ckvo process

teamhex

teamhex

Active Member
What is this, I looked it up and it says its some kinda malware. I just reformatted my main drive. Maybe it came from my slave. Either way I turned it off in msconfig for startup. Let me start over......Iv noticed my pc was booting slowly and in general is acting slow. I looked into some of the process's and saw ckvo running. Keep in mind this os is 1 day old, either way I turned it off and its running fast now. How do I completely remove this and any other possible thing that may be running. Iv never had luck with ad aware or anything like that. It will never fully remove anything, so what do I do?
 
teamhex

teamhex

Active Member
Heres the log file

Malwarebytes' Anti-Malware 1.30
Database version: 1337
Windows 5.1.2600 Service Pack 2

10/29/2008 4:52:39 PM
mbam-log-2008-10-29 (16-52-39).txt

Scan type: Quick Scan
Objects scanned: 38547
Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\xih9.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
 
Last edited:
teamhex

teamhex

Active Member
Im assuming this is it? Or do I fail? I think it got rid of them, I also ran a scan on my thumb drive and it found 12 things. So I think what happened was It spread when I was installing my programs from the drive.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:40 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\utorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 1206 bytes
 
Last edited:
teamhex

teamhex

Active Member
Man, its back. I cant access my C drive, it asks me what program I want to use to open it. I also cant access msconfig anymore, says it doesn't exist. My CPU usage is at least 50% at idle, I just dont know what to do. I really dont want to format my slave. It boots up fast and about after a minute it slows down.
 
Last edited:
Respital

Respital

Active Member
Hello:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
teamhex

teamhex

Active Member
Respital said:
Hello:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Click to expand...
I guess I can when I get home, are you sure this is going to fix it? I upgraded to SP3 last night, and I think I killed it for awhile, my pc is running faster now, im just afraid that when I boot it up the next time it will be back
 
Respital

Respital

Active Member
teamhex said:
I guess I can when I get home, are you sure this is going to fix it? I upgraded to SP3 last night, and I think I killed it for awhile, my pc is running faster now, im just afraid that when I boot it up the next time it will be back
Click to expand...

A mod has informed me to update my instructions please now do the following:

Let's scan for trojan:
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Please post
  • The SD log
  • The ComboFix log
  • An updated HiJackThis log
  • An update on how your computer is running.
 
teamhex

teamhex

Active Member
Respital said:
A mod has informed me to update my instructions please now do the following:

Let's scan for trojan:
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Please post
  • The SD log
  • The ComboFix log
  • An updated HiJackThis log
  • An update on how your computer is running.
Click to expand...

Man im an idoit, I havent been doing all this in safe mode. Iv just being running normally, could this be why it wont go away?
 
Respital

Respital

Active Member
teamhex said:
Man im an idoit, I havent been doing all this in safe mode. Iv just being running normally, could this be why it wont go away?
Click to expand...

No.

For SDFix you're suppose to run in safe mode.

For ComboFix you're suppose to boot normally.

Please follow my instructions as posted. :)
 
teamhex

teamhex

Active Member
Respital said:
No.

For SDFix you're suppose to run in safe mode.

For ComboFix you're suppose to boot normally.

Please follow my instructions as posted. :)
Click to expand...

I have been, its just a thought. Iv been at work all day and am currently in school, so ill run it when I get home.
 
teamhex

teamhex

Active Member
I upgraded to SP3 last night, booted my pc up when I got home and BAM! Gone...lol seems to be running great. Thanks guys.
 
Respital

Respital

Active Member
teamhex said:
I upgraded to SP3 last night, booted my pc up when I got home and BAM! Gone...lol seems to be running great. Thanks guys.
Click to expand...

Did you follow the steps i gave you?

If not it's likely you're still infected and you just have a little speed boost from SP3.

Is so, please post the logs generated by the programs used. :)
 
teamhex

teamhex

Active Member
Respital said:
Did you follow the steps i gave you?

If not it's likely you're still infected and you just have a little speed boost from SP3.

Is so, please post the logs generated by the programs used. :)
Click to expand...

High Jack this didn't find anything, I also ran Malwarebytes and it didn't find anything either. I think its gone with this service pack. Im running alot faster, I was gaming and doing what ever last night just fine.
 
