Tech Support Forum - View Single Post - internet explorer cuts out and unable to download help

tmadtown · 11-11-2008, 08:16 AM

Ried,
A couple of things: I was able to run the combofix and it popped up a file it wanted me to send in to check as a malware file. I wasn't able to go to the Kaspersky address that you sent because that address didn't work for me.

Here is the combo log:

ComboFix 08-11-09.04 - T-roy 2008-11-11 8:56:58.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.430 [GMT -6:00]
Running from: c:\documents and settings\T-roy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\T-roy\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\system32\B5C1oQlH.exe
c:\windows\system32\BXRI2E4F.exe.a_a
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At73.job
c:\windows\Tasks\At74.job
c:\windows\Tasks\At75.job
c:\windows\Tasks\At76.job
c:\windows\Tasks\At77.job
c:\windows\Tasks\At78.job
c:\windows\Tasks\At79.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At80.job
c:\windows\Tasks\At81.job
c:\windows\Tasks\At82.job
c:\windows\Tasks\At83.job
c:\windows\Tasks\At84.job
c:\windows\Tasks\At85.job
c:\windows\Tasks\At86.job
c:\windows\Tasks\At87.job
c:\windows\Tasks\At88.job
c:\windows\Tasks\At89.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At90.job
c:\windows\Tasks\At91.job
c:\windows\Tasks\At92.job
c:\windows\Tasks\At93.job
c:\windows\Tasks\At94.job
c:\windows\Tasks\At95.job
c:\windows\Tasks\At96.job

.
((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-10 19:13 . 2008-11-10 19:12 41,474 --a------ c:\windows\system32\BXRI2E4F.exe
2008-11-06 08:29 . 2008-11-06 08:29 <DIR> d-------- c:\program files\Lavasoft
2008-11-06 08:29 . 2008-11-06 08:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 08:22 . 2008-11-06 08:22 <DIR> d-------- C:\!KillBox
2008-11-05 13:55 . 2008-11-05 13:55 250 --a------ c:\windows\gmer.ini
2008-11-05 13:34 . 2008-11-05 13:34 <DIR> d-------- C:\rsit
2008-10-23 16:36 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 07:22 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 07:21 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 07:21 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 07:21 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 07:21 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 07:21 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 14:31 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-06 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\BOC426
2008-11-06 14:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-05 18:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 17:52 --------- d-----w c:\program files\ESPN
2008-11-05 17:18 --------- d-----w c:\program files\SpywareBlaster
2008-10-12 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-09-20 21:36 --------- d-----w c:\documents and settings\T-roy\Application Data\AdobeUM
2008-09-20 20:49 --------- d-----w c:\program files\Common Files\Adobe
2008-09-15 23:29 --------- d-----w c:\program files\iTunes
2008-09-15 23:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-15 23:28 --------- d-----w c:\program files\iPod
2008-09-15 23:21 --------- d-----w c:\program files\QuickTime
2008-09-15 23:20 --------- d-----w c:\program files\Common Files\Apple
2008-09-15 23:06 --------- d-----w c:\program files\Bonjour
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-13 01:33 --------- d-----w c:\documents and settings\T-roy\Application Data\Apple Computer
2008-09-11 01:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-08-29 15:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-11-17 49152]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-17 3022848]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-06-12 151552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-12 33792]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 c:\windows\system32\CTHELPER.EXE]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 c:\windows\GWMDMMSG.exe]
"PROMon.exe"="PROMon.exe" [2002-04-18 c:\windows\system32\PROMon.exe]
"nwiz"="nwiz.exe" [2003-11-17 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4lrxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [2001-04-16 44227]
S0 ati4lrxx;ati4lrxx;c:\windows\system32\Drivers\ati4lrxx.sys [ ]
S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-10-28 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - T-roy.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 09:00:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-11-11 9:03:04
ComboFix-quarantined-files.txt 2008-11-11 15:01:59
ComboFix2.txt 2008-11-11 00:52:01

