ComboFix 08-04-16.5 - Owner 2008-04-18 7:37:11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.405 [GMT -7:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\72726850 C:\smp.bat C:\WINDOWS\BM07668a71.xml C:\WINDOWS\system32\ecgcmgtk.ini C:\WINDOWS\system32\nwegjhgs.ini C:\WINDOWS\system32\pyrfrhpi.tmp C:\WINDOWS\system32\xkftijyy.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\72726850 C:\Documents and Settings\All Users\Application Data\huhqjazw C:\Documents and Settings\All Users\Application Data\mnutgpsx C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\CPV.stt C:\Program Files\Common Files\uzkf C:\Program Files\Common Files\uzkf\uzkfa.lck C:\Program Files\Common Files\uzkf\uzkfd\class-barrel C:\Program Files\Common Files\uzkf\uzkfd\vocabulary C:\Program Files\Common Files\uzkf\uzkfl.lck C:\Program Files\Common Files\uzkf\uzkfm.lck C:\smp.bat C:\WINDOWS\BM07668a71.xml C:\WINDOWS\dXNlcg C:\WINDOWS\dXNlcg\xrh5w0.vbs C:\WINDOWS\system32\ecgcmgtk.ini C:\WINDOWS\system32\nwegjhgs.ini C:\WINDOWS\system32\pyrfrhpi.tmp C:\WINDOWS\system32\xkftijyy.tmp C:\WINDOWS\uzkf C:\WINDOWS\uzkf\uzkf.dat C:\WINDOWS\uzkf\wu . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BBVDIRNSAY -------\Legacy_KBXMNRSFG -------\Legacy_NWSAPAGENT -------\Legacy_PNUJVTCMSL -------\Service_bbvdirnsay -------\Service_kbxmnrsfg -------\Service_NwSapAgent -------\Service_pnujvtcmsl ((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 ))))))))))))))))))))))))))))))) . 2008-04-18 07:32 . 2004-08-04 00:56 69,120 --a------ C:\WINDOWS\system32\notepad.exe 2008-04-18 07:32 . 2004-08-04 00:56 69,120 --a--c--- C:\WINDOWS\system32\dllcache\notepad.exe 2008-04-17 06:50 . 2008-04-17 06:50 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-04-17 06:49 . 2008-04-17 06:49 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-17 06:49 . 2008-04-17 06:49 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-16 15:56 . 2008-04-16 15:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-04-16 07:31 . 2008-04-16 07:31 d-------- C:\Program Files\Avira 2008-04-16 07:31 . 2008-04-16 07:31 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-04-14 10:51 . 2008-04-14 10:51 d--h----- C:\WINDOWS\system32\GroupPolicy 2008-04-03 17:29 . 2008-04-03 20:47 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-02 02:07 . 2008-04-02 02:07 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons 2008-04-01 15:40 . 2008-04-16 15:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-01 15:40 . 2008-04-01 15:40 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-29 06:29 . 2008-03-29 06:29 d-------- C:\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-17 13:28 --------- d-----w C:\Program Files\World of Warcraft 2008-04-15 14:39 10 ----a-w C:\Program Files\.autoreg 2008-04-01 21:06 --------- d-----w C:\Program Files\Diablo II 2008-03-19 11:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus 2008-03-19 00:51 --------- d-----w C:\Program Files\Azureus 2008-03-12 05:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-12 04:18 --------- d-----w C:\Program Files\Disney 2008-03-06 22:52 --------- d-----w C:\Program Files\Lavasoft 2008-03-06 22:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft 2008-03-06 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-03-06 22:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7 2008-03-06 22:42 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-06 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-27 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-27 12:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-26 22:55 --------- d-----w C:\Program Files\iTunes 2008-02-26 