Tech Support Forum - View Single Post - Constant IE pop ups and an unremovable virus

Fallenxiii · 06-17-2008, 10:46 AM

Hi,
ComboFix didn't bring the logs up on a few occasions.

Here's the one you requested, but for some reason it says I don't have the recovery console installed although i definatly installed it.

ComboFix 08-06-10.3 - Jack 2008-06-11 14:08:15.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430 [GMT 1:00]
Running from: C:\Documents and Settings\Jack\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-07 20:39 . 2008-06-07 20:41 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-06-07 20:30 . 2008-06-07 20:30 <DIR> d----c--- C:\Program Files\Viewpoint
2008-06-07 20:30 . 2008-06-07 20:30 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-06-07 13:11 . 2008-06-07 13:11 110 --a--c--- C:\WINDOWS\GMouse.ini
2008-06-07 11:41 . 2008-06-07 11:41 53 --a--c--- C:\WINDOWS\system32\drivers\SecdelList.bin
2008-06-07 10:44 . 2008-06-07 10:44 <DIR> d----c--- C:\Deckard
2008-06-07 10:35 . 2008-06-07 10:35 <DIR> d----c--- C:\Program Files\Panda Security
2008-06-07 09:53 . 2008-06-07 09:53 <DIR> d----c--- C:\Program Files\Trend Micro
2008-06-06 20:50 . 2008-06-07 11:12 <DIR> d----c--- C:\Program Files\PC Optimizer
2008-06-06 20:41 . 2008-06-06 20:41 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop
2008-05-17 14:07 . 2008-05-17 14:07 <DIR> d----c--- C:\Program Files\Common Files\Adobe
2008-05-15 20:30 . 2008-05-21 00:30 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32
2008-05-14 21:45 . 2008-05-14 22:02 43,520 --a--c--- C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-14 21:26 . 2008-05-14 21:26 <DIR> d----c--- C:\Program Files\THQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 13:16 16,601,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-11 13:13 644,384 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-11 13:12 167,976 -c----w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-06-11 13:10 61,412 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-11 13:10 223,340 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-11 12:58 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PCSecurityShield
2008-06-08 17:05 --------- dc----w C:\Documents and Settings\Jack\Application Data\LimeWire
2008-06-07 10:14 --------- dc----w C:\Program Files\Windows Media Connect 2
2008-06-06 19:59 --------- dc----w C:\Program Files\AOL 9.0
2008-05-30 14:29 88,774 -c--a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 17:17 96,966 -c--a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-17 13:26 --------- dc----w C:\Documents and Settings\Jack\Application Data\Neopets Toolbar
2008-05-02 17:47 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-04-28 13:49 --------- dc----w C:\Program Files\VDOTool
2008-04-28 13:39 --------- dc----w C:\Program Files\Common Files\InstallShield
2008-04-28 11:39 --------- dc----w C:\Program Files\Common Files\AOL
2008-04-27 14:58 --------- dc----w C:\Program Files\AOL Companion
2008-04-27 14:56 --------- dc----w C:\Program Files\Common Files\aolshare
2008-04-27 14:56 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2008-04-22 09:59 --------- dc----w C:\Program Files\Apple Software Update
2008-04-21 20:51 --------- dc----w C:\Program Files\DivX
2008-04-17 12:12 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-04-15 12:30 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2008-04-14 14:39 --------- dc----w C:\Program Files\PCSecurityShield
2008-03-31 21:25 831,488 -c--a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 -c--a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 -c--a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 18:00 147,456 -c--a-w C:\WINDOWS\system32\vbzip10.dll
2008-03-21 20:30 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 -c----w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-08 01:07 0 -c--a-w C:\Program Files\Common Files\vaxuzaj89104.dll
2005-07-29 16:24 0 -csha-r C:\WINDOWS\SmFjayBIdXRjaGluc29u\mAI3uV1Kxrl3u35RwZ6R.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26B7FF6F-A62E-43D1-9A82-769AC394B3D8}]
2008-02-08 02:07 0 --a--c--- C:\Program Files\Common Files\vaxuzaj89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9C02ECE-F41A-4362-BB65-6B441807FF6A}]
C:\WINDOWS\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BFB528-4CEF-4198-A5A6-29B3058F8DF5}]
C:\WINDOWS\system32\gebya.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360]
"AOL Dialer"="C:\Program Files\Common Files\AOL\ACS\AOlDial.exe" [2007-12-07 16:30 71008]
"PC_OPT"="C:\Program Files\PC Optimizer\trayicon.exe" [2003-06-17 23:39 71168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-03-17 15:31 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 16:44 8429568]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 15:30 3096576]
"HostManager"="C:\Program Files\Common Files\AOL\1205853596\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-04-23 19:19 2165536]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 16:44 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" [2007-08-23 14:16 200768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 13:00 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2008-04-27 15:50:35 156784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifefca]
iifefca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"=
"C:\\Program Files\\PCSecurityShield\\The Shield Deluxe 2008\\avp.exe"=

