Thank you so much for your help BTW...
HJT Log Follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:48:24, on 02.02.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\Owner\My Documents\Downloads\RRT.exe auto
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{018A4CF3-F1F4-4257-B9C7-A3A0AC70D8D0}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6DD66E6-4A3D-491E-814D-5243AB1D8D0A}: NameServer = 83.149.115.157,4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{018A4CF3-F1F4-4257-B9C7-A3A0AC70D8D0}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{018A4CF3-F1F4-4257-B9C7-A3A0AC70D8D0}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7445 bytes
-----------------------------------------------------------------------------------------------------------------------------------------------------------
CFix Log Follows...
ComboFix 10-02-01.01 - Owner 02.02.2010 0:41.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.352.1033.18.2047.1702 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.
2010-02-02 05:15 . 2009-10-12 13:28 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-02-02 05:13 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-02-02 05:13 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-02-02 05:13 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-02-02 05:13 . 2009-10-13 10:38 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2010-02-02 05:13 . 2009-08-25 09:27 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-02-02 05:10 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-02 05:03 . 2009-07-31 04:24 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-02-02 05:03 . 2009-07-31 04:24 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-02-02 03:26 . 2010-02-02 03:26 -------- d-----w- c:\windows\system32\xircom
2010-02-02 03:26 . 2010-02-02 03:26 -------- d-----w- c:\windows\system32\wbem\snmp
2010-02-02 03:26 . 2010-02-02 03:26 -------- d-----w- c:\windows\system32\oobe
2010-02-02 03:26 . 2010-02-02 03:26 -------- d-----w- c:\program files\microsoft frontpage
2010-01-31 15:21 . 2010-01-31 15:21 -------- d-----w- c:\windows\Sun
2010-01-31 00:30 . 2010-01-31 00:30 -------- d-----w- c:\program files\Trend Micro
2010-01-31 00:20 . 2010-01-31 00:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-31 00:15 . 2010-01-31 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-31 00:15 . 2010-02-02 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 21:05 . 2010-01-15 21:05 262144 ----a-w- c:\windows\system32\default_user_class.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 07:54 . 2009-09-05 04:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-02 07:42 . 2009-09-05 00:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-01 02:59 . 2009-11-07 00:55 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\MEGAUPLOADTOOLBAR
2010-01-30 20:57 . 2009-09-05 04:31 -------- d-----w- c:\program files\BitComet
2010-01-28 20:21 . 2009-09-05 05:18 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-28 19:08 . 2009-09-17 18:51 -------- d-----w- c:\documents and settings\Guest\Application Data\MEGAUPLOADTOOLBAR
2010-01-26 19:16 . 2009-09-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-21 19:14 . 2009-04-20 18:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-09 20:16 . 2009-11-09 20:16 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-11-09 20:16 . 2009-11-09 20:16 91208 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 00:01 . 2009-09-16 19:32 177024 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ao06ijg.default\FlashGot.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
1601-01-01 00:03 . 1601-01-01 00:03 60928 --sha-w- c:\windows\system32\dadutiwo.dll
2009-09-14 21:03 . 2009-09-14 21:03 3 --sha-w- c:\windows\system32\dikijowa.dll
2009-09-10 21:42 . 2009-09-10 21:42 3 --sha-w- c:\windows\system32\dodirabu.dll
2009-09-15 20:26 . 2009-09-15 20:26 3 --sha-w- c:\windows\system32\forasuho.dll
2009-09-20 19:59 . 2009-09-20 19:59 12288 --sha-w- c:\windows\system32\ganafihe.exe
2009-09-10 21:42 . 2009-09-10 21:42 3 --sha-w- c:\windows\system32\habuneki.dll
2009-09-20 19:59 . 2009-09-20 19:59 3 --sha-w- c:\windows\system32\hemodogo.dll
2009-09-18 19:30 . 2009-09-18 19:30 45568 --sha-w- c:\windows\system32\jatipife.dll
2009-09-12 22:58 . 2009-09-12 22:58 3 --sha-w- c:\windows\system32\jinuyeju.dll
2009-09-10 00:13 . 2009-09-10 00:13 3 --sha-w- c:\windows\system32\kawugevu.dll
2009-09-11 22:15 . 2009-09-11 22:15 3 --sha-w- c:\windows\system32\loyijofi.dll
2009-09-17 22:38 . 2009-09-17 22:38 3 --sha-w- c:\windows\system32\mokufumi.dll
2009-09-15 20:26 . 2009-09-15 20:26 3 --sha-w- c:\windows\system32\pusevuwo.dll
2009-09-10 00:13 . 2009-09-10 00:13 3 --sha-w- c:\windows\system32\rejipabe.dll
2009-09-11 22:15 . 2009-09-11 22:15 3 --sha-w- c:\windows\system32\rujaheyi.dll
2009-09-19 19:41 . 2009-09-19 19:41 3 --sha-w- c:\windows\system32\serehera.dll
2009-09-18 19:30 . 2009-09-18 19:30 3 --sha-w- c:\windows\system32\towoyila.dll
2009-09-12 22:58 . 2009-09-12 22:58 3 --sha-w- c:\windows\system32\vajapaso.dll
2009-09-18 19:30 . 2009-09-18 19:30 3 --sha-w- c:\windows\system32\yejenujo.dll
1601-01-01 00:03 . 1601-01-01 00:03 93184 --sha-w- c:\windows\system32\yireniye.dll
2009-09-19 19:41 . 2009-09-19 19:41 3 --sha-w- c:\windows\system32\yobaruzi.dll
1601-01-01 00:03 . 1601-01-01 00:03 25088 --sha-w- c:\windows\system32\yozekute.exe
2009-09-14 21:03 . 2009-09-14 21:03 3 --sha-w- c:\windows\system32\zakejoki.dll
.
