ComboFix 08-12-07.04 - Nathan Williams 2008-12-08 18:43:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.213 [GMT -5:00]
Running from: c:\documents and settings\Nathan Williams\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\rtstv.bak1
c:\windows\system32\rtstv.bak2
c:\windows\system32\rtstv.ini
c:\windows\system32\rtstv.ini2
c:\windows\system32\rtstv.tmp
.
---- Previous Run -------
.
c:\documents and settings\Nathan Williams\Application Data\CROSOF~1.NET
c:\documents and settings\Nathan Williams\Application Data\IUpd721
c:\documents and settings\Nathan Williams\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\Nathan Williams\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Common Files\sembly~1
c:\temp\tn3
c:\windows\sembly~1
c:\windows\system32\mbols~1
c:\windows\system32\T2
c:\windows\system32\wtssvtr.exe
c:\windows\Tasks\cnqotafj.job
----- BITS: Possible infected sites -----
hxxp://kakoitodomen.com
hxxp://niheradomen.com
.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.
2008-12-08 18:51 . <DIR> c:\windows\LastGood.Tmp
2008-12-07 19:30 . 2008-09-19 16:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-12-07 19:30 . 2008-09-24 13:41 839,680 --a------ c:\windows\system32\lameACM.acm
2008-12-07 19:30 . 2008-01-10 07:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-12-07 19:30 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\divx.dll
2008-12-07 19:30 . 2004-01-25 11:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-12-07 19:30 . 2007-09-04 11:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-12-07 19:30 . 2008-01-10 07:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-12-07 19:30 . 2007-09-20 19:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-12-07 19:30 . 2008-09-25 03:03 81,920 --a------ c:\windows\system32\dpl100.dll
2008-12-07 19:30 . 2008-10-03 07:30 414 --a------ c:\windows\system32\lame_acm.xml
2008-12-07 19:30 . 2008-07-30 14:09 38 --a------ c:\windows\avisplitter.ini
2008-12-07 19:29 . 2008-12-07 19:30 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-07 19:29 . 2008-11-24 09:32 57,344 --a------ c:\windows\system32\ff_vfw.dll
2008-12-07 19:29 . 2007-07-10 11:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-12-06 19:22 . 2008-12-07 01:53 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-06 15:20 . 2008-12-06 15:20 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-06 15:19 . 2008-12-08 17:41 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-06 15:19 . 2008-12-06 15:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-04 20:09 . 2008-12-04 20:09 250 --a------ c:\windows\gmer.ini
2008-12-04 20:00 . 2008-12-04 20:00 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 18:00 . 2008-12-06 14:37 <DIR> d-------- c:\windows\system32\Adobe
2008-12-04 05:23 . 2008-04-13 20:12 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-04 05:22 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-04 05:22 . 2008-04-13 20:12 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll
2008-12-04 05:21 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe
2008-12-04 05:20 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe
2008-12-04 05:18 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe
2008-12-04 05:18 . 2004-08-04 05:00 28,288 --a------ c:\windows\system32\dllcache\xjis.nls
2008-12-04 05:17 . 2004-08-03 22:29 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys
2008-12-04 05:17 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys
2008-12-04 05:16 . 2008-04-13 14:46 19,200 --a------ c:\windows\system32\dllcache\wstcodec.sys
2008-12-04 05:16 . 2004-08-03 22:29 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys
2008-12-04 05:16 . 2008-04-13 20:12 8,192 --a------ c:\windows\system32\dllcache\wshirda.dll
2008-12-04 05:14 . 2004-08-03 22:31 154,624 --a------ c:\windows\system32\dllcache\wlluc48.sys
2008-12-04 05:14 . 2008-04-13 14:36 8,832 --a------ c:\windows\system32\dllcache\wmiacpi.sys
2008-12-04 05:13 . 2001-08-17 12:12 34,890 --a------ c:\windows\system32\dllcache\wlandrv2.sys