R1 tunmpp;tunmpp;C:\WINDOWS\system32\drivers\tunmpp.sys [2008-03-23 18:57]
S2 GF0012;GASIA Filter Driver;C:\WINDOWS\system32\DRIVERS\GF0012.sys [2006-05-19 14:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 22:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-11 13:15:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 14:13:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1205853596\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1205853596\ee\anotify.exe
.
**************************************************************************
.
Completion time: 2008-06-11 14:22:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 13:22:23

Pre-Run: 230,128,492,544 bytes free
Post-Run: 230,153,945,088 bytes free

165 --- E O F --- 2008-05-30 14:30:16

06-17-2008, 10:46 AM	#8 (permalink)
Fallenxiii Registered User Join Date: Jun 2008 Posts: 7 OS: XP	Re: Constant IE pop ups and an unremovable virus Hi, ComboFix didn't bring the logs up on a few occasions. Here's the one you requested, but for some reason it says I don't have the recovery console installed although i definatly installed it. ComboFix 08-06-10.3 - Jack 2008-06-11 14:08:15.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430 [GMT 1:00] Running from: C:\Documents and Settings\Jack\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 ))))))))))))))))))))))))))))))) . 2008-06-07 20:39 . 2008-06-07 20:41 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads 2008-06-07 20:30 . 2008-06-07 20:30 <DIR> d----c--- C:\Program Files\Viewpoint 2008-06-07 20:30 . 2008-06-07 20:30 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint 2008-06-07 13:11 . 2008-06-07 13:11 110 --a--c--- C:\WINDOWS\GMouse.ini 2008-06-07 11:41 . 2008-06-07 11:41 53 --a--c--- C:\WINDOWS\system32\drivers\SecdelList.bin 2008-06-07 10:44 . 2008-06-07 10:44 <DIR> d----c--- C:\Deckard 2008-06-07 10:35 . 2008-06-07 10:35 <DIR> d----c--- C:\Program Files\Panda Security 2008-06-07 09:53 . 2008-06-07 09:53 <DIR> d----c--- C:\Program Files\Trend Micro 2008-06-06 20:50 . 2008-06-07 11:12 <DIR> d----c--- C:\Program Files\PC Optimizer 2008-06-06 20:41 . 2008-06-06 20:41 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop 2008-05-17 14:07 . 2008-05-17 14:07 <DIR> d----c--- C:\Program Files\Common Files\Adobe 2008-05-15 20:30 . 2008-05-21 00:30 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32 2008-05-14 21:45 . 2008-05-14 22:02 43,520 --a--c--- C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-14 21:26 . 2008-05-14 21:26 <DIR> d----c--- C:\Program Files\THQ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 13:16 16,601,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-11 13:13 644,384 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-11 13:12 167,976 -c----w C:\WINDOWS\system32\drivers\core.cache.dsk 2008-06-11 13:10 61,412 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-11 13:10 223,340 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-11 12:58 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PCSecurityShield 2008-06-08 17:05 --------- dc----w C:\Documents and Settings\Jack\Application Data\LimeWire 2008-06-07 10:14 --------- dc----w C:\Program Files\Windows Media Connect 2 2008-06-06 19:59 --------- dc----w C:\Program Files\AOL 9.0 2008-05-30 14:29 88,774 -c--a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-28 17:17 96,966 -c--a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-17 13:26 --------- dc----w C:\Documents and Settings\Jack\Application Data\Neopets Toolbar 2008-05-02 17:47 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-04-28 13:49 --------- dc----w C:\Program Files\VDOTool 2008-04-28 13:39 --------- dc----w C:\Program Files\Common Files\InstallShield 2008-04-28 11:39 --------- dc----w C:\Program Files\Common Files\AOL 2008-04-27 14:58 --------- dc----w C:\Program Files\AOL Companion 2008-04-27 14:56 --------- dc----w C:\Program Files\Common Files\aolshare 2008-04-27 14:56 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL 2008-04-22 09:59 --------- dc----w C:\Program Files\Apple Software