------- Sigcheck -------
[-] 2009-04-20 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-02-02_03.28.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-20 18:18 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2009-04-20 18:18 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 12:00 . 2008-04-14 12:00 75776 c:\windows\system32\strmfilt.dll
+ 2008-04-14 12:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
+ 2008-04-14 12:00 . 2009-10-12 13:28 79872 c:\windows\system32\raschap.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 79872 c:\windows\system32\raschap.dll
+ 2008-04-14 12:00 . 2010-02-02 08:37 71904 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2010-02-01 03:08 71904 c:\windows\system32\perfc009.dat
- 2009-04-20 18:22 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-04-20 18:22 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-04-20 18:17 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
- 2009-04-20 18:17 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
- 2008-04-14 12:00 . 2009-07-29 04:37 81920 c:\windows\system32\fontsub.dll
+ 2008-04-14 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-09-21 05:47 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-09-21 05:47 . 2009-07-29 04:37 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-09-06 05:50 . 2010-02-02 07:54 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-02 07:56 . 2009-08-29 08:08 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-02-02 07:56 . 2009-08-29 08:08 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-02-02 07:56 . 2009-08-29 08:08 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2009-04-20 18:19 . 2009-08-25 09:27 354816 c:\windows\system32\winhttp.dll
- 2008-04-14 12:00 . 2009-07-29 04:37 119808 c:\windows\system32\t2embed.dll
+ 2008-04-14 12:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2010-02-02 07:33 . 2008-12-10 18:56 187392 c:\windows\system32\ReinstallBackups\0001\DriverFiles\b57xp32.sys
+ 2009-04-20 18:18 . 2009-10-13 02:58 150016 c:\windows\system32\rastls.dll
+ 2008-04-14 12:00 . 2010-02-02 08:37 444028 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2010-02-01 03:08 444028 c:\windows\system32\perfh009.dat
- 2009-04-20 18:18 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2009-04-20 18:18 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
+ 2009-04-20 18:18 . 2009-10-13 10:38 270336 c:\windows\system32\oakley.dll
- 2009-04-20 18:18 . 2009-04-20 18:18 270336 c:\windows\system32\oakley.dll
+ 2009-04-20 18:22 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
- 2009-04-20 18:22 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2009-04-20 18:17 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
- 2009-04-20 18:17 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
+ 2009-04-20 18:17 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
- 2009-04-20 18:17 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2009-04-20 18:17 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
- 2009-04-20 18:17 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2009-09-04 18:49 . 2009-02-23 17:40 195072 c:\windows\system32\drivers\b57xp32.sys
+ 2009-09-21 05:45 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-09-21 05:47 . 2009-07-29 04:37 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-09-21 05:47 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-10-13 02:58 . 2009-10-13 02:58 150016 c:\windows\system32\dllcache\rastls.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-09-21 05:45 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-09-21 05:45 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-09-04 18:49 . 2009-02-23 17:40 195072 c:\windows\system32\dllcache\b57xp32.sys
+ 2010-02-02 05:14 . 2010-02-02 05:14 499712 c:\windows\Installer\9c818.msi
+ 2009-05-27 02:53 . 2009-05-27 02:53 579072 c:\windows\Installer\9c7e4.msp
+ 2009-09-06 05:50 . 2010-02-02 07:54 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-02-02 07:56 . 2009-08-29 08:08 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-02-02 07:56 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-02-02 07:56 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-02-02 07:56 . 2009-08-29 08:08 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-02-02 07:56 . 2009-08-29 08:08 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-02-02 07:56 . 2009-08-29 08:08 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-02-02 07:56 . 2009-08-29 08:08 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-02-02 07:56 . 2009-08-29 08:08 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-02-02 07:56 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2010-02-02 05:13 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-07-21 06:14 . 2009-07-21 06:14 1393480 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.30.2107.0_x-ww_bd5ca85e\msxml4.dll
+ 2009-04-20 18:19 . 2009-08-15 01:49 1859712 c:\windows\system32\win32k.sys
- 2009-04-20 18:18 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2009-04-20 18:18 . 2009-12-21 19:14 1208832 c:\windows\system32\urlmon.dll
+ 2009-04-20 18:18 . 2009-07-31 04:24 1447424 c:\windows\system32\msxml6.dll
