Well, I THOUGHT that AVG had run, but it didn't do
it's scheduled test today (because of the malware?).
Other than that I have simply followed your new
instructions.
ComboFix log:
ComboFix 07-12-12.3 - Jamie 2007-12-13 2:42:44.5 - NTFSx86
Running from: C:\Documents and Settings\Jamie\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.
2007-12-13 02:19 . 2007-12-13 02:22 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-11 00:48 . 2007-12-11 00:57 <DIR> d-------- C:\Downloads
2007-12-10 06:51 . 1999-10-28 11:26 37,888 --a------ C:\WINDOWS\system32\Holiday Lights.scr
2007-12-10 06:50 . 2007-12-10 06:50 <DIR> d-------- C:\Program Files\Tiger Technologies
2007-12-08 17:42 . 2007-12-08 17:42 <DIR> d-------- C:\Program Files\Better File Series
2007-12-08 17:39 . 2007-12-08 17:39 <DIR> d-------- C:\doublekiller
2007-12-07 22:24 . 2007-12-10 03:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-07 22:24 . 2007-12-07 22:24 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-04 22:03 . 2007-12-04 22:03 <DIR> d-------- C:\Program Files\Rockstar Games
2007-12-04 20:29 . 2007-12-04 20:30 <DIR> d-------- C:\Program Files\GameTap
2007-12-04 20:29 . 2007-12-04 20:29 <DIR> d-------- C:\Documents and Settings\Jamie\Application Data\InstallShield
2007-12-04 20:29 . 2007-12-04 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-12-02 02:53 . 2007-12-02 02:53 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-12-02 02:53 . 1998-06-17 00:00 516,173 --a------ C:\WINDOWS\system32\MSVCP60D.DLL
2007-12-02 02:53 . 1998-06-17 00:00 385,100 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-12-02 02:53 . 1998-07-13 00:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-12-02 02:53 . 2000-10-01 20:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-02 02:53 . 1999-03-25 20:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-12-02 02:53 . 1998-07-13 00:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-12-02 02:53 . 1998-07-12 20:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-12-02 02:53 . 1998-07-13 00:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-12-02 02:53 . 1998-07-13 00:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-11-30 22:54 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-11-26 19:58 . 2007-11-26 19:58 2,564 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-11-18 07:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-18 07:09 . 2007-11-18 07:10 <DIR> d-------- C:\Program Files\Java
2007-11-18 07:09 . 2007-11-18 07:09 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-17 18:38 . 2007-11-17 18:38 <DIR> d-------- C:\Documents and Settings\Jamie\Application Data\Lexmark Productivity Studio
2007-11-17 10:06 . 2007-11-17 10:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-17 10:06 . 2007-11-17 10:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 01:07 . 2007-11-17 01:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-17 00:51 . 2007-11-17 00:51 <DIR> d-------- C:\Documents and Settings\Jamie\Application Data\Grisoft
2007-11-17 00:51 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 00:19 . 2007-12-10 03:03 <DIR> d-------- C:\Program Files\Lx_cats
2007-11-17 00:08 . 2007-11-17 00:08 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-11-17 00:08 . 2007-11-17 18:28 <DIR> d-------- C:\Program Files\Lexmark 1300 Series
2007-11-17 00:08 . 2007-05-17 07:54 323,584 --a------ C:\WINDOWS\system32\LXDChcp.dll
2007-11-17 00:08 . 2007-05-17 08:09 286,720 --a------ C:\WINDOWS\system32\LXDCinst.dll
2007-11-17 00:08 . 2006-12-05 22:19 44 --a------ C:\WINDOWS\system32\lxdcrwrd.ini
2007-11-17 00:07 . 2007-11-17 00:07 <DIR> d-------- C:\logs
2007-11-17 00:07 . 2007-11-17 18:29 132,066 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-11-17 00:06 . 2007-03-28 07:16 344,064 -ra------ C:\WINDOWS\system32\lxdccoin.dll
2007-11-17 00:06 . 2007-03-18 19:45 77,906 -ra------ C:\WINDOWS\system32\lxdccfg.dll
2007-11-17 00:06 . 2007-05-25 03:19 1,827 -ra------ C:\WINDOWS\system32\lxdc.loc
2007-11-17 00:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-17 00:02 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-15 07:21 . 2007-11-15 07:21 <DIR> d-------- C:\Program Files\NCH Software
2007-11-14 02:51 . 2005-09-20 17:27 10,368 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
2007-11-14 02:50 . 2005-09-20 17:27 10,368 --a------ C:\WINDOWS\system32\iviaspi.sys
2007-11-14 02:49 . 2007-11-14 02:49 <DIR> d-------- C:\Program Files\Sandisk
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 08:35 --------- d-----w C:\Documents and Settings\Jamie\Application Data\AVG7
2007-12-13 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-13 07:43 --------- d-----w C:\Documents and Settings\Jamie\Application Data\SiteAdvisor
2007-12-12 22:42 26,657,763 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-11 22:03 --------- d-----w C:\Documents and Settings\Jamie\Application Data\uTorrent
2007-12-09 13:13 --------- d-----w C:\Documents and Settings\Jamie\Application Data\dvdcss
2007-12-09 09:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-08 20:32 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-07 07:40 --------- d-----w C:\Program Files\ICE
2007-12-06 02:31 --------- d-----w C:\Program Files\Camfrog
2007-12-05 04:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-02 05:42 --------- d-----w C:\Documents and Settings\Jamie\Application Data\NCH Swift Sound
