Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92370 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] HJT Log


  • This topic is locked This topic is locked
24 replies to this topic

#16 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 11 November 2009 - 08:45 PM

Hi,

Your logs is still showing signs of infection.

Please delete the copy of Combofix from your desktop.

Download a fresh copy from one of the following links.

make sure your security programs are disabled, then run Combofix again - post the resulting log:


Link 1
Link 2

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#17 oooicu812o

oooicu812o

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 11 November 2009 - 09:26 PM

ComboFix 09-11-11.02 - Kevin 11/11/2009 21:10.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.837 [GMT -6:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-11 17:39 . 2009-11-11 17:39 79488 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-11 17:33 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\in00000\setup.exe
2009-11-11 17:33 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\ar00000\install.exe
2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\windows\Sun
2009-11-10 22:25 . 2009-11-10 22:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\program files\Java
2009-11-10 22:24 . 2009-11-10 22:24 152576 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-11-10 22:23 . 2009-11-10 22:23 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-10 12:39 . 2009-11-10 12:39 -------- d-----w- C:\$WINDOWS.~BT
2009-11-10 05:03 . 2009-11-10 05:03 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Search
2009-11-10 01:09 . 2009-11-10 01:09 826 ----a-w- c:\windows\system32\wininit.dll
2009-11-06 01:16 . 2009-11-06 01:16 -------- d-----w- c:\program files\MSXML 4.0
2009-11-06 01:15 . 2009-08-29 07:36 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-06 01:15 . 2009-08-29 07:36 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-06 01:15 . 2009-08-29 07:36 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-06 01:15 . 2009-08-29 07:36 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-06 01:15 . 2009-08-29 07:36 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-11-06 01:15 . 2009-08-29 07:36 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-11-06 01:15 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-11-06 01:15 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-03 01:10 . 2009-11-03 01:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-03 00:10 . 2009-11-03 00:10 128 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\fusioncache.dat
2009-11-02 23:50 . 2009-11-02 23:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-02 23:49 . 2009-11-02 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-11-02 23:28 . 2009-11-03 00:10 -------- d-----w- c:\program files\Common Files\BHPS
2009-11-02 23:28 . 2009-11-02 23:51 -------- d-----w- c:\program files\BHPS
2009-11-02 01:59 . 2009-11-02 02:19 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Adobe
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 04:20 . 2000-08-03 01:50 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-11-01 04:19 . 2004-12-17 21:14 13952 ------w- c:\windows\system32\drivers\UBHelper.sys
2009-11-01 04:19 . 2009-11-01 04:19 -------- d-----w- c:\program files\Common Files\LightScribe
2009-11-01 04:19 . 2006-12-14 22:53 2819584 ------w- c:\windows\system32\LS_HSI.msi
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMP3.dll
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIJCMK5.dll
2009-11-01 04:12 . 2009-11-01 04:12 1024 ---h--r- c:\windows\system32\NTIDBD32.dll
2009-11-01 04:10 . 2009-11-01 04:20 1024 ---h--r- c:\windows\system32\NTIBUN4.dll
2009-11-01 04:08 . 2009-11-01 04:20 -------- d-----w- c:\program files\Common Files\NewTech Infosystems
2009-11-01 04:07 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIFCD3.dll
2009-11-01 04:06 . 2009-11-01 04:06 -------- d-----w- c:\program files\Elaborate Bytes
2009-10-30 05:01 . 2009-11-06 01:09 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\ApplicationHistory
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Identities
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Desktop Search
2009-10-30 04:53 . 2009-11-01 04:22 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-30 04:53 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-30 04:53 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-30 04:53 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-30 04:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-30 04:45 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-30 04:39 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-30 04:37 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-30 04:37 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-30 04:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-30 04:37 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-30 04:36 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-30 04:34 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-30 04:34 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\MSBuild
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\scripting
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\l2schemas
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\en
2009-10-28 03:01 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-28 03:01 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-28 03:01 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-28 03:01 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-28 03:01 . 2008-04-14 00:12 53248 ------w- c:\windows\system32\tsgqec.dll