Update 2008-04-21 20:51 --------- dc----w C:\Program Files\DivX 2008-04-17 12:12 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite 2008-04-15 12:30 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki 2008-04-14 14:39 --------- dc----w C:\Program Files\PCSecurityShield 2008-03-31 21:25 831,488 -c--a-w C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 21:25 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 21:25 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 21:25 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 21:25 682,496 -c--a-w C:\WINDOWS\system32\DivX.dll 2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-03-27 08:12 151,583 -c--a-w C:\WINDOWS\system32\msjint40.dll 2008-03-23 18:00 147,456 -c--a-w C:\WINDOWS\system32\vbzip10.dll 2008-03-21 20:30 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe 2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll 2008-03-21 20:30 129,784 -c----w C:\WINDOWS\system32\pxafs.dll 2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll 2008-03-21 20:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll 2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll 2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll 2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll 2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll 2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll 2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-08 01:07 0 -c--a-w C:\Program Files\Common Files\vaxuzaj89104.dll 2005-07-29 16:24 0 -csha-r C:\WINDOWS\SmFjayBIdXRjaGluc29u\mAI3uV1Kxrl3u35RwZ6R.vbs . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26B7FF6F-A62E-43D1-9A82-769AC394B3D8}] 2008-02-08 02:07 0 --a--c--- C:\Program Files\Common Files\vaxuzaj89104.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9C02ECE-F41A-4362-BB65-6B441807FF6A}] C:\WINDOWS\system32\pmnlk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1BFB528-4CEF-4198-A5A6-29B3058F8DF5}] C:\WINDOWS\system32\gebya.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360] "AOL Dialer"="C:\Program Files\Common Files\AOL\ACS\AOlDial.exe" [2007-12-07 16:30 71008] "PC_OPT"="C:\Program Files\PC Optimizer\trayicon.exe" [2003-06-17 23:39 71168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-03-17 15:31 26112] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 16:44 8429568] "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 15:30 3096576] "HostManager"="C:\Program Files\Common Files\AOL\1205853596\ee\AOLSoftware.exe" [2006-09-26 01:52 50736] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008] "Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-04-23 19:19 2165536] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 16:44 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "AVP"="C:\Program Files\PCSecurityShield\The Shield Deluxe 2008\avp.exe" [2007-08-23 14:16 200768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 13:00 15360] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2008-04-27 15:50:35 156784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifefca] iifefca.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\AOL 9.0\\waol.exe"= "C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"= "C:\\Program Files\\PCSecurityShield\\The Shield Deluxe 2008\\avp.exe"= R1 tunmpp;tunmpp;C:\WINDOWS\system32\drivers\tunmpp.sys [2008-03-23 18:57] S2 GF0012;GASIA Filter Driver;C:\WINDOWS\system32\DRIVERS\GF0012.sys [2006-05-19 14:15] . Contents of the 'Scheduled Tasks' folder "2008-06-02 22:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-11 13:15:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 14:13:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\AOL\1205853596\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1205853596\ee\anotify.exe . ************************************************************************ . Completion time: 2008-06-11 14:22:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-11 13:22:23 Pre-Run: 230,128,492,544 bytes free Post-Run: 230,153,945,088 bytes free 165 --- E O F --- 2008-05-30 14:30:16