Fronius
2008-04-07, 18:27
Seemas that i've stuck with some kind of malware/virus/trojan or something. Antivirus (AVG) thinks that this thing is Vundo, in SpyBot's scans appears Virtumonde.
I've tried some kind of removal with AntiMalware which finds it, remove, but seems that this beast appears again from somewhere.
Anyway, here is ComboFix log:
ComboFix 08-04-06.1 - Gogo 2008-04-07 17:09:21.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.265 [GMT 2:00]
Running from: C:\Documents and Settings\Gogo\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM7b088717.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtSlJyx.dll
C:\WINDOWS\system32\eLRCJRqr.ini
C:\WINDOWS\system32\eLRCJRqr.ini2
C:\WINDOWS\system32\gPoYJRqr.ini
C:\WINDOWS\system32\gPoYJRqr.ini2
C:\WINDOWS\system32\LkStDfhk.ini
C:\WINDOWS\system32\LkStDfhk.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rqRIxyaw.dll
C:\WINDOWS\system32\wayxIRqr.ini
C:\WINDOWS\system32\wayxIRqr.ini2
.
((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.
2008-04-07 12:33 . 2008-04-07 12:33 <DIR> d--hs---- C:\FOUND.000
2008-04-06 19:46 . 2008-04-06 19:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 18:14 . 2008-04-06 18:14 <DIR> d-------- C:\Deckard
2008-04-06 18:13 . 2008-04-06 18:13 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\Malwarebytes
2008-04-06 18:13 . 2008-04-06 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 17:19 . 2008-04-06 17:19 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-06 11:35 . 2008-04-06 18:16 675 --a------ C:\WINDOWS\wininit.ini
2008-04-06 09:59 . 2008-04-06 09:59 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-05 21:33 . 2008-04-05 21:33 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\LimeWire
2008-04-05 21:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-05 21:32 . 2008-04-05 21:32 <DIR> d-------- C:\Program Files\Java
2008-04-05 21:26 . 2008-04-05 21:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-05 17:52 . 2008-04-05 17:52 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4
2008-04-05 16:16 . 2008-04-05 16:16 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\Winamp
2008-04-05 15:52 . 2008-04-05 15:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-05 15:47 . 2008-04-05 15:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-05 15:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-05 15:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-05 15:02 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-05 14:55 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-05 14:54 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-05 14:53 . 2008-04-05 14:53 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-05 14:52 . 2008-04-05 14:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-05 14:50 . 2008-04-05 14:50 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-05 14:50 . 2008-04-05 14:50 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-05 14:49 . 2008-04-05 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-05 12:44 . 2008-04-05 12:44 <DIR> d-------- C:\Program Files\MSBuild
2008-04-05 12:41 . 2008-04-05 12:41 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-05 12:40 . 2008-04-05 12:40 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-05 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-05 12:39 . 2008-04-05 12:39 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-05 12:38 . 2008-04-05 12:38 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-05 12:37 . 2008-04-05 12:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-05 12:36 . 2008-04-05 12:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-05 12:36 . 2008-04-05 12:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-05 12:27 . 2008-04-05 12:27 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-05 12:19 . 2006-11-13 08:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-04-05 12:19 . 2006-11-13 08:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-04-05 12:19 . 2006-11-13 08:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-04-05 11:59 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-05 11:52 . 2008-04-05 11:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-05 11:52 . 2007-10-05 15:42 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-05 11:17 . 2008-04-05 11:17 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-05 11:09 . 2008-04-05 11:09 2,288,128 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-04-05 10:49 . 2008-04-05 10:49 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\TuneUp Software
2008-04-05 10:48 . 2008-04-05 10:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 10:48 . 2008-04-05 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-05 10:42 . 2008-04-05 10:42 <DIR> d-------- C:\Program Files\ZZZZZZZ
2008-04-05 10:41 . 2008-04-05 10:41 <DIR> d--hs---- C:\Recycled
2008-04-05 10:10 . 2008-04-05 10:10 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-05 09:01 . 2008-04-05 09:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-05 08:52 . 2008-04-05 08:52 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-05 08:51 . 2008-04-05 08:51 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\Nero
2008-04-05 08:49 . 2008-04-05 08:49 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-05 08:49 . 2008-04-05 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-04 23:28 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-04 23:28 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-04 23:28 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-04 23:28 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-04 23:05 . 2008-04-04 23:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-04 23:05 . 2008-04-04 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-04 22:55 . 2008-04-04 22:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-04 22:35 . 2004-08-04 14:00 66,594 --a------ C:\WINDOWS\system32\dllcache\c_852.nls
2008-04-04 22:29 . 2008-04-04 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-04 21:33 . 2008-04-04 21:34 <DIR> d-------- C:\Program Files\Mininova