2009-10-28 03:01 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-10-28 03:01 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-10-28 03:01 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-28 02:30 . 2009-10-28 02:30 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-10-28 02:30 . 2009-11-01 04:20 -------- d-----w- c:\program files\NewTech Infosystems
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTICDMK7.dll
2009-10-28 02:29 . 2009-11-01 04:18 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2009-10-27 19:08 . 2009-10-27 19:08 -------- d-----w- c:\documents and settings\Kevin\Application Data\DivX
2009-10-26 20:42 . 2009-11-01 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-26 20:36 . 2009-10-26 20:36 -------- d-----w- c:\program files\Gtech PASS RR 2.0
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\DIFX
2009-10-26 19:33 . 2009-10-26 19:33 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-26 19:33 . 2009-10-26 19:33 125670 ----a-w- c:\windows\LogWorks3 Uninstaller.exe
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\LogWorks3
2009-10-26 19:30 . 2000-01-31 11:00 25600 ----a-w- c:\windows\system32\borlndmm.dll
2009-10-26 19:30 . 2000-01-31 11:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\program files\Haltech
2009-10-26 19:30 . 1999-03-23 15:12 299520 ----a-w- c:\windows\uninst.exe
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\documents and settings\Kevin\WINDOWS
2009-10-26 18:52 . 2009-10-26 18:53 -------- d-----w- c:\windows\ShellNew
2009-10-26 18:52 . 2009-10-26 18:52 -------- d-----w- c:\program files\Common Files\L&H
2009-10-22 00:48 . 2009-10-26 18:51 -------- d-----w- c:\documents and settings\Kevin\Application Data\ProspectorV5
2009-10-22 00:48 . 2009-10-22 00:48 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\IsolatedStorage
2009-10-22 00:47 . 2009-10-22 00:47 9062 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\UNINST_Uninstall_P_0EFD655105AD409EA61C7E7C0DD2C138.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut3_D2FF824E9001418EA3D2B3637212BA28.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut2_41A2A34BEFF14C1C9CC9CA3E462D2AD1.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\ARPPRODUCTICON.exe
2009-10-22 00:47 . 2009-10-22 00:47 -------- d-----w- c:\program files\MoxieProxy
2009-10-21 23:20 . 2009-10-21 23:20 -------- d-----w- c:\windows\Downloaded Installations
2009-10-21 23:13 . 2009-11-01 13:40 20328 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 23:12 . 2009-10-30 04:55 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-21 22:31 . 2009-10-21 22:31 -------- d-----w- c:\windows\provisioning
2009-10-21 12:57 . 2008-04-14 11:42 11264 ------w- c:\windows\system32\spnpinst.exe
2009-10-21 12:57 . 2004-08-02 19:20 4569 ------w- c:\windows\system32\secupd.dat
2009-10-21 12:23 . 2009-10-21 12:23 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\tjnet
2009-10-21 05:00 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\setup1.exe
2009-10-21 05:00 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\install1.exe
2009-10-21 04:59 . 2009-11-11 17:33 -------- d-----w- c:\documents and settings\Kevin\Application Data\mjusbsp
2009-10-21 04:58 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-21 04:58 . 2008-04-13 19:16 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2009-10-21 04:58 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-21 04:58 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2009-10-21 04:58 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-21 04:58 . 2008-04-13 18:45 49408 ----a-w- c:\windows\system32\drivers\stream.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 04:20 . 2009-10-21 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 03:19 . 2009-10-21 01:42 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-10-28 02:30 . 2009-10-21 02:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-21 02:02 . 2009-10-21 02:02 -------- d-----w- c:\program files\WUSB11 WLAN Monitor
2009-10-21 01:43 . 2009-10-21 01:43 -------- d-----w- c:\program files\microsoft frontpage
2009-10-21 01:33 . 2009-10-21 01:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-08 20:57 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-11 14:18 . 2001-08-23 15:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-06-23 16:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2001-08-23 15:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2009-10-21 03:10 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-10_21.54.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-11 17:33 . 2009-11-11 17:33 16384 c:\windows\temp\Perflib_Perfdata_5dc.dat
+ 2001-08-23 15:00 . 2009-11-11 17:37 78114 c:\windows\system32\perfc009.dat
- 2001-08-23 15:00 . 2009-11-10 11:58 78114 c:\windows\system32\perfc009.dat
+ 2009-10-26 18:54 . 2009-11-10 22:23 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2001-08-23 15:00 . 2009-11-10 11:58 462168 c:\windows\system32\perfh009.dat
+ 2001-08-23 15:00 . 2009-11-11 17:37 462168 c:\windows\system32\perfh009.dat
+ 2009-11-10 22:25 . 2009-11-10 22:25 148888 c:\windows\system32\javaws.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\javaw.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\java.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 598016 c:\windows\Installer\23a3bcb.msi
+ 2009-10-26 18:54 . 2009-11-10 22:23 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-11-10 22:23 . 2009-11-10 22:23 120592 c:\windows\Downloaded Program Files\LiveSound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Kevin\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-21 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Kevin\Desktop\hijackthis\New Folder\New Folder\1\mbam.exe" [2009-09-10 1312080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\office.exe
backup=c:\windows\pss\office.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Kevin\\Application Data\\mjusbsp\\magicJack.exe"=

