2009, 7:33 am

Oui fixer combo besoins mises à jour. Quand une nouvelle version des logiciels sont disponibles je mettre à jour la version dans le dossier réseau, puis gravez un nouveau CD et jetez le vieux.

La plupart de ces programmes sera très bien installer en mode sans échec. Je fais beaucoup de travail sur des ordinateurs problème comme ça en mode sans échec avec support réseau. Elle permet les mises à jour, mais en mode sans échec comme vous le savez la plupart des logiciels malveillants n'est généralement pas actif. * Note * Les HABITUELLEMENT mot.

Son assez efficace. Sinon, vous pouvez les mettre sur un lecteur Flash vs un CD si vous n'aimez pas gaspiller des CD.
"There's no place like 127.0.0.1 except for ::1."
Alexandria Networks. Leader in IT consulting for associations/non-profits, and small to medium sized businesses around the northern Virginia and Washington D.C. metro area.

Page 1 sur 1

Afficher de l'information

  • Total des messages de ce sujet: 11 messages
  • Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 119 invités
  • Vous ne pouvez pas poster de nouveaux sujets
  • Vous ne pouvez pas répondre aux sujets
  • Vous ne pouvez pas éditer vos messages
  • Vous ne pouvez pas supprimer vos messages
  • Vous ne pouvez pas joindre des fichiers
 
 

© 2011 Unmelted, LLC. Ozzu® est une marque déposée de Unmelted, LLC