Thread: internet explorer cuts out and unable to download help
View Single Post
Old 11-13-2008, 12:05 PM   #9 (permalink)
tmadtown
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: xp service pack 3


Re: internet explorer cuts out and unable to download help
ried,
Here is the combo fix (they found another file for me to send in)and kasper logs:

ComboFix 08-11-12.01 - T-roy 2008-11-13 8:30:27.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.418 [GMT -6:00]
Running from: c:\documents and settings\T-roy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\T-roy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BXRI2E4F.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-13 08:19 . 2008-11-13 08:19 <DIR> d-------- c:\windows\LastGood
2008-11-06 08:29 . 2008-11-06 08:29 <DIR> d-------- c:\program files\Lavasoft
2008-11-06 08:29 . 2008-11-06 08:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 08:22 . 2008-11-06 08:22 <DIR> d-------- C:\!KillBox
2008-11-05 13:55 . 2008-11-05 13:55 250 --a------ c:\windows\gmer.ini
2008-11-05 13:34 . 2008-11-05 13:34 <DIR> d-------- C:\rsit
2008-10-23 16:36 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 07:22 . 2008-09-08 04:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-16 07:21 . 2008-08-14 04:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 07:21 . 2008-08-14 04:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 07:21 . 2008-08-14 03:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 07:21 . 2008-08-14 03:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 07:21 . 2008-09-15 06:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 14:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-06 14:37 --------- d-----w c:\documents and settings\All Users\Application Data\BOC426
2008-11-06 14:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-05 18:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 17:52 --------- d-----w c:\program files\ESPN
2008-11-05 17:18 --------- d-----w c:\program files\SpywareBlaster
2008-10-12 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-09-20 21:36 --------- d-----w c:\documents and settings\T-roy\Application Data\AdobeUM
2008-09-20 20:49 --------- d-----w c:\program files\Common Files\Adobe
2008-09-15 23:29 --------- d-----w c:\program files\iTunes
2008-09-15 23:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-15 23:28 --------- d-----w c:\program files\iPod
2008-09-15 23:21 --------- d-----w c:\program files\QuickTime
2008-09-15 23:20 --------- d-----w c:\program files\Common Files\Apple
2008-09-15 23:06 --------- d-----w c:\program files\Bonjour
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-13 01:33 --------- d-----w c:\documents and settings\T-roy\Application Data\Apple Computer
2008-08-29 15:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-10_18.51.03.95 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-11-17 49152]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-17 3022848]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 28672]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-06-12 151552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-12 33792]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2008-02-07 718704]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"WINDVDPatch"="CTHELPER.EXE" [2002-02-07 c:\windows\system32\CTHELPER.EXE]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 c:\windows\GWMDMMSG.exe]
"PROMon.exe"="PROMon.exe" [2002-04-18 c:\windows\system32\PROMon.exe]
"nwiz"="nwiz.exe" [2003-11-17 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4lrxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R3 NeroCd2k;NeroCd2k;c:\windows\system32\drivers\NeroCd2k.sys [2001-04-16 44227]
S0 ati4lrxx;ati4lrxx;c:\windows\system32\Drivers\ati4lrxx.sys [ ]
S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-10-28 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - T-roy.job
- c:\program files\Norton AntiVirus\Navw32.exe [2008-02-07 08:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 08:33:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-13 8:36:55
ComboFix-quarantined-files.txt 2008-11-13 14:35:50
ComboFix2.txt 2008-11-11 15:03:06
ComboFix3.txt 2008-11-11 00:52:01

Pre-Run: 9,500,184,576 bytes free
Post-Run: 9,486,491,648 bytes free

129 --- E O F --- 2008-11-08 00:18:43


KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 13, 2008 13:03:34
Records in database: 1383159
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 89819
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:48:57


File name / Threat name / Threats count
C:\Documents and Settings\T-roy\Desktop\wirelesskeyview\WirelessKeyView.exe Infected: not-a-virus:PSWTool.Win32.Messen.n 1
C:\Documents and Settings\T-roy\Desktop\wirelesskeyview.zip Infected: not-a-virus:PSWTool.Win32.Messen.n 1

The selected area was scanned.
tmadtown is offline