Ielgnim

I noticed that ComboFix is a pretty popular program to use to try and fix any problems, so I decided to try it and post it up just incase.

ComboFix 08-01-20.1 - Ming 2008-01-21 3:46:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.69 [GMT -8:00]
Running from: C:\Documents and Settings\Ming\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ming\Favorites\Online Security Guide.lnk
C:\Program Files\Temporary
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\ststv.ini2
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tustsmxp.ini
C:\WINDOWS\system32\tustsmxp.ini2
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\wvurqnk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-21 03:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 03:06 . 2008-01-21 03:06 <DIR> d-------- C:\Deckard
2008-01-21 01:39 . 2008-01-21 02:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 01:39 . 2008-01-21 01:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 01:39 . 2008-01-21 01:41 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 01:39 . 2008-01-21 01:41 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-21 01:12 . 2008-01-21 01:12 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\True Sword
2008-01-18 18:54 . 2008-01-18 19:06 <DIR> d-------- C:\Music
2008-01-18 18:54 . 2008-01-18 18:54 6 -rahs---- C:\WINDOWS\iPod2PC3.obl
2008-01-18 18:53 . 2008-01-20 14:14 <DIR> d-------- C:\Program Files\iPod2PC
2008-01-18 18:53 . 2008-01-18 18:53 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\iPod2PC3
2008-01-18 18:49 . 2008-01-18 18:50 <DIR> d-------- C:\Program Files\EphPod
2008-01-17 22:06 . 2008-01-17 22:06 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\CopyTrans
2008-01-17 22:05 . 2008-01-18 18:49 <DIR> d-------- C:\Program Files\WindSolutions
2008-01-08 22:20 . 2008-01-10 19:17 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2007-12-26 18:42 . 2007-12-26 18:42 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\Media Player Classic
2007-12-26 18:29 . 2008-01-09 19:51 <DIR> d-------- C:\Program Files\ReGetDx
2007-12-26 18:29 . 2008-01-21 02:11 <DIR> d-------- C:\Program Files\Common Files\ReGet Shared
2007-12-25 17:20 . 2007-12-25 17:23 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 17:20 . 2007-12-25 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 17:19 . 2007-12-25 17:19 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 17:19 . 2007-12-25 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-24 16:18 . 2007-12-27 12:29 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\skypePM
2007-12-24 16:18 . 2007-12-24 16:18 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-24 16:15 . 2007-12-29 00:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-23 22:43 . 2007-12-23 22:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback
2007-12-23 15:29 . 2008-01-21 01:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-23 15:29 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-23 15:28 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-23 15:28 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-23 15:28 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 15:27 . 2007-12-23 15:27 <DIR> d-------- C:\Program Files\Alwil Software
2007-12-23 15:27 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-23 15:27 . 2003-03-18 12:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-12-23 15:27 . 2004-01-09 01:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-23 15:27 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-23 15:27 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-23 15:27 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-22 23:50 . 2007-12-22 23:50 <DIR> d-------- C:\ie-spyad_zo
2007-12-21 23:29 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-21 23:29 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-21 23:29 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-21 23:29 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-21 23:29 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-21 23:29 . 2007-12-21 23:31 2,546 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-21 23:04 . 2007-12-21 23:04 991,542 --ahs---- C:\WINDOWS\system32\ujtjmyos.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 11:05 --------- d-----w C:\Program Files\Yahoo!
2008-01-21 10:14 --------- d-----w C:\Program Files\Windows Defender
2008-01-15 05:12 --------- d-----w C:\Documents and Settings\Ming\Application Data\LimeWire
2008-01-14 15:19 --------- d-----w C:\Documents and Settings\Ming\Application Data\Azureus
2007-12-23 23:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 07:43 --------- d-----w C:\Program Files\CCleaner
2007-12-21 03:06 --------- d-----w C:\Program Files\Norton Security Scan
2007-12-16 02:38 --------- d-----w C:\Program Files\DivX
2007-12-14 04:51 --------- d-----w C:\Program Files\InstallShield Installation Information
2007-12-14 02:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 08:43 --------- d-----w C:\Program Files\Lavasoft
2007-12-09 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-07 10:08 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-07 09:02 --------- d-----w C:\Documents and Settings\Ming\Application Data\Winamp
2007-12-07 05:51 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-04 07:12 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-03 05:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-02 07:17 --------- d-----w C:\Program Files\LimeWire
2007-11-27 07:19 --------- d-----w C:\Program Files\Microsoft Works
2007-11-27 07:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-26 04:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund LLC
2007-11-26 04:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Broderbund
2007-11-25 04:42 --------- d-----w C:\Program Files\The KMPlayer
2007-11-12 03:59 155,995 ----a-w C:\WINDOWS\java\Packages\MXRJHRFP.ZIP
2007-10-25 18:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 16:34 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 13:52 331830]
"Updater"="C:\WINDOWS\system32\updater\explorer.exe" [2007-11-24 14:08 1478612]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]


.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 17:27:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-21 11:58:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-21 11:55:53 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 03:56:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 3:59:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-21 11:59:05
.
2008-01-18 0211 --- E O F ---