Thread: Internet not working, popups, very slow computer, HJT log posted, please help!
View Single Post
Old 06-18-2008, 10:56 PM   #7 (permalink)
naiart
Registered User
 
Join Date: Jun 2008
Posts: 6
OS: Win XP SP2


Re: Internet not working, popups, very slow computer, HJT log posted, please help!
Hi, okay I followed the stepss, the offline installation of Java didn't download so I used the online install file and that seemed to work fine. Here is the combofix.txt log: (I'm running the Kaspersky scanner now, I will leave it on overnight as it seems to take a while, and post the results tomorrow). Yes, everything seems to be running a lot better now! Thanks again for your help.

___________

ComboFix 08-06-16.5 - TP 2008-06-18 22:57:o6.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.579 [GMT -4:o0]
Running from: C:\Documents and Settings\TP\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\TP\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\dllmgr64.exe
C:\WINDOWS\qwert.exe
C:\WINDOWS\rund1132.exe
C:\WINDOWS\sysmgr64.exe
C:\WINDOWS\VHJhaWFuIFBvcGVzY3U\pJL1uqIRKI1Sw3pWsao.vbs
C:\WINDOWS\videoimp.ini
C:\WINDOWS\warnhp.html
C:\WINDOWS\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\enewsletterpro1.dat
C:\WINDOWS\VHJhaWFuIFBvcGVzY3U\pJL1uqIRKI1Sw3pWsao.vbs
C:\WINDOWS\videoimp.ini
C:\WINDOWS\wininit.ini
C:\WINDOWS\winsysupd41.dat
C:\WINDOWS\winsysupd51.dat
C:\WINDOWS\winsysupd61.dat

