Tech Support Forum - View Single Post - Constant IE pop ups and an unremovable virus

Fallenxiii · 06-11-2008, 07:28 AM

Ok i've run ComboFix - here's the log.

ComboFix 08-06-10.3 - Jack 2008-06-11 14:08:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430 [GMT 1:00]
Running from: C:\Documents and Settings\Jack\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-07 20:39 . 2008-06-07 20:41 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-06-07 20:30 . 2008-06-07 20:30 <DIR> d----c--- C:\Program Files\Viewpoint
2008-06-07 20:30 . 2008-06-07 20:30 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-06-07 13:11 . 2008-06-07 13:11 110 --a--c--- C:\WINDOWS\GMouse.ini
2008-06-07 11:41 . 2008-06-07 11:41 53 --a--c--- C:\WINDOWS\system32\drivers\SecdelList.bin
2008-06-07 10:44 . 2008-06-07 10:44 <DIR> d----c--- C:\Deckard
2008-06-07 10:35 . 2008-06-07 10:35 <DIR> d----c--- C:\Program Files\Panda Security
2008-06-07 09:53 . 2008-06-07 09:53 <DIR> d----c--- C:\Program Files\Trend Micro
2008-06-06 20:50 . 2008-06-07 11:12 <DIR> d----c--- C:\Program Files\PC Optimizer
2008-06-06 20:41 . 2008-06-06 20:41 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop
2008-05-17 14:07 . 2008-05-17 14:07 <DIR> d----c--- C:\Program Files\Common Files\Adobe
2008-05-15 20:30 . 2008-05-21 00:30 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32
2008-05-14 21:45 . 2008-05-14 22:02 43,520 --a--c--- C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-14 21:26 . 2008-05-14 21:26 <DIR> d----c--- C:\Program Files\THQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 13:16 16,601,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 13:13 644,384 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-11 13:12 167,976 -c----w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-06-11 13:10 61,412 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-11 13:10 223,340 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-11 12:58 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PCSecurityShield
2008-06-08 17:05 --------- dc----w C:\Documents and Settings\Jack\Application Data\LimeWire
2008-06-07 10:14 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-06-06 19:59 --------- dc----w C:\Program Files\AOL 9.0
2008-05-30 14:29 88,774 -c--a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 17:17 96,966 -c--a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-17 13:26 --------- dc----w C:\Documents and Settings\Jack\Application Data\Neopets Toolbar
2008-05-02 17:47 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-04-28 13:49 --------- dc----w C:\Program Files\VDOTool
2008-04-28 13:39 --------- dc----w C:\Program Files\Common Files\InstallShield
2008-04-28 11:39 --------- dc----w C:\Program Files\Common Files\AOL
2008-04-27 14:58 --------- dc----w C:\Program Files\AOL Companion
2008-04-27 14:56 --------- dc----w C:\Program Files\Common Files\aolshare
2008-04-27 14:56 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-04-22 09:59 --------- dc----w C:\Program Files\Apple Software Update
2008-04-21 20:51 --------- dc----w C:\Program Files\DivX
2008-04-17 12:12 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-04-15 12:30 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2008-04-14 14:39 --------- dc----w C:\Program Files\PCSecurityShield
2008-03-31 21:25 831,488 -c--a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 -c--a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 -c--a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 18:00 147,456 -c--a-w C:\WINDOWS\system32\vbzip10.dll
2008-03-21 20:30 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 -c----w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-08 01:07 0 -c--a-w C:\Program Files\Common Files\vaxuzaj89104.dll
2005-07-29 16:24 0 -csha-r C:\WINDOWS\SmFjayBIdXRjaGluc29u\mAI3uV1Kxrl3u35RwZ6R.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26B7FF6F-A62E-43D1-9A82-769AC394B3D8}]
2008-02-08 02:07 0 --a--c--- C:\Program Files\Common Files\vaxuzaj89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9C02ECE-F41A-4362-BB65-6B441807FF6A}]
C:\WINDOWS\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BFB528-4CEF-4198-A5A6-29B3058F8DF5}]
C:\WINDOWS\system32\gebya.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360]
"AOL Dialer"="C:\Program Files\Common Files\AOL\ACS\AOlDial.exe" [2007-12-07 16:30 71008]
"PC_OPT"="C:\Program Files\PC Optimizer\trayicon.exe" [2003-06-17 23:39 71168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-03-17 15:31 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 16:44 8429568]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 15:30 3096576]
"HostManager"="C:\Program Files\Common Files\AOL\1205853596\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-04-23 19:19 2165536]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 16:44 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" [2007-08-23 14:16 200768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 13:00 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2008-04-27 15:50:35 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifefca]
iifefca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"=
"C:\\Program Files\\PCSecurityShield\\The Shield Deluxe 2008\\avp.exe"=