2008-04-04 21:33 . 2008-04-04 21:34 <DIR> d-------- C:\Program Files\Conduit
2008-04-04 21:23 . 2008-04-04 21:23 <DIR> d-------- C:\Program Files\DNA
2008-04-04 21:23 . 2008-04-04 21:23 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\DNA
2008-04-04 21:23 . 2008-04-04 21:23 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\BitTorrent
2008-03-14 08:04 . 2008-03-14 08:04 46,652 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-12 13:10 . 2008-03-12 13:10 633,344 --------- C:\WINDOWS\system32\gpprefcl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 18:47 --------- d-----w C:\Program Files\Analog Devices
2008-04-04 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 18:35 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-04 18:35 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-04 18:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-04 18:35 --------- d-----w C:\Documents and Settings\Gogo\Application Data\AVG7
2008-04-04 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-04 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-04 18:11 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-04-04 17:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 17:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-22 16:30 2,085,376 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 11:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2008-02-28 11:03 40,360 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2008-02-28 11:03 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2008-02-28 11:03 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2008-02-28 11:03 128,424 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-26 03:54 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-02-18 14:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 14:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 11:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 11:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
.
------- Sigcheck -------
2008-04-04 20:11 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{196AD5DA-7169-44DF-BECD-3A6810E5CA71}]
C:\WINDOWS\system32\nnnnLcax.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46AB6891-3A16-4847-BF49-429003BFCD7E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B88C830-3102-4A1E-B6F2-E42B0553F98C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8688437E-8E28-4CFE-9AD9-2336926F16A5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A8E1BFA-4FAF-402F-9A5C-6E97D9D34CAD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDE39547-7B60-491C-8D4D-673C63171863}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4881A4E-31BA-47D6-BC0B-57DD77C7AF7F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D06B55D2-F7B8-4754-A4A5-709BE14A8E95}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D976B84B-808C-4357-9CBB-55BF1F7CEBE7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2008-04-03 10:40 1523736 --a------ C:\Program Files\Mininova\tbMini.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-04-03 10:40 1523736]
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= C:\Program Files\Mininova\tbMini.dll [2008-04-03 10:40 1523736]
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ E:\Programs\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-04 21:23 288576]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"BitTorrent"="E:\Programs\BitTorrent\bittorrent.exe" [2008-03-25 01:25 587568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"SpybotSD TeaTimer"="E:\Programs\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="E:\Programs\Grisoft\AVG7\avgcc.exe" [2008-04-04 20:35 579072]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 10:52 1368064]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 14:40 794624]
"Acrobat Assistant 8.0"="E:\Programs\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"SecurDisc"="E:\Programs\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 13:04 2049320]
"InCD"="E:\Programs\Nero\Nero8\InCD\InCD.exe" [2008-02-28 13:03 1083176]
"NBKeyScan"="E:\Programs\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"PWRISOVM.EXE"="D:\Programs\PowerISO\PWRISOVM.EXE" [2008-03-15 01:51 233472]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"GrooveMonitor"="E:\Programs\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="E:\Programs\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"BM7b088717"="C:\WINDOWS\system32\vaqthgow.dll" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="E:\Programs\Grisoft\AVG7\avgw.exe" [2008-04-04 20:35 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - E:\Programs\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-04-04 23:05:00 295606]
Adobe Acrobat Synchronizer.lnk - E:\Programs\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtSlJyx]
awtSlJyx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"E:\\Programs\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Programs\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\Programs\\Microsoft Office\\Office12\\groove.exe"=
"E:\\Programs\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\Programs\\LimeWire\\LimeWire.exe"=
"E:\\Programs\\Opera\\Opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 NeroRegInCDSrv;Nero Registry InCD Service;E:\Programs\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 13:04]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 08:49:14 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- E:\Programs\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 17:12:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Programs\Grisoft\AVG7\avgamsvr.exe
E:\Programs\Grisoft\AVG7\avgupsvc.exe
E:\Programs\Grisoft\AVG7\avgemc.exe
E:\Programs\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
E:\Programs\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
E:\Programs\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Programs\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-04-07 17:15:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 15:15:28
Pre-Run: 11,590,451,200 bytes free
Post-Run: 11,596,791,808 bytes free
.