22:53 --------- d-----w C:\Program Files\iPod 2008-02-26 22:43 --------- d-----w C:\Program Files\Bonjour 2008-02-26 22:39 --------- d-----w C:\Program Files\QuickTime 2008-02-26 22:32 --------- d-----w C:\Program Files\Apple Software Update 2008-02-26 22:24 --------- d-----w C:\Program Files\Common Files\Apple 2008-02-26 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-02-26 10:38 --------- d-----w C:\Program Files\mIRC 2008-02-18 19:16 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2007-06-15 05:07 97,984 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 2006-08-26 14:49 47 ----a-w C:\Program Files\U32comm.ini 2004-05-28 16:12 1,024 -c--a-w C:\Documents and Settings\Owner\updata.exe 2004-04-07 01:38 561,152 ------w C:\Program Files\Softwrap.dll 2004-04-07 01:38 3,808 ------w C:\Program Files\ga_main.sw 2004-04-07 01:37 2,097,152 ------w C:\Program Files\ga_main.exe 2003-10-22 18:42 28,672 ------w C:\Program Files\xsystem.dll 2003-10-21 23:01 122,880 ------r C:\Program Files\RegisterX.dll 2002-11-15 22:39 7,336 ------w C:\Program Files\GIF Animator 5 Readme.html 2002-05-25 00:06 61,440 ------r C:\Program Files\u32Cfg.dll 2002-05-10 01:26 24,576 ------w C:\Program Files\u32sn.dll 2001-09-01 01:44 1,474,560 ------w C:\Program Files\u32Prod.dll 2001-08-29 06:53 40,960 ------w C:\Program Files\uINet.dll 2001-08-29 04:09 40,960 ------w C:\Program Files\UAboutbox.dll 2001-08-29 03:50 32,768 ------w C:\Program Files\u32Aps.dll 2001-08-28 09:13 53,248 ------w C:\Program Files\UFCCOMM.dll 2001-08-28 09:13 36,864 ------w C:\Program Files\UFCCOLOR.dll 2001-08-28 09:12 32,768 ------w C:\Program Files\UFCBUF.dll 2001-08-28 09:10 32,768 ------w C:\Program Files\Vepb40.dll 2001-08-28 09:10 28,672 ------w C:\Program Files\Vcvrt32.dll 2001-08-28 09:10 122,880 ------w C:\Program Files\Veui32.dll 2001-08-28 09:06 81,920 ------w C:\Program Files\EXE.UXE 2001-08-28 09:05 81,920 ------w C:\Program Files\anigen.exe 2001-08-28 09:05 294,912 ------w C:\Program Files\IdxEd.exe 2001-08-28 09:04 45,056 ------w C:\Program Files\USSGifsa.dll 2001-08-28 09:04 172,032 ------w C:\Program Files\UssCvt.dll 2001-08-28 09:00 28,672 ------w C:\Program Files\VFX32.dll 2001-08-28 08:59 311,296 ------w C:\Program Files\Tge.dll 2001-08-28 08:56 139,264 ------w C:\Program Files\Vft32.dll 2001-08-28 08:54 110,592 ------w C:\Program Files\wUfoComp.dll 2001-08-28 08:53 143,360 ------w C:\Program Files\ussjpgen.dll 2001-08-28 08:52 32,768 ------w C:\Program Files\ManageAd.dll 2001-08-28 08:51 36,864 ------w C:\Program Files\uwUpdate.dll 2001-08-28 08:51 36,864 ------w C:\Program Files\maskop.dll 2001-08-28 08:51 28,672 ------w C:\Program Files\ucsRWUFO.dll 2001-08-28 08:50 147,456 ------w C:\Program Files\uRender.dll 2001-08-28 08:49 36,864 ------w C:\Program Files\uShadow.dll 2001-08-28 08:49 253,952 ------w C:\Program Files\UpiCtrl.dll 2001-08-28 08:48 86,016 ------w C:\Program Files\ucp1.ucp 2001-08-28 08:48 36,864 ------w C:\Program Files\Pal.dll 2001-08-28 08:47 557,056 ------w C:\Program Files\U32path.dll 2001-08-28 08:47 344,064 ------w C:\Program Files\mpg_hvd.dll 2001-08-28 08:42 167,936 ------w C:\Program Files\sepa.dll 2001-08-28 08:41 180,224 ------w C:\Program Files\u32video.dll 2001-08-28 08:35 28,672 ------w C:\Program Files\uGifLib.dll 2001-08-28 08:35 114,688 ------w C:\Program Files\pngfio.dll 2001-08-28 08:34 28,672 ------w C:\Program Files\uLzwLib.dll 2001-08-28 08:33 61,440 ------w C:\Program Files\u32txtur.dll 2001-08-28 08:32 90,112 ------w C:\Program Files\u32Sel.dll 2001-08-28 08:32 32,768 ------w C:\Program Files\u32Plug.dll 2001-08-28 08:32 155,648 ------w C:\Program Files\u32Cvt.dll 2001-08-28 