Tech Support Forum - View Single Post - internet explorer cuts out and unable to download help

tmadtown · 11-10-2008, 05:54 PM

Thanks Ried,
here is the combo log

ComboFix 08-11-09.04 - T-roy 2008-11-10 18:37:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.366 [GMT -6:00]
Running from: c:\documents and settings\T-roy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\documents and settings\Administrator\Application Data\rhcr2sj0eeen
c:\windows\cdmxtras
c:\windows\cdmxtras\uninst.exe
c:\windows\IE4 Error Log.txt
c:\windows\Readme.txt
c:\windows\system32\B5C1oQlH.exe.a_a
c:\windows\system32\BXRI2E4F.exe.a_a
c:\windows\system32\cache329

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tcpsr

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-06 08:29 . 2008-11-06 08:29 <DIR> d-------- c:\program files\Lavasoft
2008-11-06 08:29 . 2008-11-06 08:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 08:22 . 2008-11-06 08:22 <DIR> d-------- C:\!KillBox
2008-11-05 13:55 . 2008-11-05 13:55 250 --a------ c:\windows\gmer.ini
2008-11-05 13:34 . 2008-11-05 13:34 <DIR> d-------- C:\rsit
2008-11-02 18:09 . 2008-11-02 18:08 31,744 --a------ c:\windows\system32\B5C1oQlH.exe
2008-10-23 16:36 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 07:22 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 07:21 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 07:21 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 07:21 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 07:21 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 07:21 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 00:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-06 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\BOC426
2008-11-06 14:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-05 18:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 17:52 --------- d-----w c:\program files\ESPN
2008-11-05 17:18 --------- d-----w c:\program files\SpywareBlaster
2008-10-12 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-09-20 21:36 --------- d-----w c:\documents and settings\T-roy\Application Data\AdobeUM
2008-09-20 20:49 --------- d-----w c:\program files\Common Files\Adobe
2008-09-15 23:29 --------- d-----w c:\program files\iTunes
2008-09-15 23:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-15 23:28 --------- d-----w c:\program files\iPod
2008-09-15 23:21 --------- d-----w c:\program files\QuickTime
2008-09-15 23:20 --------- d-----w c:\program files\Common Files\Apple
2008-09-15 23:06 --------- d-----w c:\program files\Bonjour
2008-09-13 01:33 --------- d-----w c:\documents and settings\T-roy\Application Data\Apple Computer
2008-09-11 01:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-11-17 49152]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-17 3022848]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-06-12 151552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-12 33792]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 c:\windows\system32\CTHELPER.EXE]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 c:\windows\GWMDMMSG.exe]
"PROMon.exe"="PROMon.exe" [2002-04-18 c:\windows\system32\PROMon.exe]
"nwiz"="nwiz.exe" [2003-11-17 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4lrxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [2001-04-16 44227]
S0 ati4lrxx;ati4lrxx;c:\windows\system32\Drivers\ati4lrxx.sys [ ]
S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-03 c:\windows\Tasks\At1.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-06 c:\windows\Tasks\At10.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At11.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At12.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At13.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At14.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At15.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At16.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At17.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At18.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-11 c:\windows\Tasks\At19.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-03 c:\windows\Tasks\At2.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-09 c:\windows\Tasks\At20.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-09 c:\windows\Tasks\At21.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-09 c:\windows\Tasks\At22.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At23.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-08 c:\windows\Tasks\At24.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-03 c:\windows\Tasks\At3.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-03 c:\windows\Tasks\At4.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-03 c:\windows\Tasks\At5.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-03 c:\windows\Tasks\At6.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-03 c:\windows\Tasks\At7.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-11 c:\windows\Tasks\At73.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At74.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At75.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At76.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At77.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At78.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At79.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-03 c:\windows\Tasks\At8.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-11 c:\windows\Tasks\At80.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At81.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At82.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At83.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At84.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At85.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At86.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At87.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At88.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At89.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-04 c:\windows\Tasks\At9.job
- c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08]

2008-11-11 c:\windows\Tasks\At90.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At91.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At92.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At93.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At94.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At95.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\At96.job
- c:\windows\system32\BXRI2E4F.exe []

2008-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-10-28 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - T-roy.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.espn.go.com/
R0 -: HKCU-Main,Default_Search_URL = hxxp://search.msn.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.gateway.net/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 18:45:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Comodo\CBOClean\BOCore.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\NMSSvc.Exe
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-10 18:51:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 00:51:46

Pre-Run: 9,473,671,168 bytes free
Post-Run: 9,535,774,720 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

