ComboFix 07-08-14.4 - "Paul" 2007-08-20 17:08:37.5 - NTFSx86 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\service.exe ((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 ))))))))))))))))))))))))))))))) 2007-08-20 08:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-08-19 13:49 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-19 13:49 d-------- C:\ComboFix.bak 2007-08-19 12:09 d--hs---- C:\WINDOWS\CSC 2007-08-19 11:02 d-------- C:\WINDOWS\system32\ActiveScan 2007-08-18 23:53 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-18 23:53 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-08-18 02:09 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-08-18 01:44 d-------- C:\Program Files\Sunbelt Software 2007-08-18 01:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-08-18 01:23 d-------- C:\WINDOWS\Internet Logs 2007-08-18 01:09 d-------- C:\DOCUME~1\Paul\.housecall6.6 2007-08-14 22:36 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-08-14 22:05 8 --a------ C:\WINDOWS\system32\e07c3cc7.dat 2007-08-08 16:44 d-------- C:\Program Files\Autostitch 2007-08-08 14:19 66,048 --a------ C:\WINDOWS\system32\agcmn.dll 2007-08-08 14:19 50,880 --a------ C:\WINDOWS\system32\agproxy.dll 2007-08-08 14:19 47,936 --a------ C:\WINDOWS\system32\wgrs.dll 2007-08-08 14:19 43,824 --a------ C:\WINDOWS\system32\agprtcl.dll 2007-08-08 14:19 42,368 --a------ C:\WINDOWS\system32\agconnct.dll 2007-08-08 14:19 416,000 --a------ C:\WINDOWS\system32\agsnet.dll 2007-08-08 14:19 40,792 --a------ C:\WINDOWS\system32\agcrypto.dll 2007-08-08 14:19 34,592 --a------ C:\WINDOWS\system32\agnet.dll 2007-08-08 14:19 34,464 --a------ C:\WINDOWS\system32\agcehdlr.dll 2007-08-08 14:19 25,152 --a------ C:\WINDOWS\system32\agcncmn.dll 2007-08-08 14:19 146,736 --a------ C:\WINDOWS\system32\agclcmn.dll 2007-08-08 14:19 111,376 --a------ C:\WINDOWS\system32\expat.dll 2007-08-08 14:19 1,056,768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL 2007-08-04 10:10 d-------- C:\Program Files\MotamoUS-UK 2007-07-30 22:11 1,156 --a------ C:\WINDOWS\mozver.dat 2007-07-25 18:01 d-------- C:\Program Files\AIM Productions 2007-07-23 18:58 335 --a------ C:\WINDOWS\nsreg.dat 2007-07-23 18:57 d-------- C:\Program Files\AvantGo 2007-07-22 22:04 d-------- C:\Program Files\VITO 2007-07-22 22:03 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-07-22 21:34 d-------- C:\Program Files\TMX 2007-07-22 21:34 d-------- C:\Program Files\Common Files\data dynamics 2007-07-22 17:45 d-------- C:\Program Files\Theme Generator 2007-07-22 17:11 90,112 --a------ C:\WINDOWS\RSetupCE.exe 2007-07-22 17:11 d-------- C:\Program Files\Resco (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-20 09:12 326964 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2007-08-19 12:03 --------- d-------- C:\Program Files\DigiGuide 2007-08-19 12:00 --------- d-------- C:\Program Files\Belkin Bulldog Plus 2007-08-19 12:00 --------- d-------- C:\Program Files\BBC Alerts 2007-08-19 12:00 --------- d-------- C:\Program Files\Avast4 2007-08-19 11:17 --------- d-------- C:\Program Files\Windows Defender 2007-08-19 11:17 --------- d-------- C:\Program Files\Trillian 2007-08-19 11:16 --------- d-------- C:\Program Files\UltraVNC 2007-08-19 11:16 --------- d-------- C:\Program Files\Microsoft IntelliPoint 2007-08-19 11:16 --------- d-------- C:\Program Files\Microsoft ActiveSync 2007-08-19 11:16 --------- d-------- C:\Program Files\Kontiki 2007-08-16 22:11 --------- d-------- C:\Program Files\Opera 2007-08-06 23:51 --------- d-------- C:\Program Files\eMule 2007-08-06 18:53 --------- d-------- C:\Program Files\VirtualDubMod 2007-07-30 23:41 --------- d-------- C:\DOCUME~1\Paul\APPLIC~1\Orbit 2007-07-27 23:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-27 23:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-27 23:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-27 23:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 22:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 22:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 22:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-23 18:57 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-19 07:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-18 22:17 --------- d-------- C:\Program Files\Opera Software 2007-07-18 21:56 --------- d-------- C:\Program Files\MobiMate 2007-07-18 21:55 --------- d-------- C:\Program Files\HP 2007-07-16 10:50 --------- d-------- C:\Program Files\QuickTime Alternative 2007-07-13 00:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-11 18:41 --------- d-------- C:\Program Files\SystemRequirementsLab 2007-07-07 13:41 --------- d-------- C:\Program Files\SUPER 2007-07-07 10:13 --------- d-------- C:\Program Files\AviSynth 2.5 2007-07-07 09:54 --------- d-------- C:\Program Files\Orbitdownloader 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6807328 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys 2007-06-29 00:43 6807328 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll 2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll 2007-06-29 00:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvrshe.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvrsar.dll 2007-06-29 00:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll 2007-06-29 00:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll 2007-06-29 00:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll 2007-06-29 00:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll 2007-06-29 00:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll 2007-06-29 00:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll 2007-06-29 00:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll 2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll 2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll 2007-06-29 00:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll 2007-06-29 00:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll 2007-06-29 00:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll 2007-06-29 00:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll 2007-06-29 00:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2007-06-29 00:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll 2007-06-29 00:43 282624 --a------ C:\WINDOWS\system32\nvrsfr.dll 2007-06-29 00:43 282624 --a------ C:\WINDOWS\system32\nvrses.dll 2007-06-29 00:43 282624 --a------ C:\WINDOWS\system32\nvrsel.dll 2007-06-29 00:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll 2007-06-29 00:43 278528 --a------ C:\WINDOWS\system32\nvrsit.dll 2007-06-29 00:43 278528 --a------ C:\WINDOWS\system32\nvrsde.dll 2007-06-29 00:43 274432 --a------ C:\WINDOWS\system32\nvrspt.dll 2007-06-29 00:43 274432 --a------ C:\WINDOWS\system32\nvrsnl.dll 2007-06-29 00:43 274432 --a------ C:\WINDOWS\system32\nvrsesm.dll 2007-06-29 00:43 270336 --a------ C:\WINDOWS\system32\nvrsru.dll 2007-06-29 00:43 266240 --a------ C:\WINDOWS\system32\nvrsptb.dll 2007-06-29 00:43 266240 --a------ C:\WINDOWS\system32\nvrsja.dll 2007-06-29 00:43 262144 --a------ C:\WINDOWS\system32\nvrsko.dll 2007-06-29 00:43 258048 --a------ C:\WINDOWS\system32\nvrstr.dll 2007-06-29 00:43 258048 --a------ C:\WINDOWS\system32\nvrssl.dll 2007-06-29 00:43 258048 --a------ C:\WINDOWS\system32\nvrssk.dll 2007-06-29 00:43 258048 --a------ C:\WINDOWS\system32\nvrshu.dll 2007-06-29 00:43 253952 --a------ C:\WINDOWS\system32\nvrssv.dll 2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 10:19] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2006-06-18 15:56] "avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-07-27 23:03] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 16:52] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 18:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "BBC Alerts"="C:\Program Files\BBC Alerts\BBC_Alerts.exe" [2006-06-01 14:36] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 17:32] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-03-03 23:30:49] Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 01:01:50] Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04] MUPS.lnk - C:\Program Files\Belkin Bulldog Plus\MUPS.EXE [2007-07-09 20:07:05] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rasrad32] rasrad32.dll 2004-11-23 02:44 8192 C:\WINDOWS\system32\rasrad32.dll *Newly Created Service* - AVGARCLN *Newly Created Service* - AVG_ANTI-ROOTKIT *Newly Created Service* - PHOOKS *Newly Created Service* - SDTHOOK *Newly Created Service* - UVKMWMXMIIQI Contents of the 'Scheduled Tasks' folder 2007-08-20 16:00:19 C:\WINDOWS\Tasks\AboutTime.job - C:\PROGRA~1\ABOUTT~1\ABOUTT~1.EXE 2007-03-07 23:28:27 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - C:\Program Files\Microsoft IntelliPoint\ipoint.exe 2007-08-20 07:25:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-20 17:21:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-20 17:22:45 C:\ComboFix-quarantined-files.txt ... 2007-08-20 17:22 --- E O F ---