08:32 106,496 ------w C:\Program Files\u32Tx.dll 2001-08-28 08:31 221,184 ------w C:\Program Files\u32Fido.dll 2001-08-28 08:28 114,688 ------w C:\Program Files\u32File.dll 2001-08-28 08:27 45,056 ------w C:\Program Files\u32Brows.dll 2001-08-28 08:27 45,056 ------w C:\Program Files\u32Aps32.dll 2001-08-28 08:27 32,768 ------w C:\Program Files\u32Misc.dll 2001-08-28 08:27 155,648 ------w C:\Program Files\u32Clips.dll 2001-08-28 08:27 143,360 ------w C:\Program Files\uJpgLib.dll 2001-08-28 08:26 241,664 ------w C:\Program Files\u32Base.dll 2001-08-28 08:25 114,688 ------w C:\Program Files\u32Comm.dll 2001-08-21 10:06 114,688 ------w C:\Program Files\VFX_WMT.dll 2001-07-19 17:57 462,809 ------w C:\Program Files\AGIF.HLP 2001-03-08 22:10 31,560 ------w C:\Program Files\IDXGIF.HLP 2001-03-06 19:25 2,396 ---h--w C:\Program Files\U32FILE.CFG 2001-03-05 21:32 8,283 ------w C:\Program Files\AGIF.CNT 2001-03-05 20:57 35,606 ------w C:\Program Files\DB.HLP 2001-03-01 17:52 8,852 ------w C:\Program Files\UWUPDATE.HLP 2000-08-09 16:54 431,735 ------w C:\Program Files\UPI.HLP 1999-10-15 19:50 1,056,768 ------w C:\Program Files\ROBOEX32.DLL 1999-09-01 00:41 31,227 ------w C:\Program Files\logo.gif 1999-08-26 18:20 6,370 ----a-w C:\Program Files\Desktop2.txt 1999-08-26 18:20 508,210 ----a-w C:\Program Files\Desktop2.exe 1999-08-26 18:20 1,927,937 ----a-w C:\Program Files\Desktop2.cca 1999-06-26 03:14 3,766 ------w C:\Program Files\iearrowhead.dat 1999-01-28 22:44 49,152 ------w C:\Program Files\INETWH32.dll 2004-07-13 21:41 2,926 -csha-w C:\WINDOWS\yduvm.dat 2007-07-13 17:30 80 --sh--r C:\WINDOWS\system32\40C3B5A293.dll . ((((((((((((((((((((((((((((( snapshot@2008-04-17_19.53.27.20 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-18 02:38:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 14:43:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344] "quicktime task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogOff"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 05:54 38400] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\computer alarm clock] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\indexsearch] --a------ 2002-08-12 12:07 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipinsightlan 02] --a------ 2003-06-11 01:52 380928 C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipinsightmonitor 02] --a------ 2003-06-11 01:52 122880 C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper] --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\javacore] C:\Program Files\\JavaCore\\JavaCore.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\microsoft works update detection] C:\Program Files\Microsoft Works\WkDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter] --a------ 2006-10-22 13:22 86016 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] --a------ 2006-03-17 16:11 81408 C:\WINDOWS\system32\P17.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\steam] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\twain] C:\Program Files\Twain\Twain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updreg] --------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybrowser] --a------ 2003-07-11 14:51 57344 C:\Program Files\Yahoo!\browser\ybrwicon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "GEARSecurity"=2 (0x2) "CLTNetCnService"=2 (0x2) "Bonjour Service"=2 (0x2) "AVGEMS"=2 (0x2) "Avg7UpdSvc"=2 (0x2) "Avg7Alrt"=2 (0x2) "Automatic LiveUpdate Scheduler"=2 (0x2) "Apple Mobile Device"=2 (0x2) "usnjsvc"=3 (0x3) "rpcapd"=3 (0x3) "IDriverT"=3 (0x3) "wfxsvc"=2 (0x2) "Schedule"=2 (0x2) "WZCSVC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\whitewlf930\\condition zero\\hl.