R1 tunmpp;tunmpp;C:\WINDOWS\system32\drivers\tunmpp.sys [2008-03-23 18:57]
S2 GF0012;GASIA Filter Driver;C:\WINDOWS\system32\DRIVERS\GF0012.sys [2006-05-19 14:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 22:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-11 13:15:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 14:13:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1205853596\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1205853596\ee\anotify.exe
.
**************************************************************************
.
Completion time: 2008-06-11 14:22:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 13:22:23

Pre-Run: 230,128,492,544 bytes free
Post-Run: 230,153,945,088 bytes free

165 --- E O F --- 2008-05-30 14:30:16

And here's the Hijack this log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:36, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1205853596\ee\AOLSoftware.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Optimizer\trayicon.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1205853596\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1205853596\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26B7FF6F-A62E-43D1-9A82-769AC394B3D8} - C:\Program Files\Common Files\vaxuzaj89104.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B9C02ECE-F41A-4362-BB65-6B441807FF6A} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {E1BFB528-4CEF-4198-A5A6-29B3058F8DF5} - C:\WINDOWS\system32\gebya.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205853596\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [PC_OPT] C:\Program Files\PC Optimizer\trayicon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: iifefca - iifefca.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8595 bytes

I am still getting pop ups, not sure if ComboFix was meant to fix that....?