2008-12-04 05:12 . 2001-08-17 13:28 771,581 --a------ c:\windows\system32\dllcache\winacisa.sys
2008-12-04 05:11 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\wiamsmud.dll
2008-12-04 05:10 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\dllcache\wiafbdrv.dll
2008-12-04 05:10 . 2004-08-04 05:00 41,600 --a------ c:\windows\system32\dllcache\weitekp9.dll
2008-12-04 05:10 . 2004-08-04 05:00 31,232 --a------ c:\windows\system32\dllcache\weitekp9.sys
2008-12-04 05:09 . 2001-08-17 13:28 701,386 --a------ c:\windows\system32\dllcache\wdhaalba.sys
2008-12-04 05:08 . 2008-04-13 14:45 31,744 --a------ c:\windows\system32\dllcache\wceusbsh.sys
2008-12-04 05:08 . 2004-08-03 22:29 23,615 --a------ c:\windows\system32\dllcache\wch7xxnt.sys
2008-12-04 05:07 . 2001-08-17 12:10 35,871 --a------ c:\windows\system32\dllcache\wbfirdma.sys
2008-12-04 05:07 . 2004-08-03 22:29 33,599 --a------ c:\windows\system32\dllcache\watv04nt.sys
2008-12-04 05:07 . 2004-08-03 22:29 19,551 --a------ c:\windows\system32\dllcache\watv02nt.sys
2008-12-04 05:06 . 2004-08-03 22:29 29,311 --a------ c:\windows\system32\dllcache\watv01nt.sys
2008-12-04 05:06 . 2004-08-03 22:29 12,415 --a------ c:\windows\system32\dllcache\wadv01nt.sys
2008-12-04 05:06 . 2004-08-03 22:29 12,127 --a------ c:\windows\system32\dllcache\wadv02nt.sys
2008-12-04 05:06 . 2004-08-03 22:29 11,775 --a------ c:\windows\system32\dllcache\wadv05nt.sys
2008-12-04 05:06 . 2004-08-04 05:00 9,216 --a------ c:\windows\system32\dllcache\wamps51.dll
2008-12-04 05:05 . 2001-08-17 12:13 16,925 --a------ c:\windows\system32\dllcache\w940nd.sys
2008-12-04 05:04 . 2001-08-17 12:13 19,016 --a------ c:\windows\system32\dllcache\w926nd.sys
2008-12-04 05:03 . 2004-08-04 05:00 73,728 --a------ c:\windows\system32\dllcache\w3ext.dll
2008-12-04 05:03 . 2001-08-17 12:13 19,528 --a------ c:\windows\system32\dllcache\w840nd.sys
2008-12-04 05:03 . 2004-08-04 05:00 5,632 --a------ c:\windows\system32\dllcache\w3svapi.dll
2008-12-04 05:02 . 2004-08-04 05:00 48,256 --a------ c:\windows\system32\dllcache\w32.dll
2008-12-04 05:02 . 2004-08-04 05:00 4,608 --a------ c:\windows\system32\dllcache\w3ctrs51.dll
2008-12-04 05:01 . 2001-08-17 13:28 64,605 --a------ c:\windows\system32\dllcache\vvoice.sys
2008-12-04 05:00 . 2001-08-17 13:28 397,502 --a------ c:\windows\system32\dllcache\vpctcom.sys
2008-12-04 04:59 . 2001-08-17 13:28 604,253 --a------ c:\windows\system32\dllcache\vmodem.sys
2008-12-04 04:58 . 2001-08-17 12:14 249,402 --a------ c:\windows\system32\dllcache\vinwm.sys
2008-12-04 04:58 . 2001-08-17 13:49 24,576 --a------ c:\windows\system32\dllcache\viairda.sys
2008-12-04 04:57 . 2008-04-13 20:12 53,760 --a------ c:\windows\system32\dllcache\vfwwdm32.dll
2008-12-04 04:56 . 2001-08-17 13:28 687,999 --a------ c:\windows\system32\dllcache\usrwdxjs.sys
2008-12-04 04:55 . 2001-08-17 13:28 765,884 --a------ c:\windows\system32\dllcache\usrti.sys
2008-12-04 04:54 . 2001-08-17 13:28 113,762 --a------ c:\windows\system32\dllcache\usrpda.sys
2008-12-04 04:53 . 2001-08-17 13:28 7,556 --a------ c:\windows\system32\dllcache\usroslba.sys
2008-12-04 04:52 . 2001-08-17 13:28 224,802 --a------ c:\windows\system32\dllcache\usr1807a.sys
2008-12-04 04:51 . 2001-08-17 13:28 794,399 --a------ c:\windows\system32\dllcache\usr1806v.sys
2008-12-04 04:51 . 2001-08-17 13:28 793,598 --a------ c:\windows\system32\dllcache\usr1806.sys
2008-12-04 04:50 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2008-12-04 04:49 . 2008-04-13 14:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-04 04:49 . 2008-04-13 14:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2008-12-04 04:49 . 2008-04-13 14:45 17,152 --a------ c:\windows\system32\dllcache\usbohci.sys
2008-12-04 04:48 . 2004-08-03 22:31 32,384 --a------ c:\windows\system32\dllcache\usb101et.sys
2008-12-04 04:47 . 2001-08-17 22:36 94,720 --a------ c:\windows\system32\dllcache\umaxud32.dll
2008-12-04 04:46 . 2001-08-17 22:36 28,160 --a------ c:\windows\system32\dllcache\umaxu40.dll
2008-12-04 04:45 . 2001-08-17 22:36 26,624 --a------ c:\windows\system32\dllcache\umaxu22.dll
