here's my log.....
ComboFix 10-02-09.03 - Diana 02/09/2010 18:18:58.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.140 [GMT -8:00]
Running from: c:\documents and settings\Diana\desktop\commy.exe
Command switches used :: /stepdel
.
((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-01-23 08:00 . 2010-01-23 08:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-01-13 06:37 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 07:00 . 2007-08-19 19:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-15 06:59 . 2007-01-09 18:14 -------- d-----w- c:\program files\Bodog Poker
2009-12-25 23:46 . 2009-02-10 04:44 36072 ----a-w- c:\documents and settings\Diana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 05:42 . 2005-05-18 16:56 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2005-05-18 16:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-15 07:45 . 2009-12-15 07:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-15 07:45 . 2006-05-19 22:59 -------- d-----w- c:\program files\Java
2009-12-15 07:44 . 2009-12-15 07:44 152576 ----a-w- c:\documents and settings\Diana\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 07:44 . 2009-12-15 07:44 79488 ----a-w- c:\documents and settings\Diana\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-09 14:34 . 2009-04-16 02:46 31296 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-21 16:36 . 2005-05-18 16:53 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-04-08 22:24 . 2006-11-23 21:31 177152 ----a-w- c:\program files\utorrent.exe
.
(((((((((((((((((((((((((((((
SnapShot@2010-02-10_01.54.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-10 02:00 . 2010-02-10 02:00 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat
- 2010-01-22 09:07 . 2010-02-10 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-22 09:07 . 2010-02-10 02:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-18 17:33 . 2010-02-10 02:00 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-05-18 17:33 . 2010-02-10 01:31 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-05-18 17:33 . 2010-02-10 02:00 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-05-18 17:33 . 2010-02-10 01:31 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-06 344064]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-02-28 81920]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2005-02-25 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-02-25 61440]
"Rosary Reminder"="c:\progra~1\VIRTUA~1\reminder.exe" [2001-07-10 46080]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-15 149280]
c:\documents and settings\Diana\Start Menu\Programs\Startup\
GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2009-7-26 425984]
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2005-10-23 118784]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Diana^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Diana\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-12-20 06:10 88358 ----a-r- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-07-02 11:48 163840 ----a-r- c:\program files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJUPDNV_Chitose]
2005-02-11 07:10 249856 ----a-w- c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1171340783\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFUJ02E3]
2005-02-25 17:13 69632 ----a-w- c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-27 00:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-05-19 22:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.5.0_06\bin\jusched.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
c:\program files\Winamp\Winampa.exe [BU]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\1171340783\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [5/18/2005 10:55 AM 32320]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [5/18/2005 10:55 AM 23200]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 4:46 AM 92008]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [5/18/2005 9:43 AM 4864]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 12:20 AM 3872]
.
Contents of the 'Scheduled Tasks' folder
2009-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.aimtoday.com/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Diana\Application Data\Mozilla\Firefox\Profiles\w4zln4ne.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Diana\Application Data\Mozilla\Firefox\Profiles\w4zln4ne.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 18:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x850DC618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7592fc3
\Driver\ACPI -> ACPI.sys @ 0xf7405cb8
\Driver\atapi -> atapi.sys @ 0xf739f7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8057807e
ParseProcedure -> ntkrnlpa.exe @ 0x80576ce0
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7293ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7282a0b
SendHandler -> NDIS.sys @ 0xf7296b31
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="97301180042AFD7144904671E355841BA1D61C8888175F86B8F822E235D9BFDEEF16E9695CC7269FC4625EC4BCF1EA994C9670E44E0F097A8A7087980244C3F292C853B447FC92DE03B2DCC46F5A6287C1B273D954A92C70177B63DADB6FC9370DC27E6F3C86310028A576719FC171F6E81901778B31005AA2EED56A21615E201FE1F1ABA641079A9040B54C6602ADBE5B1A4750591853722584510BA34525E6BD69857FE43129074FEF78DCCE1443FA676A4A7D9472873449599E852AE65308907FE405C97CC464A982EF2DD899F40B11A0DF9A0DF9915F6FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452A6A0AC4980AC793308F245903858DFDE80DEDBADF1F4D630219D31BAE318B1B594DE1140B7066DAA94C051341A07C32498B29AA8B47B792798B3BDC83B393C8EDED9972382C1113B6D278D45A9BD529EED360F2EDD4EC209B3AEAB031AAC25525292BDA2069E6E4C3A539E7CE035838870B9EB41FCD90BECCDA160DAC733C4175181B8BEE453FE8E07BF2A065A391251F4DEEA5B47216D2021F4C436342439A4A273C16AE8AA83E8C240DA0256A97C1B341DC56995384A205164C5EF70E962F7EE89968C79047AF341796004B8FB073D4A3FBCCDE4C8C6A163FD53D4B282E641C637F88027D22E7EB8E4EB1508B7B7C038E3945CD610CA0C3F2762A75480AFE51B46AE94A41FA588C552B32F72F9DA64E0FD925F2EDF81FAB4976B1ED309E87E43D3020CC8832FC7E6E0744547F07E9A8D538511D51DDB3D73DA6BE252D80555F7503F1E8F2E5EA50109EB387A62F68BEB7FB9255ABF8D561251631396BB376D590138F5956589C059125CE2A227DA100A7185C06B568FFE882D56420A94FAF9E9FC43321F7D49E99D9B0D0FFCAA05375EEBBF7ADE829CA135784E74BBD90BE40FB2BAE593E2FC265B95C7FD686D14C33F85C2E1AE79375F598C57265B96EA4894637A987D15C5B08748DBE36A036D2CEAA86F777683A0091B1B8342BFE7DDF6272165C48A260B7478CA9CE72994351A81952A2E767E632902A6652D64806EF459D7E1D98F3EF516E90D5FA6F05ED96C86DC5971155BCAF8FC07973C64A7E97AA2C257B9829AF468F9CF7EB03330073763E6E81EDA20E5E85CE8B5398436DFF3DD7234BDFD07BA762E295B88826F333F62EC488374E50B9C57CC60E2289BA68147CBEAAFC068BC7D6D03D42716929380B600EB68B2D950EA8504BB695B58D6788388714DAEB6B56F821AD4794BA723287301CA050A3C13E0653771F5CA844E6196B440CB4E7BA2F09C8143DDA1CDA21912A7E08614E4F33CD7E32E9FC8C92DF7ED30D5D04B58C65BD01E91293CB91369EC7E2E8D0E3AD571A157A1F5CA66D9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-09 18:33:18
ComboFix-quarantined-files.txt 2010-02-10 02:33
Pre-Run: 16,061,222,912 bytes free
Post-Run: 16,026,402,816 bytes free
- - End Of File - - 443CE2561C9A8171C288537E4C46B6E6