internet explorer..opens too many

hamaradam · 5 June 2009 at 10:30PM

aha! done it!!

ComboFix 09-06-03.04 - Owner 05/06/2009 22:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.701 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\QWERTY.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-05-31 15:22 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-31 15:22 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-31 15:22 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-31 15:22 . 2009-05-31 15:22

d

w- c:\program files\Avira
2009-05-31 15:22 . 2009-05-31 15:22

d

w- c:\documents and settings\All Users\Application Data\Avira
2009-05-31 15:10 . 2009-05-31 15:10

d

w- c:\documents and settings\All Users\AVP 2009
2009-05-30 09:54 . 2009-05-30 09:54

d

w- c:\program files\Trend Micro
2009-05-29 14:32 . 2009-05-29 14:32

d

w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-29 14:32 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-29 14:32 . 2009-05-29 16:04

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-05-29 14:32 . 2009-05-29 14:32

d

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-29 14:32 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-26 21:39 . 2009-05-26 21:39

d

w- c:\program files\ICQ6Toolbar
2009-05-26 21:39 . 2009-05-26 21:39

d

w- c:\documents and settings\All Users\Application Data\ICQ
2009-05-26 21:39 . 2009-05-26 21:55

d

w- c:\documents and settings\Owner\Application Data\ICQ
2009-05-26 21:35 . 2009-05-26 21:55

d

w- c:\program files\ICQ6.5
2009-05-26 16:46 . 2006-10-17 19:22 9216 ----a-r- c:\windows\system32\drivers\videX32.sys
2009-05-26 16:45 . 2009-05-26 16:45

d

w- c:\program files\VIA
2009-05-26 16:11 . 2006-08-01 14:02 49152 ----a-r- c:\windows\system32\ChCfg.exe
2009-05-26 16:10 . 2006-10-18 01:53 147456 ----a-r- c:\windows\system32\RtlCPAPI.dll
2009-05-26 16:10 . 2006-12-08 14:20 10528768 ----a-r- c:\windows\system32\RTLCPL.exe
2009-05-26 16:10 . 2007-03-08 13:34 4027840 ----a-r- c:\windows\system32\drivers\alcxwdm.sys
2009-05-26 16:10 . 2006-11-17 04:42 577536 ----a-r- c:\windows\soundman.exe
2009-05-26 16:10 . 2009-05-26 16:10

d

w- c:\program files\Realtek Sound Manager
2009-05-26 16:10 . 2009-05-26 16:10

d

w- c:\program files\AvRack
2009-05-26 16:09 . 2009-05-26 16:09

d

w- c:\program files\Realtek AC97
2009-05-26 16:09 . 2006-07-31 10:27 217088 ----a-r- c:\windows\Alcrmv.exe
2009-05-26 16:09 . 2006-07-31 10:19 315392 ----a-r- c:\windows\alcupd.exe
2009-05-26 15:47 . 2005-11-17 14:46 337320

w- c:\windows\system32\difxapi.dll
2009-05-26 15:47 . 2009-05-26 15:47

d

w- c:\windows\vnDrvBas
2009-05-26 15:39 . 2007-04-17 10:58 42496 ----a-r- c:\windows\system32\drivers\fetnd5bv.sys
2009-05-26 15:39 . 2006-10-27 15:26 69632 ----a-r- c:\windows\system32\vuins32.dll
2009-05-26 12:35 . 2006-02-28 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-05-26 12:35 . 2006-02-28 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-05-26 12:35 . 2006-02-28 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2009-05-26 12:35 . 2006-02-28 12:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2009-05-26 12:35 . 2006-02-28 12:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2009-05-26 12:35 . 2006-02-28 12:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2009-05-26 12:33 . 2006-02-28 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-05-26 12:32 . 2006-02-28 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2009-05-26 12:31 . 2006-02-28 12:00 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2009-05-26 12:29 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-05-26 12:27 . 2009-05-26 12:27

d

w- c:\program files\MMessenger
2009-05-26 12:21 . 2001-08-17 11:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2009-05-26 12:18 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-05-26 12:18 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-05-26 12:18 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-05-26 12:18 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-05-12 20:41 . 2009-05-12 20:41

d

w- c:\documents and settings\Owner\Application Data\SPAMfighter
2009-05-12 20:40 . 2009-05-12 20:40

d

w- c:\program files\Common Files\Application
2009-05-12 20:40 . 2009-06-05 21:21

d

w- c:\program files\SPAMfighter
2009-05-12 13:38 . 2009-05-12 13:38 6837 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_9040820900063D11C8EF00054038389C.dll
2009-05-12 13:38 . 2009-05-12 13:38 328 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_B0B35DEDC76B4424EAA66DDFC3821DFE.dll
2009-05-12 13:38 . 2009-05-12 13:38 783 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7449A0100000010.dll
2009-05-12 13:38 . 2009-05-12 13:38 75 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_1F9ACB2AC6655084791DF7CD39837632.dll
2009-05-12 13:38 . 2009-05-12 13:38 285 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4A4A2EB6BF99DE84EAE1E45830988F40.dll
2009-05-12 13:38 . 2009-05-12 13:38 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4AFCE782A91734120AB96D1AD25EE404.dll
2009-05-12 12:41 . 2009-05-12 12:40 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-12 12:41 . 2009-05-12 12:41

