ComboFix 08-02.05.3 - Patrick 2008-02-09 22:27:25.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.757 [GMT -8:00]
Running from: C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\XUANKVRL\ComboFix[1].exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
[i] ADS - svchost.exe: deleted 88 bytes in 2 streams. [/i]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
hxxp://www.download.wi�j+|�C���̛v�+�@�J�:���N�GD_���D�Q�{��z�GD_���D�Q�{��z�GD_���D�Q�{��z�GD_���D�Q�{��z��+�@�J�:���N��j+|�C���̛vad


	S-1-5-18`
�HT4?

?
  



6�VwoQZC��D�H��M
sC:\WINDOWS\SoftwareDistribution\Download\4982a61e2216973813f44f56425bf3d9\73d75d7b41f8a3d49f272e74d4f73bb5e82f1acf�
.
(((((((((((((((((((((((((   Files Created from 2008-01-10 to 2008-02-10  )))))))))))))))))))))))))))))))
.

2008-02-09 21:22 . 2008-02-09 21:22	<DIR>	d--------	C:\Program Files\Xilisoft
2008-02-09 19:19 . 2008-02-09 19:19	<DIR>	d--h-----	C:\WINDOWS\PIF
2008-02-09 19:03 . 2008-02-09 19:03	26,000	--a------	C:\WINDOWS\system32\E3TL.DLL
2008-02-09 18:49 . 2008-02-09 18:49	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Zenturi
2008-02-09 13:48 . 2008-02-09 13:48	<DIR>	d--------	C:\WINDOWS\LastGood
2008-02-09 13:43 . 2008-02-09 13:43	<DIR>	d--------	C:\Program Files\Terra Firma Software, LLC
2008-02-09 13:40 . 2008-02-09 13:42	<DIR>	d--------	C:\Program Files\WinX DVD Player 3.0
2008-02-09 13:38 . 2008-02-09 13:39	<DIR>	d--------	C:\Program Files\pcYourPod
2008-02-09 12:09 . 2006-08-03 22:55	13	--a------	C:\WINDOWS\system32\drivers\WLANver.tic
2008-02-09 11:18 . 2008-02-09 11:18	<DIR>	d--------	C:\QFE329048.temp
2008-02-09 03:46 . 2008-02-09 03:46	<DIR>	d--------	C:\SUpgrade3.5B3.temp
2008-02-09 03:42 . 2008-02-09 03:42	<DIR>	d--------	C:\QFE810577.temp
2008-02-09 03:31 . 2003-08-13 11:56	28,672	--a------	C:\WINDOWS\system32\CloseACU.exe
2008-02-09 03:31 . 2003-08-06 18:22	24,576	--a------	C:\WINDOWS\system32\DelRunOnceReg.exe
2008-02-09 00:31 . 2008-02-09 00:31	<DIR>	d--------	C:\Program Files\CCleaner
2008-02-08 18:11 . 2008-02-08 18:31	91,700	--a------	C:\WINDOWS\system32\drivers\klin.dat
2008-02-08 18:11 . 2008-02-08 18:11	85,860	--a------	C:\WINDOWS\system32\drivers\klick.dat
2008-02-08 18:10 . 2008-02-08 18:10	<DIR>	d--------	C:\Program Files\Kaspersky Lab
2008-02-08 18:10 . 2008-02-09 13:02	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-08 18:01 . 2008-02-08 18:01	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-06 20:16 . 2008-02-06 20:16	<DIR>	d--------	C:\Program Files\LimeWire
2008-02-06 20:16 . 2008-02-06 20:34	<DIR>	d--------	C:\Documents and Settings\Patrick\Application Data\LimeWire
2008-02-06 12:08 . 2008-02-06 12:08	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-02-04 01:42 . 2008-02-04 01:42	<DIR>	d--------	C:\Config Free.temp
2008-02-03 20:40 . 2008-02-03 20:40	<DIR>	d--h-----	C:\Documents and Settings\Patrick\WLANProfiles
2008-02-03 20:40 . 2008-02-03 20:40	<DIR>	d--h-----	C:\Documents and Settings\All Users\WLANProfiles
2008-02-03 20:29 . 2008-02-03 20:29	<DIR>	d--------	C:\Intel Utility.temp
2008-02-03 20:24 . 2008-02-03 20:24	17,801	--a------	C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-03 20:21 . 2008-02-03 20:21	<DIR>	d--------	C:\inteltemp
2008-02-03 20:20 . 2008-02-03 20:20	<DIR>	d--------	C:\Program Files\DVD-RAM
2008-02-03 20:20 . 2003-03-14 11:38	155,648	---------	C:\WINDOWS\system32\RAMASST.exe
2008-02-03 20:20 . 2003-05-22 13:44	135,168	---------	C:\WINDOWS\system32\DVDMenu.dll
2008-02-03 20:20 . 2003-05-23 13:38	106,496	---------	C:\WINDOWS\system32\DVDRAMSV.exe
2008-02-03 20:20 . 2003-01-31 17:45	90,416	---------	C:\WINDOWS\system32\drivers\meiudf.sys
2008-02-03 20:19 . 2008-02-03 20:19	<DIR>	d--------	C:\DVDRam.temp
2008-02-03 20:17 . 2008-02-03 20:17	<DIR>	d--------	C:\Program Files\InterVideo Information Service
2008-02-03 20:17 . 2008-02-03 20:17	<DIR>	d--------	C:\Program Files\Common Files\Ulead
2008-02-03 20:17 . 2006-05-11 18:41	654	---------	C:\WINDOWS\remove.iss
2008-02-03 20:15 . 2008-02-03 20:15	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-03 20:11 . 2008-02-03 20:13	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp
2008-02-01 21:02 . 2008-02-01 21:02	<DIR>	d--------	C:\Documents and Settings\Patrick\Application Data\Grisoft
2008-02-01 21:02 . 2007-05-30 04:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 19:59 . 2008-02-08 18:00	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 19:41 . 2008-02-01 22:51	2,550	--a------	C:\WINDOWS\system32\Uninstall.ico
2008-01-31 19:41 . 2008-02-01 22:51	1,406	--a------	C:\WINDOWS\system32\Help.ico
2008-01-31 19:31 . 2008-01-31 19:31	<DIR>	d--------	C:\Program Files\Trend Micro
2008-01-30 21:02 . 2008-02-07 22:43	<DIR>	d--------	C:\Documents and Settings\Patrick\Application Data\DivX
2008-01-30 20:57 . 2008-01-30 21:08	<DIR>	d--------	C:\Documents and Settings\Patrick\Application Data\U3
2008-01-29 18:59 . 2008-01-29 18:59	<DIR>	d--------	C:\Documents and Settings\Patrick\Application Data\Skype
2008-01-29 18:59 . 2008-01-29 18:59	<DIR>	d--------	C:\Documents and Settings\Patrick\Application Data\MySpace
2008-01-27 14:14 . 2008-01-27 14:14	<DIR>	d--------	C:\Program Files\Microsoft Silverlight
2008-01-27 14:12 . 2006-11-12 22:02	288,768	---------	C:\WINDOWS\system32\rhttpaa.dll
2008-01-27 14:12 . 2006-11-12 22:02	116,736	---------	C:\WINDOWS\system32\aaclient.dll
2008-01-27 14:12 . 2006-11-12 22:02	36,352	---------	C:\WINDOWS\system32\tsgqec.dll
2008-01-27 13:49 . 2004-08-03 22:01	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-27 13:49 . 2004-08-03 22:01	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-27 13:48 . 2008-01-27 13:48	<DIR>	d--------	C:\WINDOWS\samsung
2008-01-27 13:48 . 2001-05-10 13:58	55,376	--a------	C:\WINDOWS\Ml165.hlp
2008-01-27 13:48 . 2001-08-30 17:00	45,056	--a------	C:\WINDOWS\system32\InsDrv2K.dll
2008-01-27 13:48 . 2001-03-20 16:10	3,262	--a------	C:\WINDOWS\reinstall.ico
2008-01-27 13:48 . 2001-03-20 14:52	766	--a------	C:\WINDOWS\Uninstall.ico
2008-01-27 13:21 . 2008-01-27 13:21	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-01-27 12:40 . 2008-01-27 12:40	<DIR>	d--------	C:\Program Files\MSBuild
2008-01-27 12:35 . 2008-01-27 13:23	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer
2008-01-27 12:35 . 2008-01-27 12:35	<DIR>	d--------	C:\Program Files\Reference Assemblies
2008-01-27 12:34 . 2008-01-27 12:34	<DIR>	d--------	C:\d56d2096154170eeca65f4d1a39c
2008-01-27 12:34 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll
2008-01-26 18:34 . 2003-09-10 16:22	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-26 18:34 . 2003-09-11 08:38	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-01-26 18:34 . 2003-09-10 16:20	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-26 18:34 . 2003-09-10 15:40	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD+DVD
2008-01-26 17:31 . 2008-01-26 17:34	<DIR>	d--h-----	C:\WINDOWS\Icons
2008-01-26 14:44 . 2008-01-27 08:48	<DIR>	d--------	C:\Documents and Settings\Patrick\Application Data\Apple Computer
2008-01-26 14:44 . 2008-02-09 13:02	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-26 14:44 . 2008-01-26 14:44	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-26 14:43 . 2008-01-26 14:43	<DIR>	d--------	C:\Program Files\iTunes
2008-01-26 14:43 . 2008-01-26 14:43	<DIR>	d--------	C:\Program Files\iPod
2008-01-26 14:42 . 2008-01-26 14:43	<DIR>	d--------	C:\Program Files\QuickTime
2008-01-26 14:42 . 2008-01-26 14:42	<DIR>	d--------	C:\Program Files\Common Files\Apple
2008-01-26 14:42 . 2008-01-26 14:42	<DIR>	d--------	C:\Program Files\Apple Software Update
2008-01-26 14:42 . 2008-01-26 15:20	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-26 14:42 . 2008-01-26 14:42	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Apple
2008-01-26 14:39 . 2008-01-26 14:39	0	--a------	C:\WINDOWS\mozy.flt
2008-01-26 14:39 . 2008-01-26 14:39	0	--a------	C:\WINDOWS\mozy.blk
2008-01-26 14:05 . 2008-01-26 14:12	<DIR>	d--------	C:\WINDOWS\Symbols
2008-01-26 12:20 . 2008-02-06 21:16	<DIR>	d--------	C:\Program Files\TuneUp Utilities 2007
2008-01-26 12:20 . 2008-01-26 12:20	<DIR>	d--------	C:\Documents and Settings\Patrick\Application Data\TuneUp Software