R2 ProQuest Product License Manager;ProQuest Product License Manager;c:\progra~1\BHPS\lic\bin\lmgrd.exe [11/2/2009 5:49 PM 630272]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
.
- - - - ORPHANS REMOVED - - - -

Notify-__c002B41 - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 21:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-11-12 21:18
ComboFix-quarantined-files.txt 2009-11-12 03:18
ComboFix2.txt 2009-11-11 16:56
ComboFix3.txt 2009-11-10 21:56

Pre-Run: 29,705,510,912 bytes free
Post-Run: 29,831,057,408 bytes free

- - End Of File - - 568E5ED7FB6F17E5C40159A822BD1BD1

#18 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 12 November 2009 - 10:48 AM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/HJT_Log_t108200.html&view=findpost&p=610049#entry610049

Collect::
c:\windows\system32\rehuwido
c:\windows\wininit.ini
c:\windows\system32\wininit.dll

DDS::
BHO: {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [calc] rundll32.exe c:\windows\system32\config\system~1\ntuser.dll,_IWMPEvents@0
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
uRun: [A00F44A73.exe] c:\docume~1\kevin\locals~1\temp\_A00F44A73.exe

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#19 oooicu812o

oooicu812o

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 November 2009 - 05:39 PM

ComboFix 09-11-13.04 - Kevin 11/12/2009 17:25.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.867 [GMT -6:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt

file zipped: c:\windows\system32\rehuwido
file zipped: c:\windows\system32\wininit.dll
file zipped: c:\windows\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rehuwido
c:\windows\system32\wininit.dll
c:\windows\wininit.ini

.
((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 13:18 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\in00000\setup.exe
2009-11-12 13:18 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\ar00000\install.exe
2009-11-11 17:39 . 2009-11-12 13:24 79488 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\windows\Sun
2009-11-10 22:25 . 2009-11-10 22:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\program files\Java
2009-11-10 22:24 . 2009-11-10 22:24 152576 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-11-10 22:23 . 2009-11-10 22:23 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-10 12:39 . 2009-11-10 12:39 -------- d-----w- C:\$WINDOWS.~BT
2009-11-10 05:03 . 2009-11-10 05:03 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Search
2009-11-06 01:16 . 2009-11-06 01:16 -------- d-----w- c:\program files\MSXML 4.0
2009-11-06 01:15 . 2009-08-29 07:36 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-06 01:15 . 2009-08-29 07:36 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-06 01:15 . 2009-08-29 07:36 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-06 01:15 . 2009-08-29 07:36 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-06 01:15 . 2009-08-29 07:36 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-11-06 01:15 . 2009-08-29 07:36 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-11-06 01:15 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-11-06 01:15 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-03 01:10 . 2009-11-03 01:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-03 00:10 . 2009-11-03 00:10 128 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\fusioncache.dat
2009-11-02 23:50 . 2009-11-02 23:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-02 23:49 . 2009-11-02 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-11-02 23:28 . 2009-11-03 00:10 -------- d-----w- c:\program files\Common Files\BHPS
2009-11-02 23:28 . 2009-11-02 23:51 -------- d-----w- c:\program files\BHPS
2009-11-02 01:59 . 2009-11-02 02:19 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Adobe
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 04:20 . 2000-08-03 01:50 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-11-01 04:19 . 2004-12-17 21:14 13952 ------w- c:\windows\system32\drivers\UBHelper.sys
2009-11-01 04:19 . 2009-11-01 04:19 -------- d-----w- c:\program files\Common Files\LightScribe
2009-11-01 04:19 . 2006-12-14 22:53 2819584 ------w- c:\windows\system32\LS_HSI.msi
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMP3.dll
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIJCMK5.dll
2009-11-01 04:12 . 2009-11-01 04:12 1024 ---h--r- c:\windows\system32\NTIDBD32.dll
2009-11-01 04:10 . 2009-11-01 04:20 1024 ---h--r- c:\windows\system32\NTIBUN4.dll
2009-11-01 04:08 . 2009-11-01 04:20 -------- d-----w- c:\program files\Common Files\NewTech Infosystems
2009-11-01 04:07 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIFCD3.dll
2009-11-01 04:06 . 2009-11-01 04:06 -------- d-----w- c:\program files\Elaborate Bytes
2009-10-30 05:01 . 2009-11-06 01:09 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\ApplicationHistory
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Identities
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Desktop Search
2009-10-30 04:53 . 2009-11-01 04:22 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-30 04:53 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-30 04:53 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-30 04:53 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-30 04:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-30 04:45 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-30 04:39 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-30 04:37 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-30 04:37 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-30 04:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-30 04:37 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-30 04:36 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-30 04:34 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-30 04:34 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\MSBuild
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\scripting
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\l2schemas
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\en
2009-10-28 03:01 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-28 03:01 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-28 03:01 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-28 03:01 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-28 03:01 . 2008-04-14 00:12 53248 ------w- c:\windows\system32\tsgqec.dll