269 --- E O F --- 2008-11-08 00:18:43

11-10-2008, 05:54 PM	#5 (permalink)
tmadtown Registered User Join Date: Nov 2008 Posts: 8 OS: xp service pack 3	Re: internet explorer cuts out and unable to download help Thanks Ried, here is the combo log ComboFix 08-11-09.04 - T-roy 2008-11-10 18:37:34.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.366 [GMT -6:00] Running from: c:\documents and settings\T-roy\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log c:\documents and settings\Administrator\Application Data\rhcr2sj0eeen c:\windows\cdmxtras c:\windows\cdmxtras\uninst.exe c:\windows\IE4 Error Log.txt c:\windows\Readme.txt c:\windows\system32\B5C1oQlH.exe.a_a c:\windows\system32\BXRI2E4F.exe.a_a c:\windows\system32\cache329 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_tcpsr ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-06 08:29 . 2008-11-06 08:29 <DIR> d-------- c:\program files\Lavasoft 2008-11-06 08:29 . 2008-11-06 08:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-06 08:22 . 2008-11-06 08:22 <DIR> d-------- C:\!KillBox 2008-11-05 13:55 . 2008-11-05 13:55 250 --a------ c:\windows\gmer.ini 2008-11-05 13:34 . 2008-11-05 13:34 <DIR> d-------- C:\rsit 2008-11-02 18:09 . 2008-11-02 18:08 31,744 --a------ c:\windows\system32\B5C1oQlH.exe 2008-10-23 16:36 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-16 07:22 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-16 07:21 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-16 07:21 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-16 07:21 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-16 07:21 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-16 07:21 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-11 00:41 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-06 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\BOC426 2008-11-06 14:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-05 18:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-05 17:52 --------- d-----w c:\program files\ESPN 2008-11-05 17:18 --------- d-----w c:\program files\SpywareBlaster 2008-10-12 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-09-20 21:36 --------- d-----w c:\documents and settings\T-roy\Application Data\AdobeUM 2008-09-20 20:49 --------- d-----w c:\program files\Common Files\Adobe 2008-09-15 23:29 --------- d-----w c:\program files\iTunes 2008-09-15 23:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-15 23:28 --------- d-----w c:\program files\iPod 2008-09-15 23:21 --------- d-----w c:\program files\QuickTime 2008-09-15 23:20 --------- d-----w c:\program files\Common Files\Apple 2008-09-15 23:06 --------- d-----w c:\program files\Bonjour 2008-09-13 01:33 --------- d-----w c:\documents and settings\T-roy\Application Data\Apple Computer 2008-09-11 01:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-11-17 49152] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-17 3022848] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672] "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576] "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738] "MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714] "NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-06-12 151552] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-12 33792] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704] "BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "WINDVDPatch"="CTHELPER.EXE" [2002-02-07 c:\windows\system32\CTHELPER.EXE] "GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 c:\windows\GWMDMMSG.exe] "PROMon.exe"="PROMon.exe" [2002-04-18 c:\windows\system32\PROMon.exe] "nwiz"="nwiz.exe" [2003-11-17 c:\windows\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4lrxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [2001-04-16 44227] S0 ati4lrxx;ati4lrxx;c:\windows\system32\Drivers\ati4lrxx.sys [ ] S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] Newly Created Service - NMSCFG . Contents of the 'Scheduled Tasks' folder 2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-03 c:\windows\Tasks\At1.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-06 c:\windows\Tasks\At10.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At11.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At12.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At13.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At14.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At15.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At16.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At17.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At18.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-11 c:\windows\Tasks\At19.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-03 c:\windows\Tasks\At2.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-09 c:\windows\Tasks\At20.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-09 c:\windows\Tasks\At21.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-09 c:\windows\Tasks\At22.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At23.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-08 c:\windows\Tasks\At24.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-03 c:\windows\Tasks\At3.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-03 c:\windows\Tasks\At4.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-03 c:\windows\Tasks\At5.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-03 c:\windows\Tasks\At6.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-03 c:\windows\Tasks\At7.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-11 c:\windows\Tasks\At73.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At74.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At75.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At76.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At77.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At78.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At79.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-03 c:\windows\Tasks\At8.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-11 c:\windows\Tasks\At80.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At81.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At82.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At83.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At84.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At85.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At86.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At87.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At88.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At89.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-04 c:\windows\Tasks\At9.job - c:\windows\system32\B5C1oQlH.exe [2008-11-02 18:08] 2008-11-11 c:\windows\Tasks\At90.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At91.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At92.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At93.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At94.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At95.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\At96.job - c:\windows\system32\BXRI2E4F.exe [] 2008-11-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-10-28 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - T-roy.job - c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 08:05] . - - - - ORPHANS REMOVED - - - - HKLM-Run-NWEReboot - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.espn.go.com/ R0 -: HKCU-Main,Default_Search_URL = hxxp://search.msn.com R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.gateway.net/ R1 -: HKCU-Internet Settings,ProxyOverride = .local O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . . ------- File Associations ------- . txtfile=c:\windows\NOTEPAD.EXE %1 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-10 18:45:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Windows Defender\MsMpEng.exe c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Comodo\CBOClean\BOCore.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\NMSSvc.Exe c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE c:\windows\system32\rundll32.exe c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-11-10 18:51:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-11 00:51:46 Pre-Run: 9,473,671,168 bytes free Post-Run: 9,535,774,720 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 269 --- E O F --- 2008-11-08 00:18:43