dc----w- c:\windows\system32\DRVSTORE
2009-05-12 12:38 . 2009-05-29 14:01

d

w- c:\program files\Lavasoft
2009-05-12 12:30 . 2002-09-26 23:00 278528 ----a-w- c:\windows\system32\hdk3ctnt.dll
2009-05-12 12:30 . 2002-09-26 23:00 184320 ----a-w- c:\windows\system32\hdk3anim.dll
2009-05-12 12:30 . 2002-09-26 23:00 40960 ----a-w- c:\windows\system32\hdk3html.dll
2009-05-12 12:28 . 2001-08-17 11:19 3712 ----a-w- c:\windows\system32\drivers\ctljystk.sys
2009-05-12 12:28 . 2001-08-17 21:36 51200 ----a-w- c:\windows\system32\sfman32.dll
2009-05-12 12:28 . 2001-08-17 11:19 36480 ----a-w- c:\windows\system32\drivers\sfmanm.sys
2009-05-12 12:28 . 2001-08-17 21:36 495616 ----a-w- c:\windows\system32\sblfx.dll
2009-05-12 12:28 . 2001-08-17 11:19 283904 ----a-w- c:\windows\system32\drivers\emu10k1m.sys
2009-05-12 12:28 . 2001-08-17 21:36 24064 ----a-w- c:\windows\system32\devldr32.exe
2009-05-12 12:28 . 2001-08-17 21:36 256512 ----a-w- c:\windows\system32\devcon32.dll
2009-05-12 12:28 . 2001-08-17 21:36 4096 ----a-w- c:\windows\system32\ctwdm32.dll
2009-05-12 12:28 . 2001-08-17 11:19 6912 ----a-w- c:\windows\system32\drivers\ctlfacem.sys
2009-05-12 11:19 . 2009-05-29 14:01

d

w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-07 15:08 . 2003-08-18 14:37 303104 ----a-w- c:\windows\system32\LEXBCES.EXE
2009-05-07 14:40 . 2009-05-26 19:33

d

w- c:\windows\WPS
2009-05-07 14:38 . 2000-01-20 23:00 31968 ----a-w- c:\windows\system32\drivers\WpsPeppy.SYS
2009-05-07 14:21 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-07 12:37 . 2009-05-26 12:50 100 ----a-w- c:\windows\start.reg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 12:23 . 2009-05-12 11:49 5798145 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-05-28 15:04 . 2009-04-14 09:38

d

w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-27 08:59 . 2009-05-07 15:08

d

w- c:\program files\Lexmark X1100 Series
2009-05-26 21:39 . 2009-04-18 17:33

d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 18:27 . 2009-04-14 07:53

d

w- c:\documents and settings\Owner\Application Data\IObit
2009-05-26 16:01 . 2006-02-28 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2009-05-26 15:58 . 2009-04-14 11:36

d

w- c:\documents and settings\Owner\Application Data\uTorrent
2009-05-26 13:14 . 2009-04-18 18:15

d

w- c:\program files\Windows Media Connect 2
2009-05-26 12:51 . 2009-05-26 15:28 1630720 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-05-26 12:28 . 2009-04-13 21:40 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-12 15:48 . 2009-05-12 15:48

d

w- c:\documents and settings\Captain !!!!!!\Application Data\IObit
2009-05-12 13:38 . 2009-04-15 23:30

d

w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-04-19 08:06 . 2009-04-18 15:57 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-19 06:22 . 2009-04-13 21:54 17464 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 23:34 . 2009-04-16 04:30

d

w- c:\program files\Common Files\InstallShield
2009-04-18 17:32 . 2009-04-18 17:32

d

w- c:\program files\PowerQuest
2009-04-18 15:57 . 2009-04-18 15:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-04-16 13:04 . 2009-04-16 13:04

d

w- c:\program files\Common Files\Adobe AIR
2009-04-16 13:03 . 2009-04-16 13:03

d

w- c:\program files\Common Files\Adobe
2009-04-16 11:55 . 2009-04-14 10:11

d

w- c:\program files\RegCure
2009-04-16 06:00 . 2009-04-14 08:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-04-16 06:00 . 2009-04-16 06:00

d

w- c:\program files\Zone Labs
2009-04-15 23:30 . 2009-04-15 23:30 250 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_CFE98E2070B7A5D4AA30E90C099241EE.dll
2009-04-15 23:30 . 2009-04-15 23:30 1251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D20352A90C039D93DBF6126ECE614057.dll
2009-04-15 23:30 . 2009-04-15 23:30 108 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2009-04-15 23:15 . 2009-04-15 23:15

