Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm.win32.netsky Trojan downloader:HTML/fakeinit


  • Please log in to reply
9 replies to this topic

#1 ocktahedron

ocktahedron

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 03 January 2010 - 04:48 PM

Hi I'm infected with the worm.win32.netsky and i've booted in safe mode and ran Microsft security essentials 3 times but it keeps finding it. It appears my firewall was disabled so I enabled it. Ran the random log.txt so here it is.::::::

Logfile of random's system information tool 1.06 (written by random/random)
Run by Amil at 2010-01-03 16:42:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (55%) free of 38 GB
Total RAM: 1279 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:23 PM, on 1/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wexe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Amil\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Amil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Documents and Settings\Amil\Desktop\Roxio Easy Media Creator 8 Suite 2CDs With Keygen\CD1\Common\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [npbbmgx] C:\WINDOWS\system32\npbbmgx.exe \u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [adobemedia.exe] C:\WINDOWS\system32\adobemedia.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1256675326390
O20 - AppInit_DLLs: C:\WINDOWS\system32\PR19.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5659 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{8CC627DD-E997-4676-8AEC-BDDE9B2B0082}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-31 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"ISUSScheduler"=C:\Documents and Settings\Amil\Desktop\Roxio Easy Media Creator 8 Suite 2CDs With Keygen\CD1\Common\InstallShield\UpdateService\issch.exe -start []
"Disc Detector"=C:\Program Files\Creative\ShareDLL\CtNotify.exe []
"Lexmark 5200 series"=C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe [2004-06-04 57344]
"LXBTCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"npbbmgx"=C:\WINDOWS\system32\npbbmgx.exe [2010-01-03 60416]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"winupdate86.exe"=C:\WINDOWS\system32\winupdate86.exe [2010-01-03 25088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SRS Audio Sandbox"=C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [2010-01-01 3215360]
"adobemedia.exe"=C:\WINDOWS\system32\adobemedia.exe [2010-01-03 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe [2001-05-10 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\DOCUME~1\Amil\Desktop\ROXIOE~1\CD1\Common\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-31 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\PR19.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2007-09-23 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95
""=
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe"="C:\Program Files\SoundSpectrum\G-Force\G-Force Standalone.exe:*:Enabled:G-Force Standalone"
"C:\WINDOWS\system32\npbbmgx.exe"="C:\WINDOWS\system32\npbbmgx.exe:*:Enabled:ENABLE"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-03 16:42:14 ----D---- C:\rsit
2010-01-03 16:42:14 ----D---- C:\Program Files\trend micro
2010-01-03 16:34:59 ----AH---- C:\WINDOWS\system32\adobemedia.exe
2010-01-03 16:27:22 ----D---- C:\WINDOWS\CSC
2010-01-03 15:50:12 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-03 02:51:10 ----A---- C:\WINDOWS\system32\winupdate86.exe
2010-01-03 02:51:10 ----A---- C:\WINDOWS\system32\winlogon86.exe
2010-01-03 02:50:27 ----D---- C:\WINDOWS\Sun
2010-01-03 02:28:28 ----A---- C:\WINDOWS\system32\PR19.DLL
2010-01-03 02:28:21 ----AH---- C:\WINDOWS\system32\wexe.exe
2010-01-03 02:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2010-01-03 02:16:13 ----D---- C:\WINDOWS\nview
2010-01-03 02:16:12 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-01-03 02:15:23 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-01-03 02:14:50 ----D---- C:\NVIDIA
2010-01-03 02:12:51 ----A---- C:\WINDOWS\system32\CSVer.dll
2010-01-03 02:10:55 ----D---- C:\Intel
2010-01-03 01:58:09 ----A---- C:\WINDOWS\system32\PR11.DLL
2010-01-03 01:58:08 ----A---- C:\WINDOWS\system32\npbbmgx.exe
2010-01-02 19:19:10 ----D---- C:\Program Files\Intel Desktop Board Audio Driver
2010-01-02 18:13:59 ----D---- C:\Program Files\Driver-Soft
2010-01-02 17:53:17 ----SHD---- C:\Config.Msi
2010-01-02 17:23:16 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2010-01-02 12:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-01-02 12:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-01-02 12:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-01-02 12:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-01-02 12:12:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-01-02 01:20:43 ----D---- C:\Documents and Settings\Amil\Application Data\BitTorrent
2010-01-02 01:20:34 ----D---- C:\Program Files\BitTorrent
2010-01-02 00:50:03 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2010-01-02 00:49:53 ----D---- C:\Documents and Settings\Amil\Application Data\AVS4YOU
2010-01-01 22:56:58 ----D---- C:\Program Files\SRS Labs
2010-01-01 22:42:40 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-01 22:34:40 ----D---- C:\Documents and Settings\All Users\Application Data\SRS Labs
2010-01-01 22:31:29 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-01-01 19:13:55 ----D---- C:\Program Files\Common Files\AVSMedia
2010-01-01 19:13:53 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2010-01-01 19:12:08 ----A---- C:\WINDOWS\system32\msxml3a.dll
2010-01-01 19:11:36 ----D---- C:\Program Files\AVS4YOU