2008-12-04 04:44 . 2001-08-17 22:36 69,632 --a------ c:\windows\system32\dllcache\umaxu12.dll
2008-12-04 04:44 . 2001-08-17 22:36 50,688 --a------ c:\windows\system32\dllcache\umaxscan.dll
2008-12-04 04:43 . 2001-08-17 13:58 22,912 --a------ c:\windows\system32\dllcache\umaxpcls.sys
2008-12-04 04:42 . 2001-08-17 22:36 50,176 --a------ c:\windows\system32\dllcache\umaxp60.dll
2008-12-04 04:41 . 2001-08-17 22:36 47,616 --a------ c:\windows\system32\dllcache\umaxcam.dll
2008-12-04 04:40 . 2001-08-17 22:36 211,968 --a------ c:\windows\system32\dllcache\um54scan.dll
2008-12-04 04:39 . 2001-08-17 22:36 216,064 --a------ c:\windows\system32\dllcache\um34scan.dll
2008-12-04 04:38 . 2004-08-04 05:00 14,336 --a------ c:\windows\system32\dllcache\tsprof.exe
2008-12-04 04:38 . 2001-08-17 13:48 11,520 --a------ c:\windows\system32\dllcache\twotrack.sys
2008-12-04 04:37 . 2001-08-17 12:51 166,784 --a------ c:\windows\system32\dllcache\tridxpm.sys
2008-12-04 04:36 . 2001-08-17 22:36 525,568 --a------ c:\windows\system32\dllcache\tridxp.dll
2008-12-04 04:35 . 2001-08-17 12:51 159,232 --a------ c:\windows\system32\dllcache\tridkbm.sys
2008-12-04 04:34 . 2001-08-17 14:56 440,576 --a------ c:\windows\system32\dllcache\tridkb.dll
2008-12-04 04:33 . 2001-08-17 12:51 222,336 --a------ c:\windows\system32\dllcache\trid3dm.sys
2008-12-04 04:32 . 2001-08-17 14:56 315,520 --a------ c:\windows\system32\dllcache\trid3d.dll
2008-12-04 04:31 . 2001-08-17 12:12 34,375 --a------ c:\windows\system32\dllcache\tpro4.sys
2008-12-04 04:30 . 2008-04-13 20:12 82,944 --a------ c:\windows\system32\dllcache\tp4mon.exe
2008-12-04 04:30 . 2001-08-17 22:35 42,496 --a------ c:\windows\system32\dllcache\tp4res.dll
2008-12-04 04:29 . 2001-08-17 22:36 31,744 --a------ c:\windows\system32\dllcache\tp4.dll
2008-12-04 04:28 . 2001-08-17 14:02 230,912 --a------ c:\windows\system32\dllcache\tosdvd03.sys
2008-12-04 04:27 . 2001-08-17 14:01 241,664 --a------ c:\windows\system32\dllcache\tosdvd02.sys
2008-12-04 04:26 . 2001-08-17 12:10 28,232 --a------ c:\windows\system32\dllcache\tos4mo.sys
2008-12-04 04:25 . 2004-08-04 05:00 185,344 --a------ c:\windows\system32\dllcache\thawbrkr.dll
2008-12-04 04:25 . 2001-08-17 12:14 123,995 --a------ c:\windows\system32\dllcache\tjisdn.sys
2008-12-04 04:24 . 2001-08-17 12:51 138,528 --a------ c:\windows\system32\dllcache\tgiulnt5.sys
2008-12-04 04:23 . 2008-04-13 14:40 149,376 --a------ c:\windows\system32\dllcache\tffsport.sys
2008-12-04 04:23 . 2001-08-17 14:56 81,408 --a------ c:\windows\system32\dllcache\tgiul50.dll
2008-12-04 04:23 . 2004-08-04 05:00 19,464 --a------ c:\windows\system32\dllcache\tdspx.sys
2008-12-04 04:22 . 2001-08-17 12:13 17,129 --a------ c:\windows\system32\dllcache\tdkcd31.sys
2008-12-04 04:21 . 2001-08-17 12:13 37,961 --a------ c:\windows\system32\dllcache\tdk100b.sys
2008-12-04 04:21 . 2004-08-04 05:00 21,896 --a------ c:\windows\system32\dllcache\tdipx.sys
2008-12-04 04:21 . 2004-08-04 05:00 13,192 --a------ c:\windows\system32\dllcache\tdasync.sys
2008-12-04 04:20 . 2001-08-17 13:49 30,464 --a------ c:\windows\system32\dllcache\tbatm155.sys
2008-12-04 04:20 . 2001-08-17 13:52 7,040 --a------ c:\windows\system32\dllcache\tandqic.sys
2008-12-04 04:19 . 2001-08-17 12:50 36,640 --a------ c:\windows\system32\dllcache\t2r4mini.sys
2008-12-04 04:18 . 2001-08-17 14:56 172,768 --a------ c:\windows\system32\dllcache\t2r4disp.dll
2008-12-04 04:17 . 2001-08-17 22:36 94,293 --a------ c:\windows\system32\dllcache\sxports.dll
2008-12-04 04:16 . 2001-08-17 13:50 103,936 --a------ c:\windows\system32\dllcache\sx.sys
2008-12-04 04:15 . 2001-08-17 14:02 3,968 --a------ c:\windows\system32\dllcache\swusbflt.sys
2008-12-04 04:14 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpidflt.dll
2008-12-04 04:14 . 2001-08-17 22:36 10,240 --a------ c:\windows\system32\dllcache\swpdflt2.dll
2008-12-04 04:13 . 2001-08-17 22:36 53,760 --a------ c:\windows\system32\dllcache\sw_wheel.dll
2008-12-04 04:12 . 2001-08-17 22:36 41,472 --a------ c:\windows\system32\dllcache\sw_effct.dll
