Alright, ComboFix succesfully completed a log and scan this time
------------------------------------------------------------
ComboFix 07-11-19.3 - User 2007-11-25 17:41:53.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.507 [GMT -3:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.
2007-11-25 16:38 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-25 16:38 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-25 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-25 16:37 410,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-25 16:37 8,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-25 16:37 5,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-25 16:37 1,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-25 13:44 <DIR> d-------- C:\kav
2007-11-24 15:52 <DIR> d-------- C:\Documents and Settings\User\Application Data\Yahoo!
2007-11-24 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-24 15:25 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-24 14:16 <DIR> d-------- C:\Program Files\NKProds
2007-11-24 14:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\nCleaner
2007-11-24 08:13 <DIR> d-------- C:\Program Files\IObit
2007-11-24 08:07 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-24 07:09 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-24 06:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sect burn file once
2007-11-24 01:12 <DIR> d-------- C:\Program Files\CAPCOM
2007-11-24 01:11 180,224 --------- C:\WINDOWS\Res2_uninst.exe
2007-11-23 21:23 <DIR> d-------- C:\Program Files\Resident evil 2 saves
2007-11-23 18:44 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-11-23 14:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\ZipGenius
2007-11-22 20:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\ImgBurn
2007-11-22 13:36 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-21 21:18 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-11-21 21:18 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-11-21 21:18 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-11-21 21:18 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-11-21 17:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 16:35 5,097 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-21 15:00 <DIR> d-------- C:\Program Files\Pacman
2007-11-20 23:15 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-20 22:32 <DIR> d-------- C:\Program Files\Defraggler
2007-11-20 21:02 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-20 21:02 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-11-20 20:57 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2007-11-20 20:49 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-20 20:49 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-19 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-19 19:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Azureus
2007-11-19 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 19:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 17:26 --------- d-----w C:\Program Files\Snes9x
2007-11-23 23:05 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-11-23 05:32 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-23 04:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:15 --------- d-----w C:\Program Files\Real
2007-11-21 20:14 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-11-21 19:37 --------- d-----w C:\Program Files\Java
2007-11-21 02:15 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-21 02:15 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-21 02:15 --------- d-----w C:\Program Files\Common Files\Real
2007-11-21 01:33 --------- d-----w C:\Documents and Settings\User\Application Data\Orbit
2007-11-21 00:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-20 23:57 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2007-11-20 23:57 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-10-31 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-22 06:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-21 03:47 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-21 01:59 --------- d-----w C:\Program Files\Maxis
2007-10-20 03:09 --------- d-----w C:\Documents and Settings\User\Application Data\U3
2007-10-20 02:10 61,440 ----a-w C:\WINDOWS\uninstal.exe
2007-10-04 02:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
2007-09-06 02:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-01-06 21:00]
"3wPlayer Service"="C:\Program Files\3wPlayer\wakeservice.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LocalCooling"="D:\Program Files\LocalCooling\localcooling.exe" [2006-12-01 08:09]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-20 23:15]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-01-06 21:00]
C:\WINDOWS\system32\klogon.dll 2007-06-28 12:51 206088 C:\WINDOWS\system32\klogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S2 Service_DB;RetailEdge_Server;C:\Program Files\High Meadow Business Solutions\RetailEdge 8.0\Server\RetailEdge_Server_8_0.exe
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys
S3 pgfilter;pgfilter;\??\C:\PROGRAM FILES\PEERGUARDIAN2\pgfilter.sys
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-11-25 12:21:28 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B10B03B3-A3E0-44EB-AB37-06EF3392561B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 17:43:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 17:43:59
.
--- E O F ---
------------------------------------------------------------
DelJob:
--------------------------------------------------------
No LOP jobs found
--------------------------------------------------------
Files remaining after cleaning
User_Feed_Synchronization-{B10B03B3-A3E0-44EB-AB37-06EF3392561B}.job
--------------------------------------------------------
App data folders
Volume in drive C has no label.
Volume Serial Number is 7CFE-1607
Directory of C:\Documents and Settings\User\Application Data
11/25/2007 05:36 PM <DIR> .
11/25/2007 05:36 PM <DIR> ..
