logs and java prob
latest combofix log
ComboFix 08-10-14.07 - Will Farris 2008-10-16 4:36:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.655 [GMT -8:00]
Running from: C:\Documents and Settings\Will Farris\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Will Farris\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2067-02-24 15:21 . 2003-02-05 04:02 79,947 --a------ C:\WINDOWS\fw20.vxd
2008-10-14 12:49 . 2008-09-08 02:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-14 12:48 . 2008-08-14 02:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-14 12:48 . 2008-08-14 02:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-14 12:48 . 2008-08-14 01:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-14 12:48 . 2008-08-14 01:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-10-14 12:48 . 2008-09-15 04:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-13 17:59 . 2008-10-13 17:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-13 17:58 . 2008-10-13 17:59 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-10-11 21:00 . 2008-10-12 08:43 3,206 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-10-11 20:40 . 2008-10-11 21:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 18:01 . 2008-10-11 18:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVGTOOLBAR
2008-10-11 16:02 . 2008-10-12 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\jgjctypk
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 12:09 --------- d-----w C:\Program Files\CyberPower PowerPanel Personal Edition
2008-10-12 07:02 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-12 04:53 88,576 ----a-w C:\WINDOWS\SYSTEM32\AntiXPVSTFix.exe
2008-10-12 04:53 87,552 ----a-w C:\WINDOWS\SYSTEM32\VACFix.exe
2008-10-12 04:53 82,944 ----a-w C:\WINDOWS\SYSTEM32\o4Patch.exe
2008-10-12 04:53 82,944 ----a-w C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-10-12 04:53 82,944 ----a-w C:\WINDOWS\SYSTEM32\IEDFix.C.exe
2008-10-12 04:53 82,432 ----a-w C:\WINDOWS\SYSTEM32\404Fix.exe
2008-10-12 04:53 53,248 ----a-w C:\WINDOWS\SYSTEM32\Process.exe
2008-10-12 04:53 51,200 ----a-w C:\WINDOWS\SYSTEM32\dumphive.exe
2008-10-12 04:53 289,144 ----a-w C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-10-12 04:53 288,417 ----a-w C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-10-12 04:53 25,600 ----a-w C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-10-12 01:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-09-09 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-30 04:30 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-25 08:37 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-08-23 05:54 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2008-07-19 06:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 06:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 06:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 06:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 06:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 06:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 06:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 06:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 06:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 06:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 06:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 06:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 06:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 06:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 06:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-19 06:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 06:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-05-08 20:32 47,787,248 ----a-w C:\Program Files\avg_free_stf_en_8_100a1295.exe
2008-03-01 20:31 22 ----a-w C:\Program Files\qckcrb20.zip
2007-10-24 23:26 148,904 ----a-w C:\Program Files\ffortsetup.exe
2007-10-24 02:54 224,906 ----a-w C:\Program Files\WDBMInst.zip
2007-02-09 20:04 19,170,000 ----a-w C:\Program Files\avg75free_441a944.exe
2007-01-18 22:54 5,297,976 ----a-w C:\Program Files\picasaweb-current-setup.exe
2004-03-01 13:53 1,677,054 ----a-w C:\Program Files\setupex.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-14_19.26.06.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\I386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\I386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 18:57:40 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2008-06-23 16:57:27 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-08-26 07:24:28 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
- 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-06-23 16:57:28 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-08-26 07:24:28 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2008-06-23 16:57:29 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2008-06-23 16:57:34 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
- 2008-06-23 16:57:36 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-06-23 16:57:40 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-08-26 07:24:30 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-06-23 16:57:41 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
- 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2008-08-31 05:40:17 210,488 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-10-15 04:28:12 210,488 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
- 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2008-06-24 18:57:40 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"="C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" [2003-06-24 568096]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-28 67128]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 68856]
"PowerPanel Personal Edition User Interaction"="C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2007-01-10 262144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-02-06 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 32881]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 126976]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 C:\WINDOWS\KHALMNPR.Exe]
"WD Button Manager"="WDBtnMgr.exe" [2007-10-23 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-01 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-07-26 24576]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-07-28 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-03-08 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"84:TCP"= 84:TCP:VRS Recording System Web Control Panel
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 76040]
S3 DCamUSB20;Veo Web Camera;C:\WINDOWS\system32\Drivers\VeoMini20.sys [2002-11-06 122219]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-16 04:40:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-16 4:43:41
ComboFix-quarantined-files.txt 2008-10-16 12:43:15
ComboFix2.txt 2008-10-15 03:26:46
Pre-Run: 13,541,388,288 bytes free
Post-Run: 13,529,292,800 bytes free
296 --- E O F --- 2008-10-15 04:16:49
latest hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:39 AM, on 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\SYSTEM32\SOL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sfgate.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.sfgate.com/"); (C:\Documents and Settings\WILL FARRIS\Application Data\Mozilla\Profiles\default\ughslt5n.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\WILL FARRIS\Application Data\Mozilla\Profiles\default\ughslt5n.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pngusa.net
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119880574421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165850154781
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
--
End of file - 8736 bytes
Problem with java download - j2se does not exist as a selection, I'm guessing that jre 6-10 is the one, but not sure. please advise.