2008-04-05 09:53:00 --- E O F ---
I've tried some kind of removal with AntiMalware which finds it, remove, but seems that this beast appears again from somewhere.
Anyway, here is ComboFix log:
ComboFix 08-04-06.1 - Gogo 2008-04-07 17:09:21.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.265 [GMT 2:00]
Running from: C:\Documents and Settings\Gogo\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM7b088717.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtSlJyx.dll
C:\WINDOWS\system32\eLRCJRqr.ini
C:\WINDOWS\system32\eLRCJRqr.ini2
C:\WINDOWS\system32\gPoYJRqr.ini
C:\WINDOWS\system32\gPoYJRqr.ini2
C:\WINDOWS\system32\LkStDfhk.ini
C:\WINDOWS\system32\LkStDfhk.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rqRIxyaw.dll
C:\WINDOWS\system32\wayxIRqr.ini
C:\WINDOWS\system32\wayxIRqr.ini2
.
((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.
2008-04-07 12:33 . 2008-04-07 12:33 <DIR> d--hs---- C:\FOUND.000
2008-04-06 19:46 . 2008-04-06 19:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 18:14 . 2008-04-06 18:14 <DIR> d-------- C:\Deckard
2008-04-06 18:13 . 2008-04-06 18:13 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\Malwarebytes
2008-04-06 18:13 . 2008-04-06 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 17:19 . 2008-04-06 17:19 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-06 11:35 . 2008-04-06 18:16 675 --a------ C:\WINDOWS\wininit.ini
2008-04-06 09:59 . 2008-04-06 09:59 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-05 21:33 . 2008-04-05 21:33 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\LimeWire
2008-04-05 21:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-05 21:32 . 2008-04-05 21:32 <DIR> d-------- C:\Program Files\Java
2008-04-05 21:26 . 2008-04-05 21:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-05 17:52 . 2008-04-05 17:52 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4
2008-04-05 16:16 . 2008-04-05 16:16 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\Winamp
2008-04-05 15:52 . 2008-04-05 15:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-05 15:47 . 2008-04-05 15:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-05 15:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-05 15:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-05 15:02 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-05 14:55 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-05 14:54 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-05 14:53 . 2008-04-05 14:53 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-05 14:52 . 2008-04-05 14:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-05 14:50 . 2008-04-05 14:50 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-05 14:50 . 2008-04-05 14:50 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-05 14:49 . 2008-04-05 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-05 12:44 . 2008-04-05 12:44 <DIR> d-------- C:\Program Files\MSBuild
2008-04-05 12:41 . 2008-04-05 12:41 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-05 12:40 . 2008-04-05 12:40 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-05 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-05 12:39 . 2008-04-05 12:39 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-05 12:38 . 2008-04-05 12:38 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-05 12:37 . 2008-04-05 12:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-05 12:36 . 2008-04-05 12:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-05 12:36 . 2008-04-05 12:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-05 12:27 . 2008-04-05 12:27 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-05 12:19 . 2006-11-13 08:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-04-05 12:19 . 2006-11-13 08:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-04-05 12:19 . 2006-11-13 08:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-04-05 11:59 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-05 11:52 . 2008-04-05 11:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-05 11:52 . 2007-10-05 15:42 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-05 11:17 . 2008-04-05 11:17 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-05 11:09 . 2008-04-05 11:09 2,288,128 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-04-05 10:49 . 2008-04-05 10:49 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\TuneUp Software
2008-04-05 10:48 . 2008-04-05 10:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 10:48 . 2008-04-05 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-05 10:42 . 2008-04-05 10:42 <DIR> d-------- C:\Program Files\ZZZZZZZ
2008-04-05 10:41 . 2008-04-05 10:41 <DIR> d--hs---- C:\Recycled
2008-04-05 10:10 . 2008-04-05 10:10 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-05 09:01 . 2008-04-05 09:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-05 08:52 . 2008-04-05 08:52 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-05 08:51 . 2008-04-05 08:51 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\Nero
2008-04-05 08:49 . 2008-04-05 08:49 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-05 08:49 . 2008-04-05 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-04 23:28 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-04 23:28 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-04 23:28 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-04 23:28 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-04 23:05 . 2008-04-04 23:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-04 23:05 . 2008-04-04 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-04 22:55 . 2008-04-04 22:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-04 22:35 . 2004-08-04 14:00 66,594 --a------ C:\WINDOWS\system32\dllcache\c_852.nls
2008-04-04 22:29 . 2008-04-04 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-04 21:33 . 2008-04-04 21:34 <DIR> d-------- C:\Program Files\Mininova
2008-04-04 21:33 . 2008-04-04 21:34 <DIR> d-------- C:\Program Files\Conduit
2008-04-04 21:23 . 2008-04-04 21:23 <DIR> d-------- C:\Program Files\DNA
2008-04-04 21:23 . 2008-04-04 21:23 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\DNA
2008-04-04 21:23 . 2008-04-04 21:23 <DIR> d-------- C:\Documents and Settings\Gogo\Application Data\BitTorrent
2008-03-14 08:04 . 2008-03-14 08:04 46,652 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-12 13:10 . 2008-03-12 13:10 633,344 --------- C:\WINDOWS\system32\gpprefcl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 18:47 --------- d-----w C:\Program Files\Analog Devices
2008-04-04 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 18:35 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-04 18:35 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-04 18:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-04 18:35 --------- d-----w C:\Documents and Settings\Gogo\Application Data\AVG7
2008-04-04 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-04 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-04 18:11 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-04-04 17:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 17:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-22 16:30 2,085,376 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 11:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2008-02-28 11:03 40,360 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2008-02-28 11:03 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2008-02-28 11:03 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2008-02-28 11:03 128,424 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-26 03:54 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-02-18 14:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 14:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 11:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 11:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
.