2007-12-02 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-02 05:33 --------- d-----w C:\Program Files\NCH Swift Sound
2007-11-28 02:04 --------- d-----w C:\Program Files\SuperWebcam
2007-11-26 08:43 148,752 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_24_16_18_42_small.dmp.zip
2007-11-19 10:36 --------- d-----w C:\Documents and Settings\Jamie\Application Data\Registry Booster
2007-11-17 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 00:26 --------- d-----w C:\Program Files\Kermit
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 00:52 --------- d-----w C:\Program Files\Virtual Laguna Beach
2007-11-10 12:47 --------- d-----w C:\Documents and Settings\Jamie\Application Data\TrojanHunter
2007-11-10 11:14 --------- d-----w C:\Program Files\TrojanHunter 5.0
2007-11-09 07:02 208,996 ----a-w C:\WINDOWS\system32\MuteHook.dll
2007-11-09 07:00 208,997 ----a-w C:\WINDOWS\system32\MyCfHook.dll
2007-11-07 05:17 --------- d-----w C:\Program Files\VirtualDJ
2007-11-06 12:29 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 04:36 127,116 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_27_21_01_57_small.dmp.zip
2007-10-30 04:36 120,410 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_27_11_17_08_small.dmp.zip
2007-10-30 04:29 --------- d-----w C:\Program Files\Google
2007-10-30 04:27 --------- d-----w C:\Program Files\RealArcade
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 22:10 --------- d-----w C:\Documents and Settings\Jamie\Application Data\Camfrog
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 01:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-27 01:44 --------- d-----w C:\Program Files\WebcamMax
2007-10-27 01:38 --------- d-----w C:\Program Files\RSSoft
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 06:44 134,176 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_22_01_57_14_small.dmp.zip
2007-10-23 06:30 --------- d-----w C:\Program Files\Crocodile 2.0
2007-10-22 05:23 --------- d-----w C:\Program Files\Camfrog DJ
2007-10-20 19:39 118,557 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_20_08_08_12_small.dmp.zip
2007-10-20 11:29 120,222 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_20_06_25_35_small.dmp.zip
2007-10-20 00:54 126,792 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_18_08_09_50_small.dmp.zip
2007-10-18 06:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-15 11:10 117,884 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_13_21_27_00_small.dmp.zip
2007-10-15 11:09 23,125,614 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_13_18_49_11_full.dmp.zip
2007-10-12 09:44 120,421 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_11_14_12_45_small.dmp.zip
2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-12_16.24.46.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-10-10 10:34:35 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
- 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-10-11 06:13:44 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-10-11 06:13:44 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-10-11 06:13:44 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-10-11 06:13:44 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-11 06:13:44 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-11 06:13:44 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-10-11 06:13:44 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-10-11 06:13:44 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-11 06:13:44 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 10:16:33 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-11 06:13:45 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-11 06:13:45 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-11 06:13:45 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-10-11 06:13:45 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-10-11 06:13:45 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-10-11 06:13:45 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-07-18 12:42:22 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-11 06:13:45 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-11 06:13:45 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-12-11 08:45:14 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-12-13 08:33:06 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-30 22:38]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 06:05]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-02-22 22:15:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrstt]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttr]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvwt]
R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe -service
R2 X4HSX32;X4HSX32;\??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys
R3 PAC207;PC Camer@;C:\WINDOWS\system32\DRIVERS\PFC027.SYS
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;C:\WINDOWS\system32\DRIVERS\superwebcam.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 gkmixern;gkmixern;\??\C:\DOCUME~1\Jamie\LOCALS~1\Temp\gkmixern.sys
S4 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 08:33:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-13 02:51:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-13 2:54:17
C:\ComboFix2.txt ... 2007-12-12 16:29
C:\ComboFix3.txt ... 2007-11-14 16:04
.