2009-10-28 03:01 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-10-28 03:01 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-10-28 03:01 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-28 02:30 . 2009-10-28 02:30 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-10-28 02:30 . 2009-11-01 04:20 -------- d-----w- c:\program files\NewTech Infosystems
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTICDMK7.dll
2009-10-28 02:29 . 2009-11-01 04:18 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2009-10-27 19:08 . 2009-10-27 19:08 -------- d-----w- c:\documents and settings\Kevin\Application Data\DivX
2009-10-26 20:42 . 2009-11-01 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-26 20:36 . 2009-10-26 20:36 -------- d-----w- c:\program files\Gtech PASS RR 2.0
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\DIFX
2009-10-26 19:33 . 2009-10-26 19:33 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-26 19:33 . 2009-10-26 19:33 125670 ----a-w- c:\windows\LogWorks3 Uninstaller.exe
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\LogWorks3
2009-10-26 19:30 . 2000-01-31 11:00 25600 ----a-w- c:\windows\system32\borlndmm.dll
2009-10-26 19:30 . 2000-01-31 11:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\program files\Haltech
2009-10-26 19:30 . 1999-03-23 15:12 299520 ----a-w- c:\windows\uninst.exe
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\documents and settings\Kevin\WINDOWS
2009-10-26 18:52 . 2009-10-26 18:53 -------- d-----w- c:\windows\ShellNew
2009-10-26 18:52 . 2009-10-26 18:52 -------- d-----w- c:\program files\Common Files\L&H
2009-10-22 00:48 . 2009-11-12 23:22 -------- d-----w- c:\documents and settings\Kevin\Application Data\ProspectorV5
2009-10-22 00:48 . 2009-10-22 00:48 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\IsolatedStorage
2009-10-22 00:47 . 2009-10-22 00:47 9062 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\UNINST_Uninstall_P_0EFD655105AD409EA61C7E7C0DD2C138.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut3_D2FF824E9001418EA3D2B3637212BA28.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut2_41A2A34BEFF14C1C9CC9CA3E462D2AD1.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\ARPPRODUCTICON.exe
2009-10-22 00:47 . 2009-10-22 00:47 -------- d-----w- c:\program files\MoxieProxy
2009-10-21 23:20 . 2009-10-21 23:20 -------- d-----w- c:\windows\Downloaded Installations
2009-10-21 23:13 . 2009-11-01 13:40 20328 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 23:12 . 2009-10-30 04:55 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-21 22:31 . 2009-10-21 22:31 -------- d-----w- c:\windows\provisioning
2009-10-21 12:57 . 2008-04-14 11:42 11264 ------w- c:\windows\system32\spnpinst.exe
2009-10-21 12:57 . 2004-08-02 19:20 4569 ------w- c:\windows\system32\secupd.dat
2009-10-21 12:23 . 2009-10-21 12:23 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\tjnet
2009-10-21 05:00 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\setup1.exe
2009-10-21 05:00 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\install1.exe
2009-10-21 04:59 . 2009-11-12 13:18 -------- d-----w- c:\documents and settings\Kevin\Application Data\mjusbsp
2009-10-21 04:58 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-21 04:58 . 2008-04-13 19:16 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2009-10-21 04:58 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-21 04:58 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2009-10-21 04:58 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-21 04:58 . 2008-04-13 18:45 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2009-10-21 04:49 . 2008-04-14 00:11 40960 ----a-w- c:\windows\system32\mf3216.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 04:20 . 2009-10-21 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 03:19 . 2009-10-21 01:42 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-10-28 02:30 . 2009-10-21 02:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-21 02:02 . 2009-10-21 02:02 -------- d-----w- c:\program files\WUSB11 WLAN Monitor
2009-10-21 01:43 . 2009-10-21 01:43 -------- d-----w- c:\program files\microsoft frontpage
2009-10-21 01:33 . 2009-10-21 01:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-08 20:57 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-11 14:18 . 2001-08-23 15:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-06-23 16:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2001-08-23 15:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2009-10-21 03:10 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-10_21.54.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-12 13:18 . 2009-11-12 13:18 16384 c:\windows\temp\Perflib_Perfdata_5cc.dat
+ 2001-08-23 15:00 . 2009-11-12 13:22 78114 c:\windows\system32\perfc009.dat
- 2001-08-23 15:00 . 2009-11-10 11:58 78114 c:\windows\system32\perfc009.dat
+ 2009-10-26 18:54 . 2009-11-10 22:23 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2001-08-23 15:00 . 2009-11-10 11:58 462168 c:\windows\system32\perfh009.dat
+ 2001-08-23 15:00 . 2009-11-12 13:22 462168 c:\windows\system32\perfh009.dat
+ 2009-11-10 22:25 . 2009-11-10 22:25 148888 c:\windows\system32\javaws.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\javaw.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\java.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 598016 c:\windows\Installer\23a3bcb.msi
+ 2009-10-26 18:54 . 2009-11-10 22:23 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-11-10 22:23 . 2009-11-10 22:23 120592 c:\windows\Downloaded Program Files\LiveSound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Kevin\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-21 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Kevin\Desktop\hijackthis\New Folder\New Folder\1\mbam.exe" [2009-09-10 1312080]
"ropopepuk"="c:\windows\system32\botapepe.dll" [BU]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c002B41]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\office.exe
backup=c:\windows\pss\office.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Kevin\\Application Data\\mjusbsp\\magicJack.exe"=