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-17 22:32 . 2008-04-14 07:o1 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-17 21:58 . 2008-06-17 21:59 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-17 20:56 . 2008-06-17 22:41 <DIR> d-------- C:\SDFix
2008-06-16 23:44 . 2008-06-16 23:44 <DIR> d-------- C:\Deckard
2008-06-11 21:27 . 2008-06-11 21:27 <DIR> d-------- C:\TaskKiller
2008-06-10 20:33 . 2008-06-10 21:o0 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-09 23:o3 . 2008-06-09 23:o3 167,613 --a------ C:\87100_3_123_1122lo.jpg
2008-06-09 23:o3 . 2008-06-09 23:o3 162,937 --a------ C:\87113_5_123_255lo.jpg
2008-06-09 23:o3 . 2008-06-09 23:o3 160,617 --a------ C:\87112_4_123_416lo.jpg
2008-06-08 01:o6 . 1998-08-27 00:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-06-08 01:o6 . 1998-08-20 07:o2 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-06-08 01:o6 . 1998-09-02 04:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-06-08 01:o6 . 1998-09-02 04:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-06-08 01:o5 . 2008-06-08 01:o5 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-08 01:o5 . 1998-09-02 04:o2 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-06-08 01:o5 . 1998-08-17 05:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-06-08 01:o5 . 1998-08-17 05:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-06-08 01:o5 . 1998-08-17 05:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-06-08 01:o5 . 2008-06-08 01:o5 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-06-08 01:o5 . 2008-06-08 01:o5 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-06-08 01:o5 . 2001-06-20 10:o4 21 --a------ C:\WINDOWS\VI_setup.ini
2008-06-08 01:o4 . 2008-06-08 01:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-08 01:o4 . 2008-06-08 01:o8 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-08 00:58 . 2008-06-08 00:58 <DIR> d-------- C:\Program Files\directx
2008-06-03 19:45 . 2008-06-17 20:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-03 19:44 . 2008-06-03 19:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-03 19:44 . 2008-06-03 19:44 2,521 --a------ C:\WINDOWS\unins000.dat
2008-06-03 00:45 . 2008-06-03 00:45 38,528 --a------ C:\CV.pdf
2008-05-19 22:38 . 2008-05-19 22:38 118,784 --a------ C:\Lexus-IS-F_2008_5b.jpg
2008-05-19 22:38 . 2008-05-19 22:38 108,290 --a------ C:\Lexus-IS-F_2008_09.jpg
2008-05-19 22:37 . 2008-05-19 22:37 190,120 --a------ C:\Lexus-IS-F_2008_2c.jpg
2008-05-19 22:37 . 2008-05-19 22:37 135,168 --a------ C:\Lexus-IS-F_2008_5a.jpg
2008-05-19 22:37 . 2008-05-19 22:37 110,325 --a------ C:\Lexus-IS-F_2008_22.jpg
2008-05-19 22:29 . 2008-05-19 22:29 133,834 --a------ C:\m3sedan08_07.jpg
2008-05-19 22:29 . 2008-05-19 22:29 92,213 --a------ C:\lexusisf08_05.jpg
2008-05-19 22:24 . 2008-05-19 22:24 29,805 --a------ C:\08.audi.rs6.act.f34.1.500.jpg
2008-05-19 22:24 . 2008-05-19 22:25 28,634 --a------ C:\08.audi.rs6.act.r34.3.500.jpg
2008-05-19 22:23 . 2008-05-19 22:23 32,122 --a------ C:\08.audi.rs6.act.f34.8.500.jpg
2008-05-19 22:21 . 2008-05-19 22:25 209,366 --a------ C:\rs608_interior21600.jpg
2008-05-19 22:18 . 2008-05-19 22:18 97,022 --a------ C:\car_photo_248796_25.jpg
2008-05-19 22:14 . 2008-05-19 22:14 112,603 --a------ C:\m3sedan08_06.jpg
2008-05-19 22:o8 . 2008-05-19 22:o8 249,645 --a------ C:\186_1.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 03:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-18 01:50 368,640 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp
2008-06-18 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 03:o6 --------- d-----w C:\Documents and Settings\TP\Application Data\Lavasoft
2008-06-14 03:29 339,968 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp
2008-06-09 04:17 429,568 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2008-06-08 05:o5 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 03:30 3,098,624 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2008-06-03 00:o0 31,873,414 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-18 07:10 --------- d-----w C:\Program Files\eMule
2008-05-18 06:22 --------- d-----w C:\Program Files\Intel Desktop Board Audio Driver
2008-05-16 02:o1 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-05-13 01:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-11 05:57 --------- d-----w C:\Program Files\nFLVPlayer
2008-05-10 03:53 --------- d-----w C:\Program Files\X-COM
2008-05-09 05:34 1,278,464 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2008-05-08 23:50 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 02:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 02:48 --------- d-----w C:\Documents and Settings\TP\Application Data\AdobeUM
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-03 06:17 182,272 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2008-05-02 04:32 2,758,144 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-11 05:37 3,452,928 -c--a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 05:o1 5,042,176 -c--a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2008-03-20 05:o1 2,122,240 -c--a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-14 00:18 23,864 -c--a-w C:\Documents and Settings\TP\Application Data\GDIPFONTCACHEV1.DAT
2007-12-27 04:o7 88 --sha-r C:\WINDOWS\system32\460A1FC05D.sys
2007-12-27 04:o7 2,516 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-17_23.50.37.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:o4:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-18 03:37:o5 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 03:o4:o5 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:o1:o2 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:o6:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:o6:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:o6:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:o6:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:o6:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:o6:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:o6:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:o6:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:o6:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:o6:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:o6:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:o6:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:o0:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:o6:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:o6:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:o6:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:o6:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:o6:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:o6:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:o6:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:o6:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:o6:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:o6:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:o6:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:o6:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:o6:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:o6:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:o6:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:o6:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:o6:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:o6:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:o6:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:o6:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:o7:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:o6:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:o6:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:o6:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:o6:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:o6:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:o0:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:o6:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:o6:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:o6:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:o6:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:o6:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:o6:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:o6:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:o6:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:o3 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:o6:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:o6:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:o6:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:o6:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-04 06:10:37 274,304 -c--a-w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-04-14 11:o1:o2 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
- 2008-03-01 13:o6:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:o6:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:o6:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:o6:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:o6:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:o6:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:o7:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:o6:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:o6:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:o6:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:o6:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:o6:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:o0:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:o6:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:o4 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:o6:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:o6:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:o6:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:o6:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:o6:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:o6:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:o6:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-03-20 18:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:o6:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:o6:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:o6:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-19 03:o4:44 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"="" []
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2007-03-09 00:o2 919280]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
--a--c--- 2003-09-03 22:33 106496 C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
--a--c--- 2003-06-13 10:57 294912 C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RasAuto"=3 (0x3)
"SavRoam"=3 (0x3)
"sysmgr64"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:o0000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:o0000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Winamp\\winamp.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=

R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 11:17]
S4 aolsoftware;AolSoftware;"C:\WINDOWS\qwert.exe" []
S4 dll service;windows dll service;"C:\WINDOWS\rund1132.exe" []
S4 dllmgr64;dllmgr64;"C:\WINDOWS\dllmgr64.exe" []
S4 sysmgr64;sysmgr64;"C:\WINDOWS\sysmgr64.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2007-07-23 13:o0:o0 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 23:o5:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
.
**************************************************************************
.
Completion time: 2008-06-18 23:18:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 03:18:12
ComboFix2.txt 2008-06-18 03:51:35

Pre-Run: 888,370,176 bytes free
Post-Run: 869,147,648 bytes free

358 --- E O F --- 2008-06-18 04:o8:42
naiart is offline