ComboFix 08-04-20.5 - Administrator 2008-04-22 10:54:35.2 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.93 [GMT -7:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\RECYCLER\desktop.ini C:\WINNT\pskt.ini C:\WINNT\system32\Cache C:\WINNT\system32\Cache\Paint_76.exe C:\WINNT\system32\Cache\SmartDownload.exe C:\WINNT\system32\Cache\uninstall.exe C:\WINNT\system32\ddaby.dll C:\WINNT\system32\Fun.exe C:\WINNT\system32\ybadd.ini C:\WINNT\system32\ybadd.ini2 C:\WINNT\Web\default.htt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE ((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))) . 2008-04-22 11:02 . 08-04-22 11:02 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_384.dat 2008-04-21 20:01 . 08-04-22 10:32 466,426 ---h----- C:\WINNT\ShellIconCache 2008-04-21 16:08 . 08-04-21 16:08 1,540,617 --ahs---- C:\WINNT\system32\glfyylpt.ini 2008-04-21 13:30 . 08-04-21 13:30 109,734 --a------ C:\WINNT\BMf3dff8e5.xml 2008-04-20 20:14 . 08-04-20 20:14 127 --a------ C:\WINNT\system32\MRT.INI 2008-04-20 19:07 . 08-04-20 19:07 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-20 19:07 . 08-04-20 19:07 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-20 19:07 . 08-04-20 19:07 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-04-20 15:28 . 08-04-20 15:28 d-------- C:\Program Files\Alwil Software 2008-04-20 14:40 . 08-04-20 14:40 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks 2008-04-20 14:40 . 08-04-20 14:40 d-------- C:\Documents and Settings\Administrator\Application Data\TVU Networks 2008-04-20 14:39 . 08-04-20 14:39 d-------- C:\Documents and Settings\Administrator\LocalLow 2008-04-20 12:20 . 08-04-20 12:20 19,387 --a------ C:\WINNT\system32\drivers\AegisP.sys 2008-04-20 12:19 . 08-04-20 12:19 d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-20 21:40 --------- d-----w C:\Program Files\TVUPlayer 2008-04-20 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-17 00:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM 2004-10-09 23:43 921,838 ----a-w C:\Documents and Settings\Administrator\lkid.exe 2004-06-13 16:53 449 ----a-w C:\Documents and Settings\Administrator\UpdateReg.reg 2004-02-21 17:35 303,104 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJSTAR.EXE 2004-02-21 17:35 276,480 ----a-r C:\Documents and Settings\NJStar Chinese WP\Remove.exe 2004-01-30 06:28 271 ---h--w C:\Program Files\desktop.ini 2004-01-30 06:28 21,952 ---h--w C:\Program Files\folder.htt 2000-01-07 17:31 77,824 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJINPUT.DLL 2000-01-07 17:31 56,320 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJEDTCHT.DLL 2000-01-07 17:31 49,152 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJDBCS.DLL 2000-01-07 17:31 331,776 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJEDIT.DLL 2000-01-07 17:31 31,068 ----a-r C:\Documents and Settings\NJStar Chinese WP\B5INPDIC.EXE 2000-01-07 17:31 232,960 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJRESCHT.DLL 2000-01-07 17:31 143,360 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJTXTOUT.DLL 2003-08-07 18:36 37,376 --sha-r C:\WINNT\system32\G1r\dex.exe 2004-02-22 02:08 1,202,093 --sha-r C:\WINNT\system32\G1r\fun.exe 2003-08-07 18:36 25,600 --sha-r C:\WINNT\system32\G1r\kern.exe 2004-02-18 06:46 18 --sha-r C:\WINNT\system32\G1r\seck.exe 2004-02-18 06:47 285 --sha-w C:\WINNT\system32\G1r\too1.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "Microsoft Video Capture Controls"="MSsrvs32.exe" [] "Microsoft Synchronization Manager"="WinLoginnn.exe" [] "Synchronization Data Schedul"="filtax.exe" [] "Task manager"="taskmngr.exe" [] "Mw4sRiGnQ"="nwwtres.exe" [] "System Updates"="rjoo.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "System Updates"="rjoo.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [04-02-21 14:38 111616 C:\WINNT\system32\mobsync.exe] "Smapp"="Smtray.exe" [01-07-25 15:22 65536 C:\WINNT\system32\SMTray.exe] "Promon.exe"="Promon.exe" [00-04-13 04:34 29184 C:\WINNT\system32\promon.exe] "NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [06-08-11 22:43 7630848] "nwiz"="nwiz.exe" [06-08-11 22:43 1519616 C:\WINNT\system32\nwiz.exe] "HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01-11-19 07:27 196608] "Microsoft Video Capture Controls"="MSsrvs32.exe" [] "Microsoft Synchronization Manager"="WinLoginnn.exe" [] "Synchronization Data Schedul"="filtax.exe" [] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ] "msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.02.3000.1001\en-us\msnappau.exe" [04-08-13 18:41 86016] "8q8rg0oc"="" [] "antiware"="" [] "77ni3si"="" [] "njzqzdls"="c:\winnt\system32\njzqzdls.exe" [ ] "AntiSpy"="C:\Program Files\AntiSpy\AntiSpy.exe" [ ] "System Updates"="rjoo.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05-07-22 08:48 98304] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05-06-24 15:16 278528] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 155648] "Win2KService"="C:\winnt\system32\Lavan\system32.exe" [ ] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06-06-05 19:57 180269] "dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [06-05-22 14:26 694272] "NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [06-08-11 22:43 86016] "f0eccb79"="C:\WINNT\system32\tplyyflg.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Video Capture Controls"="MSsrvs32.exe" [] "Microsoft Synchronization Manager"="WinLoginnn.exe" [] "Synchronization Data Schedul"="filtax.exe" [] "Task manager"="taskmngr.exe" [] "System Updates"="rjoo.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Microsoft Video Capture Controls"="MSsrvs32.exe" [] "Microsoft Synchronization Manager"="WinLoginnn.exe" [] "Synchronization Data Schedul"="filtax.exe" [] "Microsoft Update Machine"="cxip.exe" [] "fkwz"="C:\PROGRA~1\COMMON~1\fkwz\fkwzm.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50 221184] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 69632] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "xsrqxvnb.exe"= C:\WINNT\system\xsrqxvnb.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 S2 Wupdated;Windows Update Service;C:\WINNT\system32\wupdated.exe [] S3 DbgProxy;Visual Studio Debugger Proxy Service;C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Packages\Debugger\dbgproxy.exe [04-02-20 23:06 ] S3 naecd;naecd;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\naecd.sys [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\8d538988-50a3-4b76-b9b2-8d0bbc469acc] C:\WINNT\system32\oaocara.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\8d538988-50a3-4b76-b9b2-8d0bbc469acc] C:\WINNT\system32\oaocara.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-22 11:02:50 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Microsoft Video Capture Controls = MSsrvs32.exe? Microsoft Synchronization Manager = WinLoginnn.exe??????????????????????????????????????????????????? Synchronization Data Schedul = filtax.exe??????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-22 11:14:15 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2008-04-22 18:14:09 Pre-Run: 13,339,168,768 bytes free Post-Run: 13,331,410,944 bytes free 160 --- E O F --- 2008-04-22 03:01:14