R2 ProQuest Product License Manager;ProQuest Product License Manager;c:\progra~1\BHPS\lic\bin\lmgrd.exe [11/2/2009 5:49 PM 630272]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 17:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-12 17:34
ComboFix-quarantined-files.txt 2009-11-12 23:34
ComboFix2.txt 2009-11-12 03:18
ComboFix3.txt 2009-11-11 16:56
ComboFix4.txt 2009-11-10 21:56

Pre-Run: 29,778,120,704 bytes free
Post-Run: 29,772,460,032 bytes free

- - End Of File - - 0CA2DCF3C9CA60883213F8824033DBC2
Upload was successful

#20 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 12 November 2009 - 05:51 PM

Hi,

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.whatthetech.com/HJT_Log_t108200.html

Collect::
c:\windows\system32\botapepe.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ropopepuk"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c002B41]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#21 oooicu812o

oooicu812o

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 November 2009 - 07:00 PM

ComboFix 09-11-13.04 - Kevin 11/12/2009 18:50.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.883 [GMT -6:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 13:18 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\in00000\setup.exe
2009-11-12 13:18 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\ar00000\install.exe
2009-11-11 17:39 . 2009-11-12 13:24 79488 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\windows\Sun
2009-11-10 22:25 . 2009-11-10 22:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\program files\Java
2009-11-10 22:24 . 2009-11-10 22:24 152576 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-11-10 22:23 . 2009-11-10 22:23 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-10 12:39 . 2009-11-10 12:39 -------- d-----w- C:\$WINDOWS.~BT
2009-11-10 05:03 . 2009-11-10 05:03 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Search
2009-11-06 01:16 . 2009-11-06 01:16 -------- d-----w- c:\program files\MSXML 4.0
2009-11-06 01:15 . 2009-08-29 07:36 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-06 01:15 . 2009-08-29 07:36 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-06 01:15 . 2009-08-29 07:36 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-06 01:15 . 2009-08-29 07:36 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-06 01:15 . 2009-08-29 07:36 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-11-06 01:15 . 2009-08-29 07:36 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-11-06 01:15 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-11-06 01:15 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-03 01:10 . 2009-11-03 01:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-03 00:10 . 2009-11-03 00:10 128 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\fusioncache.dat
2009-11-02 23:50 . 2009-11-02 23:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-02 23:49 . 2009-11-02 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-11-02 23:28 . 2009-11-03 00:10 -------- d-----w- c:\program files\Common Files\BHPS
2009-11-02 23:28 . 2009-11-02 23:51 -------- d-----w- c:\program files\BHPS
2009-11-02 01:59 . 2009-11-02 02:19 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Adobe
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 04:20 . 2000-08-03 01:50 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-11-01 04:19 . 2004-12-17 21:14 13952 ------w- c:\windows\system32\drivers\UBHelper.sys
2009-11-01 04:19 . 2009-11-01 04:19 -------- d-----w- c:\program files\Common Files\LightScribe
2009-11-01 04:19 . 2006-12-14 22:53 2819584 ------w- c:\windows\system32\LS_HSI.msi
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMP3.dll
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIJCMK5.dll
2009-11-01 04:12 . 2009-11-01 04:12 1024 ---h--r- c:\windows\system32\NTIDBD32.dll
2009-11-01 04:10 . 2009-11-01 04:20 1024 ---h--r- c:\windows\system32\NTIBUN4.dll
2009-11-01 04:08 . 2009-11-01 04:20 -------- d-----w- c:\program files\Common Files\NewTech Infosystems
2009-11-01 04:07 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIFCD3.dll
2009-11-01 04:06 . 2009-11-01 04:06 -------- d-----w- c:\program files\Elaborate Bytes
2009-10-30 05:01 . 2009-11-06 01:09 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\ApplicationHistory
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Identities
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Desktop Search
2009-10-30 04:53 . 2009-11-01 04:22 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-30 04:53 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-30 04:53 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-30 04:53 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-30 04:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-30 04:45 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-30 04:39 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-30 04:37 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-30 04:37 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-30 04:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-30 04:37 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-30 04:36 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-30 04:34 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-30 04:34 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\MSBuild
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\scripting
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\l2schemas
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\en
2009-10-28 03:01 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-28 03:01 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-28 03:01 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-28 03:01 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-28 03:01 . 2008-04-14 00:12 53248 ------w- c:\windows\system32\tsgqec.dll