07/11/2007 03:43 AM <DIR> APPLEC~1 Apple Computer
11/25/2007 04:41 PM <DIR> Azureus
07/30/2007 03:25 PM <DIR> CYBERM~1 CyberMatrix
07/23/2007 05:25 AM <DIR> DivX
08/07/2007 03:36 PM <DIR> Flock
07/25/2007 02:46 PM <DIR> FROSTW~1 FrostWire
08/05/2007 04:32 PM <DIR> Google
04/01/2007 10:57 PM <DIR> Help
03/31/2007 10:02 PM <DIR> IDENTI~1 Identities
11/22/2007 08:41 PM <DIR> ImgBurn
11/25/2007 05:28 PM <DIR> MACROM~1 Macromedia
10/31/2007 08:28 PM <DIR> MICROS~1 Microsoft
04/19/2007 03:25 AM <DIR> MICROS~2 Microsoft Web Folders
08/05/2007 12:41 PM <DIR> Mozilla
07/23/2007 10:49 AM <DIR> MxBoost
11/24/2007 02:16 PM <DIR> nCleaner
11/20/2007 10:33 PM <DIR> Orbit
07/31/2007 09:25 AM <DIR> PCSUIT~1 PC Suite
08/06/2007 09:37 AM <DIR> Real
04/01/2007 10:27 PM <DIR> Sun
06/11/2007 02:50 AM <DIR> Teleca
10/20/2007 12:09 AM <DIR> U3
08/02/2007 04:22 PM <DIR> Uniblue
04/01/2007 01:17 AM <DIR> WEBCOM~1 WebCompiler3
04/03/2007 07:09 PM <DIR> WINPAT~1 WinPatrol
11/25/2007 01:06 AM <DIR> Yahoo!
11/23/2007 02:18 PM <DIR> ZIPGEN~1 ZipGenius
0 File(s) 0 bytes
29 Dir(s) 5,431,963,648 bytes free
Volume in drive C has no label.
Volume Serial Number is 7CFE-1607
Directory of C:\Documents and Settings\All Users\Application Data
11/25/2007 04:37 PM <DIR> .
11/25/2007 04:37 PM <DIR> ..
07/11/2007 03:38 AM <DIR> APPLEC~1 Apple Computer
04/04/2007 01:23 AM <DIR> Avg7
11/19/2007 07:38 PM <DIR> Azureus
04/06/2007 12:59 AM <DIR> Comodo
07/18/2007 03:59 PM <DIR> CONEXW~1 ConeXware
08/05/2007 05:11 PM <DIR> Google
08/12/2007 06:57 AM <DIR> Intuit
04/28/2007 01:23 PM <DIR> iolo
11/25/2007 05:01 PM <DIR> KASPER~1 Kaspersky Lab
04/01/2007 01:15 AM <DIR> McAfee
08/02/2007 01:25 AM <DIR> MICROS~1 Microsoft
10/31/2007 08:28 PM <DIR> MICROS~2 Microsoft Help
07/31/2007 05:18 PM <DIR> NFSUND~1 NFS Underground
08/06/2007 04:09 PM <DIR> OFFICE~1 Office Genuine Advantage
07/31/2007 09:24 AM <DIR> PCSUIT~1 PC Suite
11/24/2007 07:30 AM <DIR> SECTBU~1 sect burn file once
11/20/2007 09:37 PM <DIR> SITEAD~1 SiteAdvisor
11/25/2007 01:17 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
05/01/2007 01:31 AM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
08/03/2007 05:11 AM <DIR> Symantec
11/25/2007 04:36 PM <DIR> TEMP
11/19/2007 08:04 PM <DIR> Trymedia
08/06/2007 04:09 PM <DIR> WINDOW~1 Windows Genuine Advantage
11/24/2007 03:27 PM <DIR> Yahoo!
0 File(s) 0 bytes
26 Dir(s) 5,431,959,552 bytes free
--------------------------------------------------------
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:25 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\LocalCooling\localcooling.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [LocalCooling] "D:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [3wPlayer Service] C:\Program Files\3wPlayer\wakeservice.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179928194125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177045980671
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RetailEdge_Server (Service_DB) - Unknown owner - C:\Program Files\High Meadow Business Solutions\RetailEdge 8.0\Server\RetailEdge_Server_8_0.exe (file missing)
--
End of file - 4436 bytes
. Richie, ComboFix didn't finished scanning my computer; when it was 'preparing to make a log' it suddenly got hanged, but I didn't touch it's window. How can I overcome this problem?