d

w- c:\program files\Quick View Plus
2009-04-14 11:36 . 2009-04-14 11:36

d

w- c:\program files\uTorrent
2009-04-14 11:21 . 2009-04-14 09:33

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 10:12 . 2009-04-14 10:12

d

w- c:\program files\CCleaner
2009-04-14 10:09 . 2009-04-13 21:42 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-14 09:38 . 2009-04-14 09:38

d

w- c:\program files\Spybot - Search & Destroy
2009-04-14 09:34 . 2009-04-14 09:33

d

w- c:\program files\SpywareBlaster
2009-04-14 08:53 . 2009-04-14 08:53

d

w- c:\program files\Advanced Spyware Remover
2009-04-14 07:53 . 2009-04-14 07:53

d

w- c:\program files\IObit
2009-04-14 05:05 . 2009-04-14 05:05

d

w- c:\program files\Adia32
2009-04-13 21:43 . 2009-04-13 21:43

d

w- c:\program files\microsoft frontpage
2009-03-24 15:08 . 2009-04-14 08:13 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.

Sigcheck

[-] 2006-02-28 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2006-02-28 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe
[-] 2006-02-28 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\system32\user32.dll
[-] 2006-02-28 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\system32\dllcache\user32.dll
[-] 2006-02-28 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2006-02-28 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll
[-] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-10-16 10:37 659456 6F1E4BFD78C4E0D05FF3725D59B72925 c:\windows\ie7\wininet.dll
[-] 2007-08-13 17:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2006-02-28 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\system32\wininet.dll
[-] 2006-02-28 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\system32\dllcache\wininet.dll
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2006-02-28 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2006-02-28 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2006-02-28 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\drivers\tcpip.sys
[-] 2009-05-26 16:01 502272 6E8CA4FCB30282F216F5DB9DD58A5F81 c:\windows\system32\winlogon.exe
[-] 2006-02-28 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2006-02-28 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys
[-] 2006-02-28 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2006-02-28 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 14:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2006-02-28 12:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2006-02-28 12:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-07 18:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 15:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2006-02-28 12:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2006-02-28 12:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\system32\ntoskrnl.exe
[-] 2006-02-28 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\explorer.exe
[-] 2006-02-28 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\system32\dllcache\explorer.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2006-02-28 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe
[-] 2006-02-28 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\dllcache\services.exe
[-] 2006-02-28 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2006-02-28 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe
[-] 2006-02-28 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2006-02-28 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe
[-] 2006-02-28 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\spoolsv.exe
[-] 2006-02-28 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\SoftwareDistribution\SelfUpdate\wuauclt.exe
[-] 2006-02-28 12:00 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\system32\wuauclt.exe
[-] 2006-02-28 12:00 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\system32\dllcache\wuauclt.exe
[-] 2006-02-28 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2006-02-28 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe
[-] 2006-02-28 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2006-02-28 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2006-02-28 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\system32\kernel32.dll
[-] 2006-02-28 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\system32\dllcache\kernel32.dll
[-] 2006-02-28 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2006-02-28 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll
[-] 2006-02-28 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2006-02-28 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll
[-] 2006-02-28 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[-] 2006-02-28 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"WpsRePsw"="c:\windows\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE" [2000-01-20 32256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2006-02-28 136704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= ctwdm32.dll
"aux1"= ctwdm32.dll
"aux2"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [31/05/2009 16:22 108289]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968]
R2 WpsPeppy;WpsPeppy;c:\windows\system32\drivers\WpsPeppy.SYS [07/05/2009 15:38 31968]
S3 getPlus(R) Helper;getPlus(R) Helper; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-06-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 23:24]
2009-05-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 23:24]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys

.

Supplementary Scan

.
uStart Page = hxxp://start.icq.com/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 22:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.

Other Running Processes

.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\spool\drivers\w32x86\2\WpsC3Psw.EXE
.
**************************************************************************
.
Completion time: 2009-06-05 22:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 21:24
Pre-Run: 57,691,717,632 bytes free
Post-Run: 57,648,287,744 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
287 --- E O F --- 2009-05-07 12:33

hamaradam · 5 June 2009 at 10:36PM

Also, thanks Andy2004 for your help too, I had actually already done this, and it was on my desktop as an icon ready to click, but arent quite sure how I did this.....and when I clicked on it before nowt happened...

, I will add that I was tired though, at the time.!!

Ah I should stick to knitting and kittens eh...!!:rotfl:

Thank you, and aliEnRIK too......

So now what happens, please.

aliEnRIK · 6 June 2009 at 8:57AM

log looks clean at first glance

run a KASPERSKY ONLINE SCAN (click to scan 'MY COMPUTER')
http://www.kaspersky.co.uk/virusscanner
Please post the complete log it creates (This only SCANS it DOESNT delete anything, so we'd need to see anything it finds)

internet explorer..opens too many

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free