------- Sigcheck -------
2008-04-04 20:11 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{196AD5DA-7169-44DF-BECD-3A6810E5CA71}]
C:\WINDOWS\system32\nnnnLcax.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46AB6891-3A16-4847-BF49-429003BFCD7E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B88C830-3102-4A1E-B6F2-E42B0553F98C}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8688437E-8E28-4CFE-9AD9-2336926F16A5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A8E1BFA-4FAF-402F-9A5C-6E97D9D34CAD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDE39547-7B60-491C-8D4D-673C63171863}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4881A4E-31BA-47D6-BC0B-57DD77C7AF7F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D06B55D2-F7B8-4754-A4A5-709BE14A8E95}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D976B84B-808C-4357-9CBB-55BF1F7CEBE7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2008-04-03 10:40 1523736 --a------ C:\Program Files\Mininova\tbMini.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-04-03 10:40 1523736]
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= C:\Program Files\Mininova\tbMini.dll [2008-04-03 10:40 1523736]
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ E:\Programs\Nero\Nero8\InCD\NBHShx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-04 21:23 288576]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"BitTorrent"="E:\Programs\BitTorrent\bittorrent.exe" [2008-03-25 01:25 587568]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"SpybotSD TeaTimer"="E:\Programs\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"AVG7_CC"="E:\Programs\Grisoft\AVG7\avgcc.exe" [2008-04-04 20:35 579072]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 10:52 1368064]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 14:40 794624]
"Acrobat Assistant 8.0"="E:\Programs\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"SecurDisc"="E:\Programs\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 13:04 2049320]
"InCD"="E:\Programs\Nero\Nero8\InCD\InCD.exe" [2008-02-28 13:03 1083176]
"NBKeyScan"="E:\Programs\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"PWRISOVM.EXE"="D:\Programs\PowerISO\PWRISOVM.EXE" [2008-03-15 01:51 233472]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"GrooveMonitor"="E:\Programs\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent"="E:\Programs\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"BM7b088717"="C:\WINDOWS\system32\vaqthgow.dll" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="E:\Programs\Grisoft\AVG7\avgw.exe" [2008-04-04 20:35 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - E:\Programs\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-04-04 23:05:00 295606]
Adobe Acrobat Synchronizer.lnk - E:\Programs\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtSlJyx]
awtSlJyx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"E:\\Programs\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Programs\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\Programs\\Microsoft Office\\Office12\\groove.exe"=
"E:\\Programs\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\Programs\\LimeWire\\LimeWire.exe"=
"E:\\Programs\\Opera\\Opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 NeroRegInCDSrv;Nero Registry InCD Service;E:\Programs\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 13:04]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 08:49:14 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- E:\Programs\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 17:12:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Programs\Grisoft\AVG7\avgamsvr.exe
E:\Programs\Grisoft\AVG7\avgupsvc.exe
E:\Programs\Grisoft\AVG7\avgemc.exe
E:\Programs\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
E:\Programs\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
E:\Programs\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Programs\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-04-07 17:15:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 15:15:28
Pre-Run: 11,590,451,200 bytes free
Post-Run: 11,596,791,808 bytes free
.
2008-04-05 09:53:00 --- E O F ---