Pre-Run: 9,555,324,928 bytes free
Post-Run: 9,540,476,928 bytes free

224 --- E O F --- 2008-11-08 00:18:43

11-11-2008, 08:16 AM	#7 (permalink)
tmadtown Registered User Join Date: Nov 2008 Posts: 8 OS: xp service pack 3	Re: internet explorer cuts out and unable to download help Ried, A couple of things: I was able to run the combofix and it popped up a file it wanted me to send in to check as a malware file. I wasn't able to go to the Kaspersky address that you sent because that address didn't work for me. Here is the combo log: ComboFix 08-11-09.04 - T-roy 2008-11-11 8:56:58.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.430 [GMT -6:00] Running from: c:\documents and settings\T-roy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\T-roy\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At73.job c:\windows\Tasks\At74.job c:\windows\Tasks\At75.job c:\windows\Tasks\At76.job c:\windows\Tasks\At77.job c:\windows\Tasks\At78.job c:\windows\Tasks\At79.job c:\windows\Tasks\At8.job c:\windows\Tasks\At80.job c:\windows\Tasks\At81.job c:\windows\Tasks\At82.job c:\windows\Tasks\At83.job c:\windows\Tasks\At84.job c:\windows\Tasks\At85.job c:\windows\Tasks\At86.job c:\windows\Tasks\At87.job c:\windows\Tasks\At88.job c:\windows\Tasks\At89.job c:\windows\Tasks\At9.job c:\windows\Tasks\At90.job c:\windows\Tasks\At91.job c:\windows\Tasks\At92.job c:\windows\Tasks\At93.job c:\windows\Tasks\At94.job c:\windows\Tasks\At95.job c:\windows\Tasks\At96.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log c:\windows\system32\B5C1oQlH.exe c:\windows\system32\BXRI2E4F.exe.a_a c:\windows\Tasks\At1.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At2.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At73.job c:\windows\Tasks\At74.job c:\windows\Tasks\At75.job c:\windows\Tasks\At76.job c:\windows\Tasks\At77.job c:\windows\Tasks\At78.job c:\windows\Tasks\At79.job c:\windows\Tasks\At8.job c:\windows\Tasks\At80.job c:\windows\Tasks\At81.job c:\windows\Tasks\At82.job c:\windows\Tasks\At83.job c:\windows\Tasks\At84.job c:\windows\Tasks\At85.job c:\windows\Tasks\At86.job c:\windows\Tasks\At87.job c:\windows\Tasks\At88.job c:\windows\Tasks\At89.job c:\windows\Tasks\At9.job c:\windows\Tasks\At90.job c:\windows\Tasks\At91.job c:\windows\Tasks\At92.job c:\windows\Tasks\At93.job c:\windows\Tasks\At94.job c:\windows\Tasks\At95.job c:\windows\Tasks\At96.job . ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-10 19:13 . 2008-11-10 19:12 41,474 --a------ c:\windows\system32\BXRI2E4F.exe 2008-11-06 08:29 . 2008-11-06 08:29 <DIR> d-------- c:\program files\Lavasoft 2008-11-06 08:29 . 2008-11-06 08:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-06 08:22 . 2008-11-06 08:22 <DIR> d-------- C:\!KillBox 2008-11-05 13:55 . 2008-11-05 13:55 250 --a------ c:\windows\gmer.ini 2008-11-05 13:34 . 2008-11-05 13:34 <DIR> d-------- C:\rsit 2008-10-23 16:36 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-16 07:22 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-16 07:21 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-16 07:21 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-16 07:21 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-16 07:21 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-16 07:21 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-11 14:31 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-06 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\BOC426 2008-11-06 14:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-05 18:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-05 17:52 --------- d-----w c:\program files\ESPN 2008-11-05 17:18 --------- d-----w c:\program files\SpywareBlaster 2008-10-12 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-09-20 21:36 --------- d-----w c:\documents and settings\T-roy\Application Data\AdobeUM 2008-09-20 20:49 --------- d-----w c:\program files\Common Files\Adobe 2008-09-15 23:29 --------- d-----w c:\program files\iTunes 2008-09-15 23:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-15 23:28 --------- d-----w c:\program files\iPod 2008-09-15 23:21 --------- d-----w c:\program files\QuickTime 2008-09-15 23:20 --------- d-----w c:\program files\Common Files\Apple 2008-09-15 23:06 --------- d-----w c:\program files\Bonjour 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-13 01:33 --------- d-----w c:\documents and settings\T-roy\Application Data\Apple Computer 2008-09-11 01:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-08-29 15:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-08-29 14:53 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-11-17 49152] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-17 3022848] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672] "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576] "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738] "MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714] "NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-06-12 151552] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-12 33792] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704] "BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576] "WINDVDPatch"="CTHELPER.EXE" [2002-02-07 c:\windows\system32\CTHELPER.EXE] "GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 c:\windows\GWMDMMSG.exe] "PROMon.exe"="PROMon.exe" [2002-04-18 c:\windows\system32\PROMon.exe] "nwiz"="nwiz.exe" [2003-11-17 c:\windows\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4lrxx.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [2001-04-16 44227] S0 ati4lrxx;ati4lrxx;c:\windows\system32\Drivers\ati4lrxx.sys [ ] S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] . Contents of the 'Scheduled Tasks' folder 2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-11-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-10-28 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - T-roy.job - c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 08:05] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-11 09:00:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-11-11 9:03:04 ComboFix-quarantined-files.txt 2008-11-11 15:01:59 ComboFix2.txt 2008-11-11 00:52:01 Pre-Run: 9,555,324,928 bytes free Post-Run: 9,540,476,928 bytes free 224 --- E O F --- 2008-11-08 00:18:43