2009-10-28 03:01 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-10-28 03:01 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-10-28 03:01 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-28 02:30 . 2009-10-28 02:30 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-10-28 02:30 . 2009-11-01 04:20 -------- d-----w- c:\program files\NewTech Infosystems
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTICDMK7.dll
2009-10-28 02:29 . 2009-11-01 04:18 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2009-10-27 19:08 . 2009-10-27 19:08 -------- d-----w- c:\documents and settings\Kevin\Application Data\DivX
2009-10-26 20:42 . 2009-11-01 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-26 20:36 . 2009-10-26 20:36 -------- d-----w- c:\program files\Gtech PASS RR 2.0
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\DIFX
2009-10-26 19:33 . 2009-10-26 19:33 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-26 19:33 . 2009-10-26 19:33 125670 ----a-w- c:\windows\LogWorks3 Uninstaller.exe
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\LogWorks3
2009-10-26 19:30 . 2000-01-31 11:00 25600 ----a-w- c:\windows\system32\borlndmm.dll
2009-10-26 19:30 . 2000-01-31 11:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\program files\Haltech
2009-10-26 19:30 . 1999-03-23 15:12 299520 ----a-w- c:\windows\uninst.exe
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\documents and settings\Kevin\WINDOWS
2009-10-26 18:52 . 2009-10-26 18:53 -------- d-----w- c:\windows\ShellNew
2009-10-26 18:52 . 2009-10-26 18:52 -------- d-----w- c:\program files\Common Files\L&H
2009-10-22 00:48 . 2009-11-12 23:22 -------- d-----w- c:\documents and settings\Kevin\Application Data\ProspectorV5
2009-10-22 00:48 . 2009-10-22 00:48 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\IsolatedStorage
2009-10-22 00:47 . 2009-10-22 00:47 9062 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\UNINST_Uninstall_P_0EFD655105AD409EA61C7E7C0DD2C138.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut3_D2FF824E9001418EA3D2B3637212BA28.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut2_41A2A34BEFF14C1C9CC9CA3E462D2AD1.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\ARPPRODUCTICON.exe
2009-10-22 00:47 . 2009-10-22 00:47 -------- d-----w- c:\program files\MoxieProxy
2009-10-21 23:20 . 2009-10-21 23:20 -------- d-----w- c:\windows\Downloaded Installations
2009-10-21 23:13 . 2009-11-01 13:40 20328 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 23:12 . 2009-10-30 04:55 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-21 22:31 . 2009-10-21 22:31 -------- d-----w- c:\windows\provisioning
2009-10-21 12:57 . 2008-04-14 11:42 11264 ------w- c:\windows\system32\spnpinst.exe
2009-10-21 12:57 . 2004-08-02 19:20 4569 ------w- c:\windows\system32\secupd.dat
2009-10-21 12:23 . 2009-10-21 12:23 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\tjnet
2009-10-21 05:00 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\setup1.exe
2009-10-21 05:00 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\install1.exe
2009-10-21 04:59 . 2009-11-12 13:18 -------- d-----w- c:\documents and settings\Kevin\Application Data\mjusbsp
2009-10-21 04:58 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-21 04:58 . 2008-04-13 19:16 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2009-10-21 04:58 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-21 04:58 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2009-10-21 04:58 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-21 04:58 . 2008-04-13 18:45 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2009-10-21 04:49 . 2008-04-14 00:11 40960 ----a-w- c:\windows\system32\mf3216.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 04:20 . 2009-10-21 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 03:19 . 2009-10-21 01:42 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-10-28 02:30 . 2009-10-21 02:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-21 02:02 . 2009-10-21 02:02 -------- d-----w- c:\program files\WUSB11 WLAN Monitor
2009-10-21 01:43 . 2009-10-21 01:43 -------- d-----w- c:\program files\microsoft frontpage
2009-10-21 01:33 . 2009-10-21 01:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-08 20:57 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-11 14:18 . 2001-08-23 15:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-06-23 16:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2001-08-23 15:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2009-10-21 03:10 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-10_21.54.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-12 13:18 . 2009-11-12 13:18 16384 c:\windows\temp\Perflib_Perfdata_5cc.dat
+ 2001-08-23 15:00 . 2009-11-12 13:22 78114 c:\windows\system32\perfc009.dat
- 2001-08-23 15:00 . 2009-11-10 11:58 78114 c:\windows\system32\perfc009.dat
+ 2009-10-26 18:54 . 2009-11-10 22:23 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2001-08-23 15:00 . 2009-11-10 11:58 462168 c:\windows\system32\perfh009.dat
+ 2001-08-23 15:00 . 2009-11-12 13:22 462168 c:\windows\system32\perfh009.dat
+ 2009-11-10 22:25 . 2009-11-10 22:25 148888 c:\windows\system32\javaws.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\javaw.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\java.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 598016 c:\windows\Installer\23a3bcb.msi
+ 2009-10-26 18:54 . 2009-11-10 22:23 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-11-10 22:23 . 2009-11-10 22:23 120592 c:\windows\Downloaded Program Files\LiveSound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Kevin\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-21 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Kevin\Desktop\hijackthis\New Folder\New Folder\1\mbam.exe" [2009-09-10 1312080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\office.exe
backup=c:\windows\pss\office.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Kevin\\Application Data\\mjusbsp\\magicJack.exe"=

