Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.195 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.
2008-02-24 17:07 . 2008-02-24 19:17 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-24 12:47 . 2008-02-24 12:47 <DIR> d-------- C:\kav
2008-02-22 13:05 . 2008-02-22 13:08 <DIR> d-------- C:\Documents and Settings\Administrator\Tracing
2008-02-22 13:04 . 2008-02-22 13:04 <DIR> d-------- C:\Program Files\DIFX
2008-02-22 13:04 . 2007-09-28 23:08 84,992 --a------ C:\WINDOWS\system32\lmdimon8.dll
2008-02-22 13:03 . 2008-02-22 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Applications
2008-02-19 20:51 . 2008-02-19 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-19 20:45 . 2008-02-19 20:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-13 15:34 . 2006-10-13 05:23 163,584 -----c--- C:\WINDOWS\system32\dllcache\nwrdr.sys
2008-02-13 15:34 . 2006-10-13 07:35 142,336 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-02-13 15:34 . 2006-10-13 07:35 65,536 -----c--- C:\WINDOWS\system32\dllcache\nwwks.dll
2008-02-10 22:24 . 2008-02-10 23:15 349 --a------ C:\WINDOWS\wininit.ini
2008-02-10 21:02 . 2008-02-24 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-10 20:59 . 2008-02-10 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 17:05 . 2008-02-10 19:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 17:05 . 2008-02-10 19:46 6,472 --a------ C:\WINDOWS\unins000.dat
2008-02-10 16:51 . 2008-02-10 20:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-10 16:51 . 2008-02-19 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 00:29 . 2008-02-10 20:36 0 --a------ C:\1.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 00:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-02-25 00:22 --------- d-----w C:\Program Files\QuickTime
2008-02-25 00:20 --------- d-----w C:\Program Files\Napster
2008-02-25 00:15 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-20 01:55 --------- d-----w C:\Program Files\Yahoo!
2008-02-20 01:55 --------- d-----w C:\Program Files\Verizon Wireless
2008-02-20 01:55 --------- d-----w C:\Program Files\Common Files\Scanner
2008-02-20 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-20 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-02-20 01:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-02-20 01:45 --------- d-----w C:\Program Files\InterActual
2008-02-12 13:44 --------- d-----w C:\Program Files\Nick Jr. Arcade
2008-02-07 15:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-16 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-11 03:48 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2007-11-27 13:07 27,952 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.
Files Infected - Win32.Agent.zb
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75FC807-03FB-437F-AB4F-6F3B30989DF5}]
2002-08-29 17:08 84992 --a------ C:\WINDOWS\system32\atipdlx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 14:18 23233576]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 17:05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-29 16:21 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2002-05-24 16:32 286720 C:\WINDOWS\system32\atiptaxx.exe]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 19:12 65536 C:\WINDOWS\GWMDMMSG.exe]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [2002-06-12 17:23 27648]
"Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 14:13 98361 C:\WINDOWS\GWHotKey.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-03-07 11:10 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-03-07 11:10 413696]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 04:05 684032]
"AirCardEnabler"="C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe" [2003-06-24 20:54 163840]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 02:01 57344]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-10 21:00 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 21:00 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-05 17:31:54 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 nkaydkyf;nkaydkyf;C:\WINDOWS\system32\drivers\nouwcrti.dat []
S3 AIR555;Sierra Wireless AirCard 555 NIC + Modem (NIC Interface);C:\WINDOWS\system32\DRIVERS\air555.sys [2003-07-29 17:39]
S3 IFCUSB;IFCUSB;C:\WINDOWS\system32\drivers\IFCUSB.SYS [2001-05-23 00:55]
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys [2005-05-04 08:59]
S3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys [2005-05-04 09:00]
S3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys [2005-05-04 09:00]
S3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys [2005-05-04 09:01]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys [2005-05-04 09:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603ef1e0-4051-11da-a442-00e0b85349eb}]
\Shell\AutoRun\command - E:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 02:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-24 22:58:52 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 19:45:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-24 19:46:54
.
2008-02-24 17:40:40 --- E O F ---