+ 2009-07-21 06:16 . 2009-07-21 06:16 1393480 c:\windows\system32\msxml4.dll
+ 2009-04-20 18:18 . 2009-07-31 04:24 1172480 c:\windows\system32\msxml3.dll
+ 2009-04-20 18:18 . 2009-12-21 19:14 5942784 c:\windows\system32\mshtml.dll
+ 2009-04-20 18:21 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
- 2009-04-20 18:21 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2009-09-04 18:48 . 2010-02-01 18:47 1638128 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-18 07:33 . 2009-08-18 07:33 1193832 c:\windows\system32\FM20.DLL
+ 2009-04-17 23:20 . 2009-08-15 01:49 1859712 c:\windows\system32\dllcache\win32k.sys
+ 2009-09-21 05:45 . 2009-12-21 19:14 1208832 c:\windows\system32\dllcache\urlmon.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 5942784 c:\windows\system32\dllcache\mshtml.dll
- 2009-09-21 05:45 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-09-21 05:45 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-18 20:58 . 2009-08-18 20:58 8301056 c:\windows\Installer\9c82d.msp
+ 2009-08-18 20:57 . 2009-08-18 20:57 9122304 c:\windows\Installer\9c810.msp
+ 2009-10-16 15:09 . 2009-10-16 15:09 2518016 c:\windows\Installer\9c7fa.msp
+ 2009-08-18 21:08 . 2009-08-18 21:08 1373696 c:\windows\Installer\9c7cf.msp
+ 2009-04-24 20:29 . 2009-04-24 20:29 9013760 c:\windows\Installer\9aa9f.msp
+ 2009-12-03 22:15 . 2009-12-03 22:15 5004288 c:\windows\Installer\8b741e.msp
- 2009-09-06 05:50 . 2009-11-03 23:16 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-09-06 05:50 . 2009-11-03 23:16 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-09-06 05:50 . 2010-02-02 07:54 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-06 12:26 . 2009-03-06 12:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2008-11-21 07:06 . 2008-11-21 07:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2010-02-02 07:56 . 2009-08-29 08:08 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-02-02 07:56 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-02-02 07:56 . 2009-08-29 08:08 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2010-02-01 18:54 . 2010-01-05 00:17 29634504 c:\windows\system32\MRT.exe
+ 2009-04-20 18:21 . 2009-12-21 19:14 11070464 c:\windows\system32\ieframe.dll
+ 2009-07-20 01:48 . 2009-12-21 19:14 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-18 20:50 . 2009-08-18 20:50 12022272 c:\windows\Installer\9c7b9.msp
+ 2010-02-02 05:21 . 2010-02-02 05:21 15710720 c:\windows\Installer\8b7409.msp
+ 2010-02-02 07:56 . 2009-08-29 08:08 11069440 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-23 294696]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-17 1799952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RRT-Auto"="c:\documents and settings\Owner\My Documents\Downloads\RRT.exe" [2010-01-31 1738240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-04-20 128512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-22 40048]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\procexp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20996:TCP"= 20996:TCP:BitComet 20996 TCP
"20996:UDP"= 20996:UDP:BitComet 20996 UDP
R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [04.09.2009 21:54 36512]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [04.09.2009 21:54 39456]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [04.09.2009 20:34 25160]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [04.09.2009 20:34 132296]
.
Contents of the 'Scheduled Tasks' folder
2010-02-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {018A4CF3-F1F4-4257-B9C7-A3A0AC70D8D0} = 156.154.70.22,156.154.71.22
TCP: {C6DD66E6-4A3D-491E-814D-5243AB1D8D0A} = 83.149.115.157,4.2.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2ao06ijg.default\
FF - component: c:\program files\Comodo\VEngine\VerificationEngine_ff3_5\components\VEngine.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-02 00:45
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,fc,67,ce,cf,24,a2,41,b7,93,6f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,fc,67,ce,cf,24,a2,41,b7,93,6f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\guard32.dll
- - - - - - - > 'explorer.exe'(992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3079_x-ww_b811a94e\MSVCR80.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\ShellExt\CmdOpen.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
.
Completion time: 2010-02-02 00:47:28
ComboFix-quarantined-files.txt 2010-02-02 08:47
ComboFix2.txt 2010-02-02 03:33
Pre-Run: 5 688 745 984 bytes free
Post-Run: 5 709 639 680 bytes free
- - End Of File - - B084910A545BE2592FE591AFB91479A4
I had a little quark when dragging... it said some HIRCMD or something like that could not be found or executed etc.... and spammed it a bit, but i believe it completed whatever it needed. When i redid the drag it ran cf normally and made the log file that i have posted!!
Thanks Again so much.. and can you explain how combofix works... this has been the only infection i have had where ive needed to consult the forums, and ps if i have a bunch of unnamed numbered and wired folderc in c:/ thay have files in them... like sys files possibly from my antivirus etc and these scans can i delete them??