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\whitewlf930\\counter-strike\\hl.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"= "C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "C:\\Program Files\\World of Warcraft\\WoW-1.10.1.5230-to-0.10.2.5257-enUS-downloader.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\sfxjt@yahoo.com\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\sfxjt@yahoo.com\\condition zero\\hl.exe"= "C:\\Program Files\\Xfire\\Xfire.exe"= "C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"= "C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\nikon7o7\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Valve\\Steam\\Steam.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\World of Warcraft\\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "6881:TCP"= 6881:TCP:Blizzard Downloader "6882:TCP"= 6882:TCP:Blizzard Downloader "6883:TCP"= 6883:TCP:Blizzard Downloader "6884:TCP"= 6884:TCP:Blizzard Downloader "6885:TCP"= 6885:TCP:Blizzard Downloader "6886:TCP"= 6886:TCP:Blizzard Downloader "6887:TCP"= 6887:TCP:Blizzard Downloader "6888:TCP"= 6888:TCP:Blizzard Downloader "6889:TCP"= 6889:TCP:Blizzard Downloader "6890:TCP"= 6890:TCP:Blizzard Downloader "6891:TCP"= 6891:TCP:Blizzard Downloader "6892:TCP"= 6892:TCP:Blizzard Downloader "6893:TCP"= 6893:TCP:Blizzard Downloader "6894:TCP"= 6894:TCP:Blizzard Downloader "6895:TCP"= 6895:TCP:Blizzard Downloader "6896:TCP"= 6896:TCP:Blizzard Downloader "6897:TCP"= 6897:TCP:Blizzard Downloader "6898:TCP"= 6898:TCP:Blizzard Downloader "6899:TCP"= 6899:TCP:Blizzard Downloader "6900:TCP"= 6900:TCP:Blizzard Downloader "6901:TCP"= 6901:TCP:Blizzard Downloader "6902:TCP"= 6902:TCP:Blizzard Downloader "6903:TCP"= 6903:TCP:Blizzard Downloader "6904:TCP"= 6904:TCP:Blizzard Downloader "6905:TCP"= 6905:TCP:Blizzard Downloader "6906:TCP"= 6906:TCP:Blizzard Downloader "6907:TCP"= 6907:TCP:Blizzard Downloader "6908:TCP"= 6908:TCP:Blizzard Downloader "6909:TCP"= 6909:TCP:Blizzard Downloader "6910:TCP"= 6910:TCP:Blizzard Downloader "6911:TCP"= 6911:TCP:Blizzard Downloader "6912:TCP"= 6912:TCP:Blizzard Downloader "6913:TCP"= 6913:TCP:Blizzard Downloader "6914:TCP"= 6914:TCP:Blizzard Downloader "6915:TCP"= 6915:TCP:Blizzard Downloader "6916:TCP"= 6916:TCP:Blizzard Downloader "6917:TCP"= 6917:TCP:Blizzard Downloader "6918:TCP"= 6918:TCP:Blizzard Downloader "6919:TCP"= 6919:TCP:Blizzard Downloader "6920:TCP"= 6920:TCP:Blizzard Downloader "6921:TCP"= 6921:TCP:Blizzard Downloader "6922:TCP"= 6922:TCP:Blizzard Downloader "6923:TCP"= 6923:TCP:Blizzard Downloader "6924:TCP"= 6924:TCP:Blizzard Downloader "6925:TCP"= 6925:TCP:Blizzard Downloader "6926:TCP"= 6926:TCP:Blizzard Downloader "6927:TCP"= 6927:TCP:Blizzard Downloader "6928:TCP"= 6928:TCP:Blizzard Downloader "6929:TCP"= 6929:TCP:Blizzard Downloader "6930:TCP"= 6930:TCP:Blizzard Downloader "6931:TCP"= 6931:TCP:Blizzard Downloader "6932:TCP"= 6932:TCP:Blizzard Downloader "6933:TCP"= 6933:TCP:Blizzard Downloader "6934:TCP"= 6934:TCP:Blizzard Downloader "6935:TCP"= 6935:TCP:Blizzard Downloader "6936:TCP"= 6936:TCP:Blizzard Downloader "6937:TCP"= 6937:TCP:Blizzard Downloader "6938:TCP"= 6938:TCP:Blizzard Downloader "6939:TCP"= 6939:TCP:Blizzard Downloader "6940:TCP"= 6940:TCP:Blizzard Downloader "6941:TCP"= 6941:TCP:Blizzard Downloader "6942:TCP"= 6942:TCP:Blizzard Downloader "6943:TCP"= 6943:TCP:Blizzard Downloader "6944:TCP"= 6944:TCP:Blizzard Downloader "6945:TCP"= 6945:TCP:Blizzard Downloader "6956:TCP"= 6956:TCP:Blizzard Downloader "6946:TCP"= 6946:TCP:Blizzard Downloader "6947:TCP"= 6947:TCP:Blizzard Downloader "6948:TCP"= 6948:TCP:Blizzard