R2 ProQuest Product License Manager;ProQuest Product License Manager;c:\progra~1\BHPS\lic\bin\lmgrd.exe [11/2/2009 5:49 PM 630272]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 18:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\lsz8h4t8.TMP 616448 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2648)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-11-12 18:58
ComboFix-quarantined-files.txt 2009-11-13 00:58
ComboFix2.txt 2009-11-12 23:37
ComboFix3.txt 2009-11-12 03:18
ComboFix4.txt 2009-11-11 16:56
ComboFix5.txt 2009-11-13 00:49

Pre-Run: 29,774,585,856 bytes free
Post-Run: 29,770,690,560 bytes free

- - End Of File - - 40326ABE3FF00A884B8E7B86F3B785FC

#22 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 12 November 2009 - 07:11 PM

Hi,

this is being irritating:

one more needs to go,

Please do the following:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Rootkit::
c:\windows\TEMP\lsz8h4t8

SkipFix::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


Please advise how your computer is running and if there are any outstanding issues.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#23 oooicu812o

oooicu812o

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 November 2009 - 07:42 PM

ComboFix 09-11-13.04 - Kevin 11/12/2009 19:22.7.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1151.795 [GMT -6:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 13:18 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\in00000\setup.exe
2009-11-11 17:39 . 2009-11-12 13:24 79488 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\windows\Sun
2009-11-10 22:25 . 2009-11-10 22:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 22:25 . 2009-11-10 22:25 -------- d-----w- c:\program files\Java
2009-11-10 22:24 . 2009-11-10 22:24 152576 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-11-10 22:23 . 2009-11-10 22:23 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-10 12:39 . 2009-11-10 12:39 -------- d-----w- C:\$WINDOWS.~BT
2009-11-10 05:03 . 2009-11-10 05:03 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Search
2009-11-06 01:16 . 2009-11-06 01:16 -------- d-----w- c:\program files\MSXML 4.0
2009-11-06 01:15 . 2009-08-29 07:36 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-06 01:15 . 2009-08-29 07:36 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-06 01:15 . 2009-08-29 07:36 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-06 01:15 . 2009-08-29 07:36 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-06 01:15 . 2009-08-29 07:36 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-11-06 01:15 . 2009-08-29 07:36 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-11-06 01:15 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-11-06 01:15 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-03 01:10 . 2009-11-03 01:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-03 00:10 . 2009-11-03 00:10 128 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\fusioncache.dat
2009-11-02 23:50 . 2009-11-02 23:50 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-02 23:49 . 2009-11-02 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2009-11-02 23:28 . 2009-11-03 00:10 -------- d-----w- c:\program files\Common Files\BHPS
2009-11-02 23:28 . 2009-11-02 23:51 -------- d-----w- c:\program files\BHPS
2009-11-02 01:59 . 2009-11-02 02:19 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Adobe
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-01 23:04 . 2009-11-01 23:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 04:20 . 2000-08-03 01:50 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2009-11-01 04:19 . 2004-12-17 21:14 13952 ------w- c:\windows\system32\drivers\UBHelper.sys
2009-11-01 04:19 . 2009-11-01 04:19 -------- d-----w- c:\program files\Common Files\LightScribe
2009-11-01 04:19 . 2006-12-14 22:53 2819584 ------w- c:\windows\system32\LS_HSI.msi
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMP3.dll
2009-11-01 04:18 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIJCMK5.dll
2009-11-01 04:12 . 2009-11-01 04:12 1024 ---h--r- c:\windows\system32\NTIDBD32.dll
2009-11-01 04:10 . 2009-11-01 04:20 1024 ---h--r- c:\windows\system32\NTIBUN4.dll
2009-11-01 04:08 . 2009-11-01 04:20 -------- d-----w- c:\program files\Common Files\NewTech Infosystems
2009-11-01 04:07 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIFCD3.dll
2009-11-01 04:06 . 2009-11-01 04:06 -------- d-----w- c:\program files\Elaborate Bytes
2009-10-30 05:01 . 2009-11-06 01:09 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\ApplicationHistory
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Identities
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Desktop Search
2009-10-30 04:53 . 2009-11-01 04:22 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-30 04:53 . 2009-10-30 04:53 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-30 04:53 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-30 04:53 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-30 04:53 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-30 04:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-30 04:45 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-30 04:39 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-30 04:37 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-30 04:37 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-30 04:37 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-30 04:37 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-30 04:36 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-30 04:34 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-30 04:34 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\Kevin\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 01:38 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\MSBuild
2009-10-28 04:50 . 2009-10-28 04:50 -------- d-----w- c:\program files\Reference Assemblies
2009-10-28 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\scripting
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\l2schemas
2009-10-28 03:15 . 2009-10-28 03:15 -------- d-----w- c:\windows\system32\en
2009-10-28 03:01 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-28 03:01 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-28 03:01 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-28 03:01 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-28 03:01 . 2008-04-14 00:12 53248 ------w- c:\windows\system32\tsgqec.dll
2009-10-28 03:01 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-10-28 03:01 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-10-28 03:01 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-10-28 02:30 . 2009-10-28 02:30 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-10-28 02:30 . 2009-11-01 04:20 -------- d-----w- c:\program files\NewTech Infosystems
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2009-10-28 02:29 . 2009-11-01 04:18 1024 ---h--r- c:\windows\system32\NTICDMK7.dll
2009-10-28 02:29 . 2009-11-01 04:18 6144 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2009-10-27 19:08 . 2009-10-27 19:08 -------- d-----w- c:\documents and settings\Kevin\Application Data\DivX
2009-10-26 20:42 . 2009-11-01 03:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-26 20:36 . 2009-10-26 20:36 -------- d-----w- c:\program files\Gtech PASS RR 2.0