06-11-2008, 07:28 AM	#4 (permalink)
Fallenxiii Registered User Join Date: Jun 2008 Posts: 7 OS: XP	Re: Constant IE pop ups and an unremovable virus Ok i've run ComboFix - here's the log. ComboFix 08-06-10.3 - Jack 2008-06-11 14:08:15.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430 [GMT 1:00] Running from: C:\Documents and Settings\Jack\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))) . 2008-06-07 20:39 . 2008-06-07 20:41 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads 2008-06-07 20:30 . 2008-06-07 20:30 <DIR> d----c--- C:\Program Files\Viewpoint 2008-06-07 20:30 . 2008-06-07 20:30 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint 2008-06-07 13:11 . 2008-06-07 13:11 110 --a--c--- C:\WINDOWS\GMouse.ini 2008-06-07 11:41 . 2008-06-07 11:41 53 --a--c--- C:\WINDOWS\system32\drivers\SecdelList.bin 2008-06-07 10:44 . 2008-06-07 10:44 <DIR> d----c--- C:\Deckard 2008-06-07 10:35 . 2008-06-07 10:35 <DIR> d----c--- C:\Program Files\Panda Security 2008-06-07 09:53 . 2008-06-07 09:53 <DIR> d----c--- C:\Program Files\Trend Micro 2008-06-06 20:50 . 2008-06-07 11:12 <DIR> d----c--- C:\Program Files\PC Optimizer 2008-06-06 20:41 . 2008-06-06 20:41 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop 2008-05-17 14:07 . 2008-05-17 14:07 <DIR> d----c--- C:\Program Files\Common Files\Adobe 2008-05-15 20:30 . 2008-05-21 00:30 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32 2008-05-14 21:45 . 2008-05-14 22:02 43,520 --a--c--- C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-14 21:26 . 2008-05-14 21:26 <DIR> d----c--- C:\Program Files\THQ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 13:16 16,601,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-11 13:13 644,384 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-11 13:12 167,976 -c----w C:\WINDOWS\system32\drivers\core.cache.dsk 2008-06-11 13:10 61,412 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-11 13:10 223,340 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-11 12:58 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PCSecurityShield 2008-06-08 17:05 --------- dc----w C:\Documents and Settings\Jack\Application Data\LimeWire 2008-06-07 10:14 --------- dc----w C:\Program Files\Windows Media Connect 2 2008-06-06 19:59 --------- dc----w C:\Program Files\AOL 9.0 2008-05-30 14:29 88,774 -c--a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-28 17:17 96,966 -c--a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-17 13:26 --------- dc----w C:\Documents and Settings\Jack\Application Data\Neopets Toolbar 2008-05-02 17:47 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-04-28 13:49 --------- dc----w C:\Program Files\VDOTool 2008-04-28 13:39 --------- dc----w C:\Program Files\Common Files\InstallShield 2008-04-28 11:39 --------- dc----w C:\Program Files\Common Files\AOL 2008-04-27 14:58 --------- dc----w C:\Program Files\AOL Companion 2008-04-27 14:56 --------- dc----w C:\Program Files\Common Files\aolshare 2008-04-27 14:56 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL 2008-04-22 09:59 --------- dc----w C:\Program Files\Apple Software Update 2008-04-21 20:51 --------- dc----w C:\Program Files\DivX 2008-04-17 12:12 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite 2008-04-15 12:30 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki 2008-04-14 14:39 --------- dc----w C:\Program Files\PCSecurityShield 2008-03-31 21:25 831,488 -c--a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 -c--a-w C:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-27 08:12 151,583 -c--a-w C:\WINDOWS\system32\msjint40.dll 2008-03-23 18:00 147,456 -c--a-w C:\WINDOWS\system32\vbzip10.dll 2008-03-21 20:30 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 129,784 -c----w C:\WINDOWS\system32\pxafs.dll 2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-08 01:07 0 -c--a-w C:\Program Files\Common Files\vaxuzaj89104.dll 2005-07-29 16:24 0 -csha-r C:\WINDOWS\SmFjayBIdXRjaGluc29u\mAI3uV1Kxrl3u35RwZ6R.vbs . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26B7FF6F-A62E-43D1-9A82-769AC394B3D8}] 2008-02-08 02:07 0 --a--c--- C:\Program Files\Common Files\vaxuzaj89104.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9C02ECE-F41A-4362-BB65-6B441807FF6A}] C:\WINDOWS\system32\pmnlk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BFB528-4CEF-4198-A5A6-29B3058F8DF5}] C:\WINDOWS\system32\gebya.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360] "AOL Dialer"="C:\Program Files\Common Files\AOL\ACS\AOlDial.exe" [2007-12-07 16:30 71008] "PC_OPT"="C:\Program Files\PC Optimizer\trayicon.exe" [2003-06-17 23:39 71168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-03-17 15:31 26112] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 16:44 8429568] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 15:30 3096576] "HostManager"="C:\Program Files\Common Files\AOL\1205853596\ee\AOLSoftware.exe" [2006-09-26 01:52 50736] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008] "Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-04-23 19:19 2165536] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 16:44 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "AVP"="C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" [2007-08-23 14:16 200768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 13:00 15360] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2008-04-27 15:50:35 156784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifefca] iifefca.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"= "C:\\Program Files\\PCSecurityShield\\The Shield Deluxe 2008\\avp.exe"= R1 tunmpp;tunmpp;C:\WINDOWS\system32\drivers\tunmpp.sys [2008-03-23 18:57] S2 GF0012;GASIA Filter Driver;C:\WINDOWS\system32\DRIVERS\GF0012.sys [2006-05-19 14:15] . Contents of the 'Scheduled Tasks' folder "2008-06-02 22:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-11 13:15:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 14:13:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\AOL\1205853596\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1205853596\ee\anotify.exe . ************************************************************************ . Completion time: 2008-06-11 14:22:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-11 13:22:23 Pre-Run: 230,128,492,544 bytes free Post-Run: 230,153,945,088 bytes free 165 --- E O F --- 2008-05-30 14:30:16 And here's the Hijack this log - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:27:36, on 11/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\AOL\1205853596\ee\AOLSoftware.exe C:\Program Files\VDOTool\TBPanel.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Optimizer\trayicon.exe C:\Program Files\AOL 9.0\aoltray.exe c:\program files\common files\aol\1205853596\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe c:\program files\common files\aol\1205853596\ee\aolsoftware.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {26B7FF6F-A62E-43D1-9A82-769AC394B3D8} - C:\Program Files\Common Files\vaxuzaj89104.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B9C02ECE-F41A-4362-BB65-6B441807FF6A} - C:\WINDOWS\system32\pmnlk.dll (file missing) O2 - BHO: (no name) - {E1BFB528-4CEF-4198-A5A6-29B3058F8DF5} - C:\WINDOWS\system32\gebya.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205853596\ee\AOLSoftware.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Common Files\AOL\ACS\AOlDial.exe O4 - HKCU\..\Run: [PC_OPT] C:\Program Files\PC Optimizer\trayicon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\scieplugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O20 - Winlogon Notify: iifefca - iifefca.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: The Shield Deluxe 2008 (AVP) - PCSecurityShield - C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 8595 bytes I am still getting pop ups, not sure if ComboFix was meant to fix that....?