Downloader "6949:TCP"= 6949:TCP:Blizzard Downloader "6950:TCP"= 6950:TCP:Blizzard Downloader "6951:TCP"= 6951:TCP:Blizzard Downloader "6952:TCP"= 6952:TCP:Blizzard Downloader "6953:TCP"= 6953:TCP:Blizzard Downloader "6954:TCP"= 6954:TCP:Blizzard Downloader "6955:TCP"= 6955:TCP:Blizzard Downloader "6957:TCP"= 6957:TCP:Blizzard Downloader "6958:TCP"= 6958:TCP:Blizzard Downloader "6959:TCP"= 6959:TCP:Blizzard Downloader "6960:TCP"= 6960:TCP:Blizzard Downloader "6961:TCP"= 6961:TCP:Blizzard Downloader "6962:TCP"= 6962:TCP:Blizzard Downloader "6963:TCP"= 6963:TCP:Blizzard Downloader "6964:TCP"= 6964:TCP:Blizzard Downloader "6965:TCP"= 6965:TCP:Blizzard Downloader "6966:TCP"= 6966:TCP:Blizzard Downloader "6967:TCP"= 6967:TCP:Blizzard Downloader "6968:TCP"= 6968:TCP:Blizzard Downloader "6969:TCP"= 6969:TCP:Blizzard Downloader "6970:TCP"= 6970:TCP:Blizzard Downloader "6971:TCP"= 6971:TCP:Blizzard Downloader "6972:TCP"= 6972:TCP:Blizzard Downloader "6973:TCP"= 6973:TCP:Blizzard Downloader "6974:TCP"= 6974:TCP:Blizzard Downloader "6975:TCP"= 6975:TCP:Blizzard Downloader "6976:TCP"= 6976:TCP:Blizzard Downloader "6977:TCP"= 6977:TCP:Blizzard Downloader "6978:TCP"= 6978:TCP:Blizzard Downloader "6979:TCP"= 6979:TCP:Blizzard Downloader "6980:TCP"= 6980:TCP:Blizzard Downloader "6981:TCP"= 6981:TCP:Blizzard Downloader "6982:TCP"= 6982:TCP:Blizzard Downloader "6983:TCP"= 6983:TCP:Blizzard Downloader "6984:TCP"= 6984:TCP:Blizzard Downloader "6985:TCP"= 6985:TCP:Blizzard Downloader "6986:TCP"= 6986:TCP:Blizzard Downloader "6987:TCP"= 6987:TCP:Blizzard Downloader "6988:TCP"= 6988:TCP:Blizzard Downloader "6989:TCP"= 6989:TCP:Blizzard Downloader "6990:TCP"= 6990:TCP:Blizzard Downloader "6991:TCP"= 6991:TCP:Blizzard Downloader "6992:TCP"= 6992:TCP:Blizzard Downloader "6993:TCP"= 6993:TCP:Blizzard Downloader "6994:TCP"= 6994:TCP:Blizzard Downloader "6995:TCP"= 6995:TCP:Blizzard Downloader "6996:TCP"= 6996:TCP:Blizzard Downloader "6997:TCP"= 6997:TCP:Blizzard Downloader "6998:TCP"= 6998:TCP:Blizzard Downloader "6999:TCP"= 6999:TCP:Blizzard Downloader "33201:TCP"= 33201:TCP:Azureus R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02] S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 05:48] S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 22:29] S3 ATIPCXXX;ATI Parental control device;C:\WINDOWS\system32\DRIVERS\atipcxxx.sys [2001-08-17 05:49] S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys [2001-08-17 05:49] S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys [2001-08-17 05:49] S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 14:12] S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 14:12] S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 14:12] S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 14:12] S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 18:34] S4 wfxsvc;WinFax PRO;C:\WINDOWS\System32\WFXSVC.EXE [2000-02-14 18:36] . Contents of the 'Scheduled Tasks' folder "2008-03-28 03:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-04-25 01:49:20 C:\WINDOWS\Tasks\LifeChatTask.job" - C:\Program Files\Microsoft LifeChat\LifeChat.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-18 07:51:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 2 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Internet Explorer\iexplore.exe . ************************************************************************** . Completion time: 2008-04-18 8:06:07 - machine was rebooted [Owner] ComboFix-quarantined-files.txt 2008-04-18 15:05:38 ComboFix2.txt 2008-04-18 02:54:18 Pre-Run: 5,157,969,920 bytes free Post-Run: 5,095,464,960 bytes free . 2008-04-15 15:41:40 --- E O F ---