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\DIFX
2009-10-26 19:33 . 2009-10-26 19:33 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-26 19:33 . 2009-10-26 19:33 125670 ----a-w- c:\windows\LogWorks3 Uninstaller.exe
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\LogWorks3
2009-10-26 19:30 . 2000-01-31 11:00 25600 ----a-w- c:\windows\system32\borlndmm.dll
2009-10-26 19:30 . 2000-01-31 11:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\program files\Haltech
2009-10-26 19:30 . 1999-03-23 15:12 299520 ----a-w- c:\windows\uninst.exe
2009-10-26 19:30 . 2009-10-26 19:30 -------- d-----w- c:\documents and settings\Kevin\WINDOWS
2009-10-26 18:52 . 2009-10-26 18:53 -------- d-----w- c:\windows\ShellNew
2009-10-26 18:52 . 2009-10-26 18:52 -------- d-----w- c:\program files\Common Files\L&H
2009-10-22 00:48 . 2009-11-12 23:22 -------- d-----w- c:\documents and settings\Kevin\Application Data\ProspectorV5
2009-10-22 00:48 . 2009-10-22 00:48 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\IsolatedStorage
2009-10-22 00:47 . 2009-10-22 00:47 9062 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\UNINST_Uninstall_P_0EFD655105AD409EA61C7E7C0DD2C138.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut3_D2FF824E9001418EA3D2B3637212BA28.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\NewShortcut2_41A2A34BEFF14C1C9CC9CA3E462D2AD1.exe
2009-10-22 00:47 . 2009-10-22 00:47 22486 ----a-r- c:\documents and settings\Kevin\Application Data\Microsoft\Installer\{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}\ARPPRODUCTICON.exe
2009-10-22 00:47 . 2009-10-22 00:47 -------- d-----w- c:\program files\MoxieProxy
2009-10-21 23:20 . 2009-10-21 23:20 -------- d-----w- c:\windows\Downloaded Installations
2009-10-21 23:13 . 2009-11-01 13:40 20328 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 23:12 . 2009-10-30 04:55 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-21 22:31 . 2009-10-21 22:31 -------- d-----w- c:\windows\provisioning
2009-10-21 12:57 . 2008-04-14 11:42 11264 ------w- c:\windows\system32\spnpinst.exe
2009-10-21 12:57 . 2004-08-02 19:20 4569 ------w- c:\windows\system32\secupd.dat
2009-10-21 12:23 . 2009-10-21 12:23 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\tjnet
2009-10-21 05:00 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\setup1.exe
2009-10-21 05:00 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Kevin\Application Data\mjusbsp\Upgrade\install1.exe
2009-10-21 04:59 . 2009-11-13 01:24 -------- d-----w- c:\documents and settings\Kevin\Application Data\mjusbsp
2009-10-21 04:58 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-21 04:58 . 2008-04-13 19:16 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2009-10-21 04:58 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-21 04:58 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2009-10-21 04:58 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-21 04:58 . 2008-04-13 18:45 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2009-10-21 04:49 . 2008-04-14 00:11 40960 ----a-w- c:\windows\system32\mf3216.dll
2009-10-21 04:49 . 2008-04-14 00:11 45056 ----a-w- c:\windows\system32\wbem\cmdevtgprov.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 04:20 . 2009-10-21 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 03:19 . 2009-10-21 01:42 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-10-28 02:30 . 2009-10-21 02:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-21 02:02 . 2009-10-21 02:02 -------- d-----w- c:\program files\WUSB11 WLAN Monitor
2009-10-21 01:43 . 2009-10-21 01:43 -------- d-----w- c:\program files\microsoft frontpage
2009-10-21 01:33 . 2009-10-21 01:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-08 20:57 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2001-08-23 15:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2001-08-23 15:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-11 14:18 . 2001-08-23 15:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-06-23 16:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2001-08-23 15:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2009-10-21 03:10 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-10_21.54.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 01:24 . 2009-11-13 01:24 16384 c:\windows\temp\Perflib_Perfdata_5fc.dat
+ 2001-08-23 15:00 . 2009-11-13 01:28 78114 c:\windows\system32\perfc009.dat
- 2001-08-23 15:00 . 2009-11-10 11:58 78114 c:\windows\system32\perfc009.dat
+ 2009-10-26 18:54 . 2009-11-10 22:23 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2001-08-23 15:00 . 2009-11-10 11:58 462168 c:\windows\system32\perfh009.dat
+ 2001-08-23 15:00 . 2009-11-13 01:28 462168 c:\windows\system32\perfh009.dat
+ 2009-11-10 22:25 . 2009-11-10 22:25 148888 c:\windows\system32\javaws.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\javaw.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 144792 c:\windows\system32\java.exe
+ 2009-11-10 22:25 . 2009-11-10 22:25 598016 c:\windows\Installer\23a3bcb.msi
+ 2009-10-26 18:54 . 2009-11-10 22:23 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-10-26 18:54 . 2009-10-26 18:54 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-10-26 18:54 . 2009-11-10 22:23 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-11-10 22:23 . 2009-11-10 22:23 120592 c:\windows\Downloaded Program Files\LiveSound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Kevin\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-21 198160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Kevin\Desktop\hijackthis\New Folder\New Folder\1\mbam.exe" [2009-09-10 1312080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^office.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\office.exe
backup=c:\windows\pss\office.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Kevin\\Application Data\\mjusbsp\\magicJack.exe"=

R2 ProQuest Product License Manager;ProQuest Product License Manager;c:\progra~1\BHPS\lic\bin\lmgrd.exe [11/2/2009 5:49 PM 630272]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 19:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3896)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\progra~1\BHPS\lic\bin\bhepcls.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Kevin\Application Data\mjusbsp\st00000\mjsetup.exe
c:\documents and settings\Kevin\Application Data\mjusbsp\magicJack.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-11-12 19:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 01:30
ComboFix2.txt 2009-11-13 00:58
ComboFix3.txt 2009-11-12 23:37
ComboFix4.txt 2009-11-12 03:18
ComboFix5.txt 2009-11-13 01:20

Pre-Run: 29,779,804,160 bytes free
Post-Run: 29,719,728,128 bytes free

- - End Of File - - 2954E9E4660FFE85AF39F0895B652DDE

#24 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 12 November 2009 - 08:11 PM

That's better:

Just some housekeeping to do now:

Please do the following:

Visit ADOBEand download the latest version of Acrobat Reader (version 9.2)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image




NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

If there are any remaining logs / tools on your desktop - right click and delete them


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#25 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 17 November 2009 - 01:33 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users