ComboFix 08-04-29.5 - Administrator 2008-05-02 12:28:59.6 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.98 [GMT -7:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))) . 2008-05-02 12:29 . 08-05-02 12:29 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2a0.dat 2008-04-21 20:01 . 08-05-01 14:56 553,954 ---h----- C:\WINNT\ShellIconCache 2008-04-20 20:14 . 08-04-20 20:14 127 --a------ C:\WINNT\system32\MRT.INI 2008-04-20 19:07 . 08-04-20 19:07 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-20 19:07 . 08-04-20 19:07 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-20 19:07 . 08-04-20 19:07 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-04-20 15:28 . 08-04-20 15:28 d-------- C:\Program Files\Alwil Software 2008-04-20 14:40 . 08-04-20 14:40 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks 2008-04-20 14:40 . 08-04-20 14:40 d-------- C:\Documents and Settings\Administrator\Application Data\TVU Networks 2008-04-20 14:39 . 08-04-20 14:39 d-------- C:\Documents and Settings\Administrator\LocalLow 2008-04-20 12:20 . 08-04-20 12:20 19,387 --a------ C:\WINNT\system32\drivers\AegisP.sys 2008-04-20 12:19 . 08-04-20 12:19 d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-01 00:56 --------- d-----w C:\Program Files\TVUPlayer 2008-04-20 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-19 09:26 1,644,080 ----a-w C:\WINNT\system32\WIN32K.SYS 2008-03-17 00:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM 2008-02-19 17:08 236,304 ----a-w C:\WINNT\system32\GDI32.DLL 2008-02-15 18:17 575,488 ----a-w C:\WINNT\system32\WININET.DLL 2008-02-15 13:24 96,528 ----a-w C:\WINNT\system32\dnsrslvr.dll 2004-10-09 23:43 921,838 ----a-w C:\Documents and Settings\Administrator\lkid.exe 2004-06-13 16:53 449 ----a-w C:\Documents and Settings\Administrator\UpdateReg.reg 2004-02-21 17:35 303,104 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJSTAR.EXE 2004-02-21 17:35 276,480 ----a-r C:\Documents and Settings\NJStar Chinese WP\Remove.exe 2004-01-30 06:28 271 ---h--w C:\Program Files\desktop.ini 2004-01-30 06:28 21,952 ---h--w C:\Program Files\folder.htt 2000-01-07 17:31 77,824 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJINPUT.DLL 2000-01-07 17:31 56,320 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJEDTCHT.DLL 2000-01-07 17:31 49,152 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJDBCS.DLL 2000-01-07 17:31 331,776 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJEDIT.DLL 2000-01-07 17:31 31,068 ----a-r C:\Documents and Settings\NJStar Chinese WP\B5INPDIC.EXE 2000-01-07 17:31 232,960 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJRESCHT.DLL 2000-01-07 17:31 143,360 ----a-r C:\Documents and Settings\NJStar Chinese WP\NJTXTOUT.DLL 1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [04-02-21 14:38 111616 C:\WINNT\system32\mobsync.exe] "Smapp"="Smtray.exe" [01-07-25 15:22 65536 C:\WINNT\system32\SMTray.exe] "Promon.exe"="Promon.exe" [00-04-13 04:34 29184 C:\WINNT\system32\promon.exe] "NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [06-08-11 22:43 7630848] "nwiz"="nwiz.exe" [06-08-11 22:43 1519616 C:\WINNT\system32\nwiz.exe] "HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01-11-19 07:27 196608] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ] "msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.02.3000.1001\en-us\msnappau.exe" [04-08-13 18:41 86016] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05-07-22 08:48 98304] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05-06-24 15:16 278528] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06-06-05 19:57 180269] "dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [06-05-22 14:26 694272] "NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [06-08-11 22:43 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50 221184] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= mmdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 S3 DbgProxy;Visual Studio Debugger Proxy Service;C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Packages\Debugger\dbgproxy.exe [04-02-20 23:06 ] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\8d538988-50a3-4b76-b9b2-8d0bbc469acc] C:\WINNT\system32\oaocara.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-02 12:33:02 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-02 12:41:34 ComboFix-quarantined-files.txt 2008-05-02 19:41:23 Pre-Run: 13,568,286,720 bytes free Post-Run: 13,560,332,288 bytes free 97 --- E O F --- 2008-04-22 03:01:14