2008-01-26 12:20 . 2008-01-26 12:20	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-26 12:20 . 2007-05-16 09:41	29,704	--a------	C:\WINDOWS\system32\uxtuneup.dll
2008-01-26 10:12 . 2008-02-09 22:43	4,155,680	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-26 10:12 . 2008-02-09 22:42	198,944	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-26 10:12 . 2008-02-09 13:00	54,284	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-26 10:12 . 2008-02-09 13:00	18,260	--ahs----	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-26 10:08 . 2008-02-08 17:59	<DIR>	d--------	C:\KAV
2008-01-26 09:39 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll
2008-01-26 09:39 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll
2008-01-26 09:39 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2008-01-26 03:54 . 2008-01-26 03:55	<DIR>	d--------	C:\Program Files\DivX
2008-01-26 03:54 . 2008-01-04 13:58	129,784	---------	C:\WINDOWS\system32\pxafs.dll
2008-01-26 03:54 . 2008-01-04 13:58	120,056	---------	C:\WINDOWS\system32\pxcpyi64.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 01:35	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-02-04 04:24	---------	d-----w	C:\Program Files\Intel
2008-02-04 04:15	---------	d-----w	C:\Program Files\InterVideo
2008-02-04 04:15	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-01-27 21:12	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-01-26 10:27	---------	d-----w	C:\Program Files\Java
2008-01-26 09:50	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-01-26 05:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\AOL
2008-01-26 05:32	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-04 21:58	43,528	------w	C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-18 08:43	23,396	----a-w	C:\WINDOWS\system32\drivers\klopp.dat
2007-12-13 21:28	24,592	----a-w	C:\WINDOWS\system32\drivers\klim5.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24 65536]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2003-04-15 19:01 258048]
"000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"nwiz"="nwiz.exe" [2003-09-24 17:00 323584 C:\WINDOWS\system32\nwiz.exe]
"TFNF5"="TFNF5.exe" [2003-07-18 16:41 73728 C:\WINDOWS\system32\TFNF5.exe]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 15:01 86073]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 10:20 88363 C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 18:25 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 18:23 614400]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-21 17:00 126976]
"TPSMain"="TPSMain.exe" [2003-09-04 17:49 274432 C:\WINDOWS\system32\TPSMain.exe]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 09:29 40960]
"TFncKy"="TFncKy.exe" []
"Pinger"="C:\Toshiba\ivp\ISM\pinger.exe" [2002-10-17 12:21 159744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-09-24 17:00 4861952]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"ZCfgSvc.exe"="c:\WINDOWS\system32\ZCfgSvc.exe" [2006-08-03 03:19 639040]
"PRONoMgr.exe"="c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 06:08 135168]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43 227856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2008-02-03 20:20:20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\system32\LgNotify.dll 2006-08-03 03:20 188482 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2008-02-09 19:30]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-02-09 19:30]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2003-05-14 16:38]
S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2003-02-12 08:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{179cee9c-cf61-11dc-889d-000cf10850fb}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - NETTCPPORTSHARING
.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 20:20:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-26 22:42:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-09 10:08:12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 22:43:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-02-09 22:45:35
ComboFix-quarantined-files.txt  2008-02-10 06:45:31
.
2008-02-06 20:08:58	--- E O F ---