Here is the ComboFix log:
ComboFix 10-11-11.01 - The Funk Master 11/11/2010 22:40:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.244 [GMT -6:00]
Running from: c:\documents and settings\The Funk Master\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\The Funk Master\Application Data\dkfjasdfshd.bat
c:\documents and settings\The Funk Master\Recent\Thumbs.db
c:\program files\Common Files\Uninstall
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\bszip.dll
c:\windows\system32\fsc.txt
c:\windows\system32\ide.txt
c:\windows\system32\lpe.txt
c:\windows\system32\msadrtua.dll
c:\windows\system32\ndisapi.dll
c:\windows\system32\qks.txt
c:\windows\system32\xef.txt
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_NDISRD
-------\Service_NDISRD
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.
2010-11-03 22:53 . 2010-11-03 22:53 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-03 22:53 . 2010-11-03 22:53 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-02 20:59 . 2010-11-02 21:00 -------- d-----w- c:\program files\ERUNT
2010-11-02 18:04 . 2010-11-02 18:04 -------- d-----w- c:\program files\Novatel Wireless
2010-11-02 14:09 . 2010-11-02 14:09 -------- d-----w- c:\documents and settings\The Funk Master\Application Data\Malwarebytes
2010-11-01 21:49 . 2010-11-01 21:49 388096 ----a-r- c:\documents and settings\The Funk Master\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 21:49 . 2010-11-01 21:49 -------- d-----w- c:\program files\Trend Micro
2010-10-31 22:44 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-31 22:44 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-31 22:44 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-31 22:44 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-31 22:44 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-31 22:44 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-31 22:44 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-31 22:43 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-31 22:43 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-31 22:42 . 2010-10-31 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-31 20:02 . 2010-10-31 20:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Yahoo
2010-10-31 20:01 . 2010-10-31 20:01 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-10-31 16:00 . 2010-10-31 16:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-10-31 03:09 . 2010-11-01 00:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-31 03:09 . 2010-10-31 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-31 01:12 . 2010-10-31 01:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-10-31 01:03 . 2010-10-31 01:03 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2010-10-31 00:25 . 2010-10-31 00:25 -------- d-sh--w- c:\documents and settings\Dor\PrivacIE
2010-10-31 00:25 . 2010-10-31 00:25 -------- d-sh--w- c:\documents and settings\Dor\IECompatCache
2010-10-31 00:11 . 2010-10-31 00:11 -------- d-----w- c:\documents and settings\Dor\Application Data\Malwarebytes
2010-10-31 00:11 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 00:11 . 2010-10-31 00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 00:11 . 2010-10-31 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-31 00:11 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 00:04 . 2010-10-31 00:04 -------- d-----w- c:\documents and settings\Dor\Local Settings\Application Data\Mozilla
2010-10-30 23:41 . 2010-10-31 19:07 29 ----a-w- c:\documents and settings\The Funk Master\Application Data\boot.bat
2010-10-30 23:04 . 2010-10-30 23:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 19:01 . 2010-09-09 19:01 86016 ----a-w- c:\windows\system32\gxnajdbi.dll
.
Code:
<pre>
c:\program files\Apoint\Apoint .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
c:\program files\Dell\Media Experience\PCMService .exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\DellSupport\DSAgnt .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mimboot .exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\SymplisIT\DriverMagic\dmschedule .exe
c:\program files\Yahoo!\Messenger\YahooMessenger .exe
c:\windows\system32\rundll32 .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [N/A]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [N/A]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [N/A]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-05-17 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-05-17 316736]
c:\documents and settings\Dor\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2006-2-16 81920]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2006-1-18 106496]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-6 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype .exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3000:TCP"= 3000:TCP:lgmslms
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/31/2010 4:44 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/31/2010 4:44 PM 17744]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 1:10 PM 82944]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2/11/2010 8:03 PM 319488]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2/11/2010 8:02 PM 51456]
S1 ncyqnhqq;ncyqnhqq;\??\c:\windows\system32\drivers\ncyqnhqq.sys --> c:\windows\system32\drivers\ncyqnhqq.sys [?]
S2 gupdate1ca9d6e302236f4;Google Update Service (gupdate1ca9d6e302236f4);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2010 9:26 PM 133104]
S2 gzqzholvx;jzlnnvn;c:\windows\system32\svchost.exe -k netsvcs [8/11/2004 4:00 PM 14336]
S3 vvtpa;vvtpa;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - BMLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gzqzholvx
.
Contents of the 'Scheduled Tasks' folder
2010-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 03:26]
2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-25 03:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
LSP: bmnet.dll
Trusted Zone: yahoo.com\music
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\The Funk Master\Application Data\Mozilla\Firefox\Profiles\cdww7abl.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-ScreensaversInstaller - c:\program files\Screensavers.com\Installer\bin\siuninst.exe
AddRemove-Silent Knight Software Suite - c:\progra~1\SKSS\UNWISE.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 23:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2100AH rev.00000096 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x83316C56]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8331d4f4]; MOV EAX, [0x8331d570]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x833D5AB8]
3 CLASSPNP[0xF864DFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8335A490]
\Driver\atapi[0x833ADF38] -> IRP_MJ_CREATE -> 0x83316C56
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2100AH_______________________00000096#5&17ce0675&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x83316A9F
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
sectors 195371566 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vvtpa]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,08,8f,af,0a,52,7f,48,8f,91,1f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f9,08,8f,af,0a,52,7f,48,8f,91,1f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'lsass.exe'(1496)
c:\windows\system32\WININET.dll
c:\windows\system32\bmnet.dll
- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\WININET.dll
c:\windows\system32\bmnet.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-11 23:11:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-12 05:11
Pre-Run: 29,521,522,688 bytes free
Post-Run: 29,773,754,368 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - E64CC1DFFB6A5F769924916BBCD93647
Thanks!