2007-12-13 08:27:22 --- E O F ---
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:06:05 AM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.trendmicro.com/hc_intro/default.aspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/mywayO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://www.memphiszoo.orgO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cabO16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) -
http://www.programchecker.com/dll/nixon.cabO16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O20 - Winlogon Notify: awtrstt - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssttr - C:\WINDOWS\
O20 - Winlogon Notify: tuvwvwt - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Uninstall list:
Sansa Media Converter
µTorrent
ACDSee 7.0 PowerPack
Aces High II
Ad-Aware SE Personal
Adobe Stock Photos 1.0
Age of Sail II
AVG 7.5
AVG Anti-Spyware 7.5
Bazooka Scanner
Bejeweled 2 Deluxe
Belarc Advisor 7.0
BellSouth FastAccess DSL Help Center
Better File Series 5.1
Broadcom Management Programs
Camfrog DJ
CCleaner (remove only)
CO2 Saver
Crocodile 2.0
DAEMON Tools
DawnOfWar
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.1
Demolition Racer
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Dragons Abode
EA downloader
EA SPORTS online 2007
Express Burn Uninstall
Express Rip Uninstall
Fire Ice Scopes OpenGL Plug-in (remove only)
Foxit Reader
Free Mp3 Wma Converter V 1.6.3
GameTap
Google Earth
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Video Player
GT Interactive - Driver
GTA2
HijackThis 1.99.1
Holiday Lights 5.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
HPS Campaign Waterloo
HPS Tsushima
Ice Camfrog Extension
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
IrisAPE 1.0
IsoBuster 1.9.1
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java(TM) 6 Update 3
Kaspersky Online Scanner
Kermit
Learn2 Player (Uninstall Only)
Lexmark 1300 Series
Lizardtech DjVu Control
Lottso! de Luxe
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
Madden NFL 07
ManyCam 2.1 (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Combat Flight Simulator 2
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Midnight Club II Demo
Miss Piggy
Modem Event Monitor
Monopoly 3
Monopoly by Parker Brothers
Mozilla Firefox (2.0.0.11)
MrRobot 1.05
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MTV's Virtual Worlds (remove only)
Multilingual Speaking Clock 2.5
Musicmatch® Jukebox
MySpaceIM
Natural Color
Nero 7 Ultra Edition
neroxml
Neverwinter Nights Platinum Edition
Opera 9.23
PC CIF Camer@
PeerGuardian 2.0
PGIII Scorched Earth
PhoTags Express
Photo Click
PowerDVD 5.5
QuickTime
RarZilla Free Unrar 1.00
RealArcade
RealPlayer
RecordPad Sound Recorder Uninstall
Red Ace Squadron
Rhapsody Player Engine
SBNews: News Robot v 10.2
Security Task Manager 1.7e
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Serious Sam: The First Encounter
Serious Sam: The Second Encounter
Spybot - Search & Destroy 1.4
Starscape V1.5c
Steel Panthers World At War v8.20
Super Webcam
Switch
The Operational Art of War III
The Operational Art of War: Century of Warfare
TrojanHunter 5.0
Uniblue Registry Booster
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
Virtual DJ - Atomix Productions
Vongo
War Plan Orange
WD Diagnostics
WebCyberCoach 3.2 Dell
WinAce Archiver
Winamp (remove only)
WinAVI Video Converter
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPatrol
WinPatrol 2007 Restore/Remove First
WinPatrol 2007 Step 2
WinRAR archiver
WinSPMBT
WinSPWW2 Ver 1.1B Upgrade
WinSPWW2v1 DL Edition
WinZip
Yahtzee Download Edition
ZoneAlarm Pro
That's it for now. Thanks again for your assistance, and sorry I
didn't get this done until now. The holidays have me busy as
hell.
Thanks,
Jamie