Last edited:
teamhex

teamhex

Active Member
Man, this sucks. Its back, im doing a full scan on everything. I guess ill try your last program. :( Im about to post logs
 
Last edited:
teamhex

teamhex

Active Member
ComboFix 08-10-30.13 - Chris 2008-10-31 13:25:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1581 [GMT -5:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\xih9.cmd
D:\68.exe
D:\9.cmd
D:\Autorun.inf
D:\bo1dhu.bat
D:\ev60a2.cmd
D:\itsduel.exe
D:\xih9.cmd
E:\1rfw8hjr.com
E:\1t6yxlxx.cmd
E:\1yl2d.bat
E:\33gmhso.bat
E:\6.bat
E:\68.exe
E:\6x8be16.cmd
E:\9.cmd
E:\a1.bat
E:\autorun.inf
E:\bo1dhu.bat
E:\bwpncb6.com
E:\ev60a2.cmd
E:\f0.cmd
E:\ffojc.com
E:\fi.cmd
E:\g.com
E:\hgu.bat
E:\iefqwp.cmd
E:\itsduel.exe
E:\ivcvknr.bat
E:\kk3.bat
E:\kn6jhgc.cmd
E:\njibyekk.com
E:\r.cmd
E:\r1y1.bat
E:\r813.bat
E:\vxl.exe
E:\xih9.cmd

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-31 13:21 . 2008-10-27 00:01 <DIR> d-------- C:\SDFix
2008-10-30 20:34 . 2008-10-30 20:34 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-29 21:47 . 2008-10-29 21:47 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-29 21:47 . 2008-04-14 05:42 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-10-29 21:44 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002897_.tmp
2008-10-29 19:30 . 2008-10-29 19:30 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-10-29 18:18 . 2008-10-29 18:18 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\DAEMON Tools
2008-10-29 18:18 . 2008-10-29 18:18 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-10-29 17:10 . 2008-10-29 17:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-29 16:49 . 2008-10-29 16:49 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Malwarebytes
2008-10-29 16:49 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-29 16:48 . 2008-10-29 16:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 16:48 . 2008-10-29 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 16:48 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-29 16:44 . 2008-10-29 16:44 <DIR> d-------- C:\Program Files\uTorrent
2008-10-29 16:44 . 2008-10-29 19:17 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-10-27 22:51 . 2008-10-27 22:51 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\vlc
2008-10-27 22:50 . 2008-10-27 22:50 <DIR> d-------- C:\Program Files\VideoLAN
2008-10-27 22:04 . 2008-06-13 06:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-27 22:04 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-27 22:03 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-27 22:03 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-27 22:03 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-27 22:03 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-27 22:03 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-27 22:03 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-27 22:03 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-27 22:03 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-27 22:02 . 2008-10-15 11:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-27 21:36 . 2008-10-27 21:36 13,646 --a------ C:\WINDOWS\system32\wpa.bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 03:32 --------- d-----w C:\Program Files\Steam
2008-10-28 01:52 --------- d-----w C:\Program Files\Realtek
2008-10-28 01:49 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-28 01:34 --------- d-----w C:\Program Files\Intel
2008-10-28 01:16 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-28 01:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-28 01:01 --------- d-----w C:\Program Files\ATI Technologies
2008-10-28 01:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-28 00:55 --------- d-----w C:\Documents and Settings\Chris\Application Data\mjusbsp
2008-09-24 03:09 3,331,072 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-24 03:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-09-24 02:18 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-09-24 02:17 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-09-24 02:09 10,772,480 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-09-24 02:07 188,416 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-09-24 02:06 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-09-24 02:06 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-09-24 02:06 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-09-24 02:06 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-09-24 02:04 581,632 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-09-24 02:03 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-09-24 01:56 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-09-24 01:54 4,008,864 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-09-24 01:38 2,399,744 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-09-24 01:24 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-09-24 01:20 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-09-24 01:19 39,424 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-09-24 01:18 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-09-24 01:18 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-09-24 01:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-09-24 01:12 573,440 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-30 17:00 90,112 ----a-w C:\WINDOWS\system32\atibrtmon.exe
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2006-06-24 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 16:23 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-27 19:58 1410296 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 13:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2008-03-26 11:14 16859136 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Chris\\Desktop\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8232b83a-a48e-11dd-8bf7-f1955dcc1f35}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8232b83b-a48e-11dd-8bf7-f1955dcc1f35}]
\Shell\AutoRun\command - J:\xih9.cmd
\Shell\explore\Command - J:\xih9.cmd
\Shell\open\Command - J:\xih9.cmd

*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-kamsoft - C:\WINDOWS\system32\ckvo.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\37qluhek.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 13:26:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-31 13:27:15
ComboFix-quarantined-files.txt 2008-10-31 18:27:11

Pre-Run: 20,092,260,352 bytes free
Post-Run: 20,209,512,448 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

188 --- E O F --- 2008-10-31 18:18:18
 
You must log in or register to reply here.
Top