2008-12-04 04:12 . 2008-04-13 14:46 15,232 --a------ c:\windows\system32\dllcache\streamip.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 01:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-06 19:39 --------- d-----w c:\program files\Apple Software Update
2008-12-03 02:50 --------- d-----w c:\program files\Java
2008-11-28 13:58 --------- d-----w c:\program files\Enigma Software Group
2008-11-28 03:50 --------- d-----w c:\documents and settings\Nathan Williams\Application Data\Aim
2008-11-27 16:46 --------- d-----w c:\program files\Viewpoint
2008-11-27 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-27 16:14 --------- d-----w c:\program files\InterActual
2008-11-24 00:35 --------- d-----w c:\program files\Common Files\Adobe
2008-11-23 05:24 --------- d-----w c:\program files\Kl
2008-11-13 20:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 06:30 --------- d-----w c:\program files\Common Files\Apple
2008-11-06 18:18 --------- d-----w c:\documents and settings\Nathan Williams\Application Data\Malwarebytes
2008-11-06 18:17 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-06 17:27 14,336 ----a-w c:\windows\system32\svchost.exe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-10 20:02 --------- d-----w c:\program files\iTunes
2008-10-10 20:02 --------- d-----w c:\program files\iPod
2008-10-10 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-10 20:00 --------- d-----w c:\program files\QuickTime
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2006-09-15 00:28 168 -csh--r c:\windows\system32\C37EF2E345.sys
2006-09-15 00:28 6,580 -csha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-05-18 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a--c--- 2004-11-10 11:54 598016 c:\program files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2004-07-19 07:51 306688 c:\program files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2004-10-12 16:54 57344 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2004-05-12 14:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-10-14 13:46 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
--a--c--- 2004-12-09 13:58 86016 c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9029:TCP"= 9029:TCP:BitComet 9029 TCP
"9029:UDP"= 9029:UDP:BitComet 9029 UDP
"9557:TCP"= 9557:TCP:BitComet 9557 TCP
"9557:UDP"= 9557:UDP:BitComet 9557 UDP
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-06 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-06 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
S2 rzzrzjbr;rzzrzjbr;\??\c:\windows\system32\drivers\rzzrzjbr.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-12-08 c:\windows\Tasks\Auto-scheduled task of Free Registry Fix.job
- c:\program files\Free Registry Fix\regfixf.exe [2005-11-10 06:45]
2008-12-08 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 19:12]
2008-12-06 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{7a4e709e-5ce2-47ca-8160-3db448504a9b} - (no file)
Notify-crypt32chain - (no file)
MSConfigStartUp-gcasServ - c:\program files\Microsoft AntiSpyware\gcasServ.exe
MSConfigStartUp-kuzalaheza - c:\windows\system32\hawajifi.dll
MSConfigStartUp-McAfeeUpdaterUI - c:\program files\Network Associates\Common Framework\UpdaterUI.exe
MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-ShStatEXE - c:\program files\Network Associates\VirusScan\SHSTAT.EXE
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-SynTPLpr - c:\program files\Synaptics\SynTP\SynTPLpr.exe
MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
------- Supplementary Scan -------
.
uStart Page = about
:blank
uInternet Settings,ProxyOverride = *.local
IE: &Search -
http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FireFox -: Profile - c:\documents and settings\Nathan Williams\Application Data\Mozilla\Firefox\Profiles\xudloa12.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-08 20:46:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-08 20:50:50 - machine was rebooted [Nathan Williams]
ComboFix-quarantined-files.txt 2008-12-09 01:50:44
Pre-Run: 32,352,083,968 bytes free
Post-Run: 32,450,191,360 bytes free
310 --- E O F --- 2008-11-27 01:44:32