ComboFix 08-12-07.04 - veronique 2008-12-14 18:50:27.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.589 [GMT 1:00] Running from: c:\documents and settings\veronique\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\veronique\Desktop\CFScript.txt * Created a new restore point FILE :: c:\documents and settings\All Users\Application Data\Bin Wait Ante Cast\Admin Exit.exe c:\windows\Tasks\AA1C9457918B0647.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Bin Wait Ante Cast\Admin Exit.exe c:\windows\Tasks\AA1C9457918B0647.job . ((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 ))))))))))))))))))))))))))))))) . 2008-12-14 18:49 . 2008-12-14 18:49 d-------- c:\documents and settings\veronique\Application Data\Loud Meta Size 2008-12-12 21:26 . 2008-12-12 21:26 d-------- c:\documents and settings\All Users\Application Data\SupportSoft 2008-12-12 20:50 . 2008-12-12 20:50 54,156 --ah----- c:\windows\QTFont.qfn 2008-12-12 20:50 . 2008-12-12 20:50 1,409 --a------ c:\windows\QTFont.for 2008-12-12 19:29 . 2008-12-12 21:35 d--h----- C:\$AVG8.VAULT$ 2008-12-12 19:25 . 2008-12-12 19:25 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-12 19:25 . 2008-12-12 19:25 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-12-12 19:25 . 2008-12-12 19:25 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-12-12 19:24 . 2008-12-14 10:32 d-------- c:\windows\system32\drivers\Avg 2008-12-12 19:24 . 2008-12-12 19:24 d-------- c:\program files\AVG 2008-12-12 19:24 . 2008-12-12 19:24 d-------- c:\documents and settings\veronique\Application Data\Malwarebytes 2008-12-12 19:24 . 2008-12-12 19:24 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-12 19:24 . 2008-12-12 19:24 d-------- c:\documents and settings\All Users\Application Data\avg8 2008-12-12 19:24 . 2008-12-12 19:24 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-12-12 19:24 . 2008-12-12 19:24 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-12-12 19:21 . 2008-12-12 19:21 d-------- c:\program files\CCleaner 2008-12-12 18:39 . 2008-12-12 18:39 d-------- c:\program files\Trend Micro 2008-12-12 17:54 . 2008-12-12 17:54 d-------- c:\windows\system32\scripting 2008-12-12 17:54 . 2008-12-12 17:54 d-------- c:\windows\system32\en 2008-12-12 17:54 . 2008-12-12 17:54 d-------- c:\windows\system32\bits 2008-12-12 17:54 . 2008-12-12 17:54 d-------- c:\windows\l2schemas 2008-12-12 17:52 . 2008-12-12 17:52 d-------- c:\windows\ServicePackFiles 2008-12-12 17:44 . 2008-12-12 17:44 d-------- c:\windows\EHome . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-14 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\Bin Wait Ante Cast 2008-12-12 20:54 --------- d-----w c:\program files\Ahead 2008-12-12 20:52 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-12 20:35 --------- d-----w c:\program files\Circle Developement 2008-12-12 19:51 --------- d-----w c:\program files\QuickTime 2008-12-12 18:25 --------- d-----w c:\program files\Java 2008-12-12 18:19 --------- d-----w c:\program files\Google 2008-12-12 18:15 --------- d-----w c:\program files\Teamspeak2_RC2 2008-12-12 18:06 --------- d-----w c:\program files\GameSpy Arcade 2008-12-12 18:03 --------- d-----w c:\program files\EA GAMES 2008-12-12 17:51 --------- d-----w c:\program files\Common Files\Borland Shared 2008-12-12 17:46 --------- d-----w c:\program files\BearShare 2008-12-12 17:37 --------- d-----w c:\program files\MSN Messenger 2008-12-01 09:29 1,680 ----a-w c:\documents and settings\veronique\Application Data\wklnhst.dat 2008-11-15 10:05 1,220 ----a-w c:\documents and settings\joseph\Application Data\wklnhst.dat 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-17 01:08 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys 2008-05-19 19:47 64,792 ----a-w c:\documents and settings\joseph\Application Data\GDIPFONTCACHEV1.DAT 2007-10-14 12:54 64,792 ----a-w c:\documents and settings\veronique\Application Data\GDIPFONTCACHEV1.DAT 2005-08-19 12:35 49,272,232 ----a-w c:\program files\[u]0[/u]compressed.zip 2005-08-19 12:35 1,391 ----a-w c:\program files\common_filelist.txt 2005-08-19 12:34 733,184 ----a-w c:\program files\AutoRun.exe 2005-08-19 12:34 339,968 ----a-w c:\program files\eauninstall.exe 2005-08-19 12:30 4,124,672 ----a-w c:\program files\fifa06 demo.exe 2005-08-05 00:15 585,728 ----a-w c:\program files\AutoRunGUI.dll . ((((((((((((((((((((((((((((( snapshot@2008-12-12_19.46.37.81 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll + 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll + 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll + 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll + 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll + 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe + 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll + 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll + 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll + 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll + 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll + 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll + 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll + 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll + 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe + 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe + 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll + 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll + 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll + 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll + 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll + 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll + 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll + 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll + 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll + 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll + 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll + 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll + 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll - 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll - 2008-04-14 00:12:15 139,264 ----a-w c:\windows\system32\cscript.exe + 2008-05-07 09:07:23 135,168 ----a-w c:\windows\system32\cscript.exe - 2008-08-26 07:24:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll + 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll + 2008-05-07 09:07:23 135,168 ------w c:\windows\system32\dllcache\cscript.exe - 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll - 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\dllcache\extmgr.dll + 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\dllcache\extmgr.dll - 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll + 2008-10-16 20:38:35 63,488 ------w c:\windows\system32\dllcache\icardie.dll - 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll + 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll - 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll + 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll - 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll + 2008-10-16 20:38:35 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll - 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll + 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-03 17:41:15 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll + 2008-10-16 20:38:37 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll - 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\dllcache\iernonce.dll + 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\dllcache\iernonce.dll - 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll + 2008-10-16 20:38:37 267,776 ------w c:\windows\system32\dllcache\iertutil.dll + 2008-05-09 10:53:39 512,000 ------w c:\windows\system32\dllcache\jscript.dll - 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll + 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll - 2004-08-11 00:45:04 96,768 ----a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-10 08:17:42 96,768 ----a-w c:\windows\system32\dllcache\logagent.exe - 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll + 2008-10-16 20:38:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll - 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-10-16 20:38:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-08-26 07:24:30 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll + 2008-10-16 20:38:38 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll - 2008-08-26 07:24:30 193,024 ------w c:\windows\system32\dllcache\msrating.dll + 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\dllcache\msrating.dll - 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\dllcache\mstime.dll + 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\dllcache\mstime.dll - 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\dllcache\msxml6.dll + 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll - 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\dllcache\occache.dll + 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\dllcache\occache.dll - 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-05-09 10:53:39 180,224 ------w c:\windows\system32\dllcache\scrobj.dll + 2008-05-09 10:53:40 172,032 ------w c:\windows\system32\dllcache\scrrun.dll - 2008-08-26 07:24:30 105,984 ------w c:\windows\system32\dllcache\url.dll + 2008-10-16 20:38:39 105,984 ------w c:\windows\system32\dllcache\url.dll - 2008-08-26 07:24:31 1,159,680 ------w c:\windows\system32\dllcache\urlmon.dll + 2008-10-16 20:38:39 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll + 2008-05-09 10:53:40 430,080 ------w c:\windows\system32\dllcache\vbscript.dll - 2008-08-26 07:24:31 233,472 ------w c:\windows\system32\dllcache\webcheck.dll + 2008-10-16 20:38:39 233,472 ------w c:\windows\system32\dllcache\webcheck.dll - 2008-08-26 07:24:31 826,368 ------w c:\windows\system32\dllcache\wininet.dll + 2008-10-16 20:38:40 826,368 ------w c:\windows\system32\dllcache\wininet.dll - 2004-08-11 00:45:04 1,027,072 ----a-w c:\windows\system32\dllcache\wmnetmgr.dll + 2008-06-10 10:37:02 1,026,048 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-06-10 10:57:40 2,364,472 ----a-w c:\windows\system32\dllcache\WMVCore.dll + 2008-05-08 11:24:44 155,648 ------w c:\windows\system32\dllcache\wscript.exe + 2008-05-09 10:53:40 90,112 ------w c:\windows\system32\dllcache\wshext.dll - 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll + 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll - 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\ie4uinit.exe + 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe - 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\ieakeng.dll + 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll - 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\ieaksie.dll + 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll - 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll + 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll - 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\iedkcs32.dll + 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll - 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll - 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\iernonce.dll + 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll - 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2008-04-14 00:11:56 512,000 ----a-w c:\windows\system32\jscript.dll + 2008-05-09 10:53:39 512,000 ----a-w c:\windows\system32\jscript.dll - 2008-08-26 07:24:30 27,648 ------w c:\windows\system32\jsproxy.dll + 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\jsproxy.dll - 2004-08-11 00:45:04 96,768 ----a-w c:\windows\system32\logagent.exe + 2008-06-10 08:17:42 96,768 ----a-w c:\windows\system32\logagent.exe - 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe + 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe - 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll + 2008-10-17 01:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll - 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll + 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\mstime.dll + 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll - 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll + 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\msxml6.dll - 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\occache.dll + 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll - 2008-12-12 17:59:31 53,436 ----a-w c:\windows\system32\perfc009.dat + 2008-12-14 17:42:01 53,436 ----a-w c:\windows\system32\perfc009.dat - 2008-12-12 17:59:31 381,692 ----a-w c:\windows\system32\perfh009.dat + 2008-12-14 17:42:01 381,692 ----a-w c:\windows\system32\perfh009.dat - 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2008-04-14 00:12:05 180,224 ----a-w c:\windows\system32\scrobj.dll + 2008-05-09 10:53:39 180,224 ----a-w c:\windows\system32\scrobj.dll - 2008-04-14 00:12:05 172,032 ----a-w c:\windows\system32\scrrun.dll + 2008-05-09 10:53:40 172,032 ----a-w c:\windows\system32\scrrun.dll - 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll + 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll - 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe + 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe - 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll + 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll - 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll + 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-04-14 00:12:08 434,176 ----a-w c:\windows\system32\vbscript.dll + 2008-05-09 10:53:40 430,080 ----a-w c:\windows\system32\vbscript.dll - 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll - 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll + 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll - 2004-08-11 00:45:04 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll + 2008-06-10 10:37:02 1,026,048 ----a-w c:\windows\system32\WMNetmgr.dll - 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\wmvcore.dll + 2008-06-10 10:57:40 2,364,472 ----a-w c:\windows\system32\WMVCore.dll - 2008-04-14 00:12:41 155,648 ----a-w c:\windows\system32\wscript.exe + 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe - 2008-04-14 00:12:10 90,112 ----a-w c:\windows\system32\wshext.dll + 2008-05-09 10:53:40 90,112 ----a-w c:\windows\system32\wshext.dll + 2008-12-14 17:37:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_230.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-20 4583424] "tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2005-02-06 1757184] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-12 1261336] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-11-29 c:\windows\ALCWZRD.EXE] "nwiz"="nwiz.exe" [2004-09-20 c:\windows\system32\nwiz.exe] "PRISMSTA.EXE"="PRISMSTA.EXE" [2003-08-04 c:\windows\system32\PRISMSTA.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2005-01-07 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-11-16 389120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\support.com\\bin\\tgcmd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8767:UDP"= 8767:UDP:TS2 "8786:UDP"= 8786:UDP:ts2 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-12 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-12 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-12 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-12 76040] R3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2005-01-07 362688] S2 MPManF50;MPMan F50 USB Driver;c:\windows\system32\Drivers\MPManF50.sys [] S3 bbc08e82-ccb6-41a8-8b42-a245a5ab0e86;bbc08e82-ccb6-41a8-8b42-a245a5ab0e86;\??\d:\player\cds300.dll [] S3 DCamUSBPremier;USB Video Camera;c:\windows\system32\Drivers\mpixvid.sys [2005-07-15 81921] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-14 18:51:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(708) c:\windows\system32\avgrsstx.dll - - - - - - - > 'winlogon.exe'(2652) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(776) c:\windows\system32\avgrsstx.dll . Completion time: 2008-12-14 18:52:32 ComboFix-quarantined-files.txt 2008-12-14 17:52:29 ComboFix2.txt 2008-12-12 18:46:58 Pre-Run: 231.026.098.176 bytes free Post-Run: 231,060,561,920 bytes free 363 --- E O F --- 2008-12-14 10:16:22