Hi,
She followed your instructions and here are the logs of ComboFix and HijackThis
Kaspersky won't run. Tried closing AVG and Spybot and the windows firewall but it just loads, updates and then when the scan is started it just freezes with no files scanned.
Thanks again,
Joe
ComboFix 08-10-11.04 - Melanie & John 2008-10-19 15:31:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.197 [GMT -4:00]
Running from: C:\Documents and Settings\Melanie & John\My Documents\Down loads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Melanie & John\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))
.
2382-04-17 22:05 . 2382-04-17 22:05 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2382-04-17 22:05 . 2382-04-17 22:05 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-10-15 14:34 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-15 14:33 . 2008-08-14 06:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-15 14:33 . 2008-08-14 06:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-15 14:33 . 2008-08-14 05:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-15 14:33 . 2008-08-14 05:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-15 14:33 . 2008-09-15 08:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-12 21:09 . 2008-10-14 14:44 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-10-12 19:59 . 2008-10-18 18:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-10-12 19:59 . 2008-10-12 19:59 <DIR> d-------- C:\Program Files\AVG
2008-10-12 19:59 . 2008-10-13 17:11 <DIR> d-------- C:\Documents and Settings\Melanie & John\Application Data\AVGTOOLBAR
2008-10-12 19:59 . 2008-10-12 19:59 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-12 19:59 . 2008-10-12 19:59 97,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-10-12 19:59 . 2008-10-12 19:59 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-10-12 19:59 . 2008-10-12 19:59 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-10-02 22:02 . 2008-10-08 18:17 <DIR> d-------- C:\Documents and Settings\Melanie & John\Application Data\LimeWire
2008-10-02 22:00 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-10-02 21:59 . 2008-10-02 21:59 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-01 21:22 . 2008-10-09 21:53 <DIR> d-------- C:\Program Files\UltraVNC
2008-09-30 21:28 . 2008-10-18 19:34 <DIR> d-------- C:\Program Files\Security Task Manager
2008-09-30 21:28 . 2008-10-18 19:42 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-09-29 21:40 . 2008-09-29 21:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-23 20:05 . 2008-10-13 18:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-23 20:05 . 2008-09-23 23:10 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 16:56 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-11 02:47 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-10-03 02:00 --------- d-----w C:\Program Files\Java
2008-09-27 22:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 21:10 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-19 01:01 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2006-03-12 04:06 1,680,112 ----a-w C:\Program Files\PopUpStopperProfessional.exe
2005-02-01 13:00 12,219,249 ----a-w C:\Program Files\AVG7QT.DAT
2004-12-08 03:53 6,597 ----a-w C:\Program Files\IO96BC~.TMP
2004-08-10 19:14 4,128 ----a-w C:\Program Files\INFCACHE.1
2005-01-07 20:20 278,528 ----a-w C:\Program Files\internet explorer\plugins\PanoViewer.dll
2005-01-07 20:20 143,360 ----a-w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2005-03-27 02:59 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-12_15.36.38.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\I386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\I386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 14:57:40 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
- 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-06-23 16:57:28 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-08-26 07:24:28 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-06-23 16:57:29 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-06-23 16:57:34 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2008-06-23 16:57:36 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
- 2007-12-28 10:25:02 26,952 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
+ 2008-10-12 23:59:35 26,824 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
- 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2008-08-27 15:27:22 280,536 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-10-16 14:08:06 280,536 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2008-06-24 14:57:40 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-10-12 19:33:54 60,452 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-10-19 15:07:11 60,452 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-10-12 19:33:54 398,902 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-10-19 15:07:11 398,902 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2006-12-02 04:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 126976]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0042969]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-12-08 00:19 26112 C:\Program Files\Real\RealPlayer\realplay.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-12 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-12 76040]
R3 WlanUIG;2Wire 802.11g USB Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-05-25 347648]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-05-07 8960]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-19 15:35:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-19 15:38:31
ComboFix-quarantined-files.txt 2008-10-19 19:38:20
ComboFix2.txt 2008-10-12 19:37:20
Pre-Run: 6,345,089,024 bytes free
Post-Run: 6,343,737,344 bytes free
305 --- E O F --- 2008-10-19 14:25:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:14 PM, on 10/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
--
End of file - 5917 bytes