ComboFix 08-08-21.02 - Nate 2008-08-23 19:21:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2424 [GMT -7:00]
Running from: C:\Documents and Settings\Nate\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nate\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Nate\Application Data\inst.exe
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.
2008-08-22 17:12 . 1999-09-10 04:06 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-08-22 17:12 . 1999-09-10 04:06 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2008-08-22 17:12 . 1999-09-10 04:06 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2008-08-22 17:12 . 1999-09-10 04:06 4,672 --a------ C:\WINDOWS\system\wowpost.exe
2008-08-22 16:08 . 2008-08-22 16:08
d-------- C:\Program Files\zuwxokd
2008-08-19 19:03 . 2008-08-19 19:03 77,824 --a------ C:\WINDOWS\system32\efsxmlgj.exe
2008-08-19 11:35 . 2008-08-23 19:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-19 11:35 . 2008-08-19 11:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-19 11:27 . 2008-08-19 11:27 d-------- C:\WINDOWS\system32\scripting
2008-08-19 11:27 . 2008-08-19 11:27 d-------- C:\WINDOWS\system32\en
2008-08-19 11:27 . 2008-08-19 11:27 d-------- C:\WINDOWS\system32\bits
2008-08-19 11:27 . 2008-08-19 11:27 d-------- C:\WINDOWS\l2schemas
2008-08-19 11:25 . 2008-08-19 11:25 d-------- C:\WINDOWS\ServicePackFiles
2008-08-19 11:22 . 2008-08-19 11:22 d-------- C:\WINDOWS\EHome
2008-08-19 11:13 . 2008-04-13 17:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-17 22:38 . 2008-08-22 15:45 d-------- C:\Program Files\XoftSpySE
2008-08-17 18:37 . 2008-08-17 18:38 d-------- C:\Program Files\Ashampoo AntiSpyWare 2
2008-08-16 22:27 . 2008-08-16 22:27 d-------- C:\Program Files\Enigma Software Group
2008-08-16 21:44 . 2008-08-18 09:33 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-16 21:42 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-16 21:42 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-16 21:42 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-16 21:42 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-16 21:42 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-15 16:51 . 2008-08-15 16:51 d-------- C:\Program Files\SUPERAntiSpyware
2008-08-15 16:51 . 2008-08-15 16:51 d-------- C:\Documents and Settings\Nate\Application Data\SUPERAntiSpyware.com
2008-08-15 16:51 . 2008-08-15 16:51 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-15 09:41 . 2008-08-16 22:19 d-------- C:\Documents and Settings\Nate\.housecall6.6
2008-08-15 09:14 . 2008-08-15 17:41 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 09:14 . 2008-08-15 09:14 d-------- C:\Documents and Settings\Nate\Application Data\Malwarebytes
2008-08-15 09:14 . 2008-08-15 09:14 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 09:14 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 09:14 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-14 23:06 . 2008-08-14 23:06 d-------- C:\WINDOWS\Common
2008-08-14 23:06 . 2008-08-14 23:06 d-------- C:\Documents and Settings\All Users\Application Data\nadujqze
2008-08-13 00:58 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 00:53 . 2008-05-01 07:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-07 07:11 . 2008-08-07 07:12 d-------- C:\Program Files\Safari
2008-08-06 18:56 . 2007-03-17 15:12 303,104 --a------ C:\WINDOWS\lame_enc.dll
2008-08-03 22:28 . 2008-08-03 22:28 d-------- C:\Program Files\Audacity
2008-08-01 15:52 . 2008-08-01 15:52 d-------- C:\Program Files\LG Electronics
2008-08-01 15:52 . 2007-04-09 09:55 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-08-01 15:52 . 2007-04-09 09:56 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
2008-08-01 15:52 . 2007-04-09 09:53 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-07-25 19:13 . 2008-07-25 19:13 d-------- C:\Documents and Settings\Nate\Application Data\Flickr
2008-07-25 19:05 . 2008-07-28 18:32 d-------- C:\Program Files\Flickr Uploadr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 06:09 --------- d-----w C:\Documents and Settings\Nate\Application Data\uTorrent
2008-08-17 00:35 --------- d-----w C:\Program Files\AIM6
2008-08-15 23:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-15 23:26 --------- d-----w C:\Program Files\Hijack This
2008-08-10 04:27 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-07 14:12 --------- d-----w C:\Documents and Settings\Nate\Application Data\Apple Computer
2008-08-06 01:39 --------- d-----w C:\Program Files\Netscape Navigator 9
2008-08-01 22:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 05:13 --------- d-----w C:\Program Files\BitPim
2008-07-26 01:37 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-13 17:37 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-13 17:37 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-13 17:37 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-11 10:19 --------- d-----w C:\Program Files\DAP
2008-07-10 16:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-28 22:22 --------- d-----w C:\Program Files\QPST
2008-06-24 17:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 01:48 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-25 17:41 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-25 17:41 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-20 01:11 47,360 ----a-w C:\Documents and Settings\Nate\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-01-19 00:35 160592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"actchk"="C:\WINDOWS\system32\efsxmlgj.exe" [2008-08-19 19:03 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-07-16 18:45 142104]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-07-16 18:45 138008]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 08:24 16384]
"NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 18:45 389120]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-25 18:37 1235736]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"ShUtil"="C:\WINDOWS\Common\hwdstkle.exe" [2008-08-14 23:06 49152]
"'Ashampoo AntiSpyWare 2 Guard'"="C:\Program Files\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2008-03-13 14:36 2316632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-25 10:41 185896]
"PMX Daemon"="ICO.EXE" [2006-11-08 14:01 49152 C:\WINDOWS\system32\ico.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 15:34 16858112 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"eTVD0NRi7Q"="C:\Documents and Settings\All Users\Application Data\nadujqze\pkhijixe.exe" [2008-08-14 23:06 53248]
C:\Documents and Settings\Nate\Start Menu\Programs\Startup\
iTunes (2).lnk - C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe [2008-05-12 20:48:19 102400]
Mozilla Firefox (2).lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2008-01-11 18:53:32 7667312]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"monadm"= {2F42C8E6-BCB4-35A8-4572-0B8389125D82} - C:\Program Files\zuwxokd\monadm.dll [2008-08-22 16:08 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.CDVC"= cdvccodc.dll
"vidc.CDVH"= cdvhcodc.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CDV5"= cdv5codc.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\VLC Player\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"38597:TCP"= 38597:TCP:utorrent
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-13 10:37]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-25 18:37]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-03-13 14:36]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-25 18:37]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-13 10:37]
R3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys [2001-09-19 13:28]
S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2007-06-01 14:41]
S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2007-05-24 17:56]
S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe []
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-17 C:\WINDOWS\Tasks\20080112_090600_Nate.job
- C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp.exe []
2008-08-04 C:\WINDOWS\Tasks\20080112_091100_Nate2.job
- C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp.exe []
2008-08-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-08-24 C:\WINDOWS\Tasks\XoftSpySE 2.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-08-17 22:37]
2008-08-23 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Program Files\XoftSpySE\XoftSpy.exe [2008-08-17 22:37]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-RegistryMechanic - (no file)
HKLM-Run-NWEReboot - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\c92cxqpp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hotmail.com
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 19:23:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-23 19:25:51
ComboFix-quarantined-files.txt 2008-08-24 02:25:44
Pre-Run: 179,231,014,912 bytes free
Post-Run: 179,205,140,480 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
224 --- E O F --- 2008-08-21 10:00:53