1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

not exactly new

Discussion in 'Virus & Other Malware Removal' started by nosewalker, Dec 9, 2011.

Thread Status:
Not open for further replies.
  1. nosewalker

    nosewalker Thread Starter

    Joined:
    Feb 27, 2007
    Messages:
    5
    Hi guys. I have this problem with internet explorer. It keeps popping up randomly. I did the Combofix. What else do I need
    to do ? Thanks
    Oh, here's sysinfo

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: AMD Athlon(tm) II X2 255 Processor, x86 Family 16 Model 6 Stepping 3
    Processor Count: 2
    RAM: 3070 Mb
    Graphics Card: NVIDIA GeForce 7025 / NVIDIA nForce 630a, 512 Mb
    Hard Drives: C: Total - 476929 MB, Free - 368210 MB;
    Motherboard: Gigabyte Technology Co., Ltd., M68MT-S2P
    Antivirus: Norton AntiVirus, Updated: No, On-Demand Scanner: Enabled
    ComboFix 11-12-09.02 - Ken Lynch 12/09/2011 13:48:53.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2156 [GMT -5:00]
    Running from: c:\documents and settings\Ken Lynch\My Documents\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\jF23801PiFhL23801
    c:\documents and settings\All Users\Application Data\jF23801PiFhL23801\jF23801PiFhL23801
    c:\documents and settings\All Users\Application Data\jF23801PiFhL23801\jF23801PiFhL23801.exe
    c:\documents and settings\All Users\Application Data\OXagifLC.exe
    c:\documents and settings\All Users\Application Data\OXagifLC.exe_
    c:\documents and settings\Ken Lynch\WINDOWS
    c:\windows\$NtUninstallKB46743$
    c:\windows\$NtUninstallKB46743$\1568458376
    c:\windows\$NtUninstallKB46743$\3016361309\@
    c:\windows\$NtUninstallKB46743$\3016361309\bckfg.tmp
    c:\windows\$NtUninstallKB46743$\3016361309\cfg.ini
    c:\windows\$NtUninstallKB46743$\3016361309\Desktop.ini
    c:\windows\$NtUninstallKB46743$\3016361309\keywords
    c:\windows\$NtUninstallKB46743$\3016361309\kwrd.dll
    c:\windows\$NtUninstallKB46743$\3016361309\L\snveotfw
    c:\windows\$NtUninstallKB46743$\3016361309\lsflt7.ver
    c:\windows\$NtUninstallKB46743$\3016361309\U\[email protected]
    c:\windows\$NtUninstallKB46743$\3016361309\U\[email protected]
    c:\windows\$NtUninstallKB46743$\3016361309\U\[email protected]
    c:\windows\$NtUninstallKB46743$\3016361309\U\[email protected]
    c:\windows\$NtUninstallKB46743$\3016361309\U\[email protected]
    c:\windows\$NtUninstallKB46743$\3016361309\U\[email protected]
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\encapi32.dll
    c:\windows\system32\Packet.dll
    c:\windows\system32\wpcap.dll
    .
    Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-09 18:31 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
    2011-12-09 18:31 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-12-09 15:32 . 2011-12-02 15:09 116224 ----a-w- c:\windows\system32\61MCU75s.com
    2011-12-03 10:40 . 2011-12-03 10:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2011-12-03 10:40 . 2011-12-03 10:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2011-12-03 10:34 . 2011-12-09 18:19 5407 ----a-w- c:\windows\system32\.TMP
    2011-12-02 15:40 . 2011-12-02 15:40 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2011-12-02 15:40 . 2011-12-02 15:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\mediabarbs
    2011-12-02 15:40 . 2011-12-02 15:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\bsbandmltbpi
    2011-12-02 15:40 . 2011-12-02 15:40 -------- d-----w- c:\documents and settings\NetworkService\AppData
    2011-11-26 20:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-11-26 20:05 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-11-26 20:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-11-26 20:03 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-11-26 19:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-11-26 19:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-11-26 13:13 . 2011-11-26 13:13 -------- d-----w- c:\windows\system32\scripting
    2011-11-26 13:13 . 2011-11-26 13:13 -------- d-----w- c:\windows\l2schemas
    2011-11-26 13:13 . 2011-11-26 13:13 -------- d-----w- c:\windows\system32\en
    2011-11-26 13:13 . 2011-11-26 13:13 -------- d-----w- c:\windows\system32\bits
    2011-11-26 13:06 . 2011-11-26 13:06 -------- d-----w- c:\windows\EHome
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-03 13:39 . 2011-07-05 21:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2011-07-04 15:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-11-14 22:50 . 2011-07-05 17:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2011-08-09 10:36 1235376 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
    2011-05-30 13:48 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
    .
    [HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
    "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
    "RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 50880]
    "ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 34504]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-27 273544]
    "D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 1662976]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
    "NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
    "BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2011-06-14 392280]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
    "c:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Ken Lynch\\My Documents\\Downloads\\cnet_Nero_BurnLite-10_0_10500_exe.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
    R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
    R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WDA-2320\JSWUtil\jswpsapi.exe [2007-08-02 352338]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
    S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
    S2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2007-05-24 547744]
    S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2007-07-25 57376]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-09 c:\windows\Tasks\At1.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At11.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At13.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At15.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At17.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At19.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At21.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At23.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At25.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-08 c:\windows\Tasks\At27.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-08 c:\windows\Tasks\At29.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At3.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-08 c:\windows\Tasks\At31.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-08 c:\windows\Tasks\At33.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-08 c:\windows\Tasks\At35.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-08 c:\windows\Tasks\At37.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At39.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At41.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At43.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At45.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At47.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At5.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At7.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\At9.job
    - c:\windows\system32\61MCU75s.com [2011-12-09 15:09]
    .
    2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-01 18:56]
    .
    2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-01 18:56]
    .
    2011-12-03 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
    - c:\progra~1\NORTON~1\NORTON~1\NAVW32.exe [2002-08-20 02:31]
    .
    2011-12-03 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
    - c:\program files\Norton SystemWorks\OBC.exe [2002-08-29 07:53]
    .
    2011-12-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
    .
    2011-12-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-484061587-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
    .
    2011-12-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
    .
    2011-12-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-484061587-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
    .
    2011-12-09 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2011-07-10 16:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.weather.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://search.bearshare.com//web?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    FF - ProfilePath - c:\documents and settings\Ken Lynch\Application Data\Mozilla\Firefox\Profiles\gsu9j8t3.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/today/32931:4:US
    FF - prefs.js: keyword.URL - hxxp://search.bearshare.com//web?src=ffb&appid=20&systemid=2&sr=0&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-09 14:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,7c,cd,e1,6b,b4,0e,4b,ae,c3,b4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,7c,cd,e1,6b,b4,0e,4b,ae,c3,b4,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3728)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\progra~1\NORTON~1\SPEEDD~1\nopdb.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\RTHDCPL.EXE
    c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    c:\windows\system32\RunDLL32.exe
    c:\program files\America Online 9.0\aoltray.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-09 14:28:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-09 19:28
    .
    Pre-Run: 385,554,853,888 bytes free
    Post-Run: 385,857,593,344 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
    .
    - - End Of File - - 88C06D9D449A87620FC60E1DD629D5F4
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030491

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice