ComboFix 08-07-15.4 - Jean 2008-07-18 13:56:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.183 [GMT 10:00] Running from: C:\Documents and Settings\Jean\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 ))))))))))))))))))))))))))))))) . 2008-07-18 12:55 . 2008-07-18 12:55 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-18 07:47 . 2008-07-18 12:55 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-18 07:47 . 2008-07-18 07:47 d-------- C:\Program Files\Common Files\Download Manager 2008-07-18 07:47 . 2008-07-18 07:47 d-------- C:\Documents and Settings\Jean\Application Data\Malwarebytes 2008-07-18 07:47 . 2008-07-18 07:47 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-18 07:17 . 2008-07-18 12:55 d---s---- C:\Documents and Settings\Administrator 2008-07-18 06:15 . 2008-07-18 06:15 d-------- C:\Program Files\Trend Micro 2008-07-18 05:06 . 2008-07-18 05:06 d-------- C:\Program Files\Panda Security 2008-07-17 23:05 . 2008-07-18 12:55 d-------- C:\Documents and Settings\Jean\.housecall6.6 2008-07-03 15:19 . 2008-07-03 15:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-18 00:42 --------- d-----w C:\Documents and Settings\Jean\Application Data\AVGTOOLBAR 2008-07-17 22:11 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-07-17 19:28 --------- d-----w C:\Program Files\Lavasoft 2008-07-17 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-03 05:19 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-03 05:19 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-20 10:09 --------- d-----w C:\Program Files\AVG 2008-05-20 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-05-19 02:16 --------- d-----w C:\Program Files\Java 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-20 03:28 67128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Prolific_PLUtil"="C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe" [2004-02-18 17:26 90112] "PLFFAP"="C:\WINDOWS\system32\HotfixQ0306270.exe" [2003-08-05 09:43 45056] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45 278528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-24 16:50 282624] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 15:19 1232152] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 16:34 57344 C:\WINDOWS\soundman.exe] "S3TRAY2"="S3tray2.exe" [2003-02-25 04:33 69632 C:\WINDOWS\system32\S3tray2.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 13:46 28160 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-21 18:04:28 113664] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-20 03:28:51 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-12-25 20:06:30 450560] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 18:15:54 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-03 15:19] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-03 15:19] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 15:19] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 15:19] S3 PLFF;USB Flash Disk Driver;C:\WINDOWS\system32\Drivers\PLFF.sys [2003-10-06 10:29] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-18 13:59:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-18 14:01:16 ComboFix-quarantined-files.txt 2008-07-18 04:01:03 Pre-Run: 28,555,165,696 bytes free Post-Run: 28,762,644,480 bytes free 94 --- E O F --- 2008-07-09 11:02:30