2010-01-01 14:31:57 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-01 14:31:56 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-01-01 14:31:46 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-01-01 14:31:38 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-01 14:31:19 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-01-01 14:30:22 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-01-01 14:29:55 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-01 14:29:49 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-01-01 13:55:38 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-01 13:55:33 ----D---- C:\Program Files\MSBuild
2010-01-01 13:55:19 ----D---- C:\Program Files\Reference Assemblies
2010-01-01 13:54:32 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-01-01 13:54:32 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-01-01 13:54:31 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-01-01 13:54:31 ----D---- C:\677d202563da779bd1df1e9d4a164219
2010-01-01 13:05:40 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 13:04:57 ----D---- C:\Program Files\Bonjour
2010-01-01 13:04:01 ----D---- C:\Program Files\QuickTime
2010-01-01 13:02:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-01 01:50:41 ----D---- C:\Program Files\Lx_cats
2010-01-01 01:49:19 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2010-01-01 01:49:09 ----A---- C:\WINDOWS\system32\lxbtvs.dll
2010-01-01 01:49:09 ----A---- C:\WINDOWS\system32\lxbtpmui.dll
2010-01-01 01:49:09 ----A---- C:\WINDOWS\system32\lxbtih.exe
2010-01-01 01:49:08 ----A---- C:\WINDOWS\system32\lxbtusb1.dll
2010-01-01 01:49:08 ----A---- C:\WINDOWS\system32\lxbtpplc.dll
2010-01-01 01:49:08 ----A---- C:\WINDOWS\system32\lxbtlmpm.dll
2010-01-01 01:49:08 ----A---- C:\WINDOWS\system32\lxbthbn1.dll
2010-01-01 01:49:08 ----A---- C:\WINDOWS\system32\lxbtcomm.dll
2010-01-01 01:49:08 ----A---- C:\WINDOWS\system32\lxbtcfg.exe
2010-01-01 01:49:07 ----D---- C:\Program Files\Lexmark 5200 Series
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtutil.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtsnls.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtserv.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtprox.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtprod.ini
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtjswr.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbthwdf.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtgf.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtcur.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtcu.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtcoms.exe
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtcomc.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtcoin.dll
2010-01-01 01:49:07 ----A---- C:\WINDOWS\system32\lxbtcfg.dll
2010-01-01 01:48:58 ----D---- C:\Temp
2010-01-01 01:39:11 ----RSD---- C:\WINDOWS\assembly
2010-01-01 01:38:09 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-01 01:30:40 ----D---- C:\Documents and Settings\Amil\Application Data\FaxCtr
2010-01-01 01:27:40 ----RA---- C:\WINDOWS\system32\IMHOST32.DLL
2010-01-01 01:27:40 ----RA---- C:\WINDOWS\system32\IMGMAN32.DLL
2010-01-01 01:27:40 ----A---- C:\WINDOWS\system32\LXPRMON.DLL
2010-01-01 00:56:26 ----D---- C:\Documents and Settings\Amil\Application Data\Mozilla
2010-01-01 00:55:59 ----D---- C:\Program Files\Mozilla Firefox
2010-01-01 00:07:31 ----D---- C:\WINDOWS\pss
2009-12-31 23:35:41 ----D---- C:\Documents and Settings\Amil\Application Data\LimeWire
2009-12-31 23:34:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-31 23:34:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-31 23:34:26 ----A---- C:\WINDOWS\system32\java.exe
2009-12-31 23:34:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-31 23:34:04 ----D---- C:\Program Files\Java
2009-12-31 23:33:20 ----D---- C:\Documents and Settings\Amil\Application Data\Sun
2009-12-31 16:19:19 ----D---- C:\Program Files\SBC Yahoo!
2009-12-31 16:11:54 ----D---- C:\Program Files\Yahoo!
2009-12-31 15:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-31 15:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-31 15:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-31 15:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-31 15:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-31 03:20:08 ----D---- C:\Documents and Settings\Amil\Application Data\Macromedia
2009-12-30 01:24:35 ----D---- C:\Documents and Settings\Amil\Application Data\DivX
2009-12-30 01:06:27 ----A---- C:\WINDOWS\Easy DVD Creator.INI
2009-12-30 01:05:56 ----D---- C:\Program Files\Easy DVD Creator
2009-12-30 00:54:42 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-12-30 00:01:46 ----D---- C:\Program Files\exPressit S.E. 2.1
2009-12-29 18:09:01 ----D---- C:\Program Files\Roxio Easy Media Creator
2009-12-29 14:03:21 ----A---- C:\WINDOWS\system32\sfcvrt32.dll
2009-12-29 14:03:21 ----A---- C:\WINDOWS\system32\mfcuia32.dll
2009-12-29 14:03:21 ----A---- C:\WINDOWS\system32\mfcans32.dll
2009-12-29 14:03:21 ----A---- C:\WINDOWS\system32\CTWFLT32.DLL
2009-12-29 14:03:20 ----A---- C:\WINDOWS\system32\ctl3d.dll
2009-12-29 14:03:20 ----A---- C:\WINDOWS\CTRes32.dll
2009-12-29 14:03:20 ----A---- C:\WINDOWS\ctres.dll
2009-12-29 14:03:20 ----A---- C:\WINDOWS\ctccw.dll
2009-12-29 14:03:20 ----A---- C:\WINDOWS\ac3api.ini
2009-12-29 14:02:19 ----A---- C:\WINDOWS\SBWIN.INI
2009-12-29 14:00:03 ----A---- C:\WINDOWS\system32\CtMp3Lib.dll
2009-12-29 14:00:03 ----A---- C:\WINDOWS\system32\ctmp3io2.dll
2009-12-29 07:13:43 ----A---- C:\WINDOWS\iPlayer.INI
2009-12-29 07:12:44 ----D---- C:\Program Files\InterActual
2009-12-29 06:48:28 ----D---- C:\Documents and Settings\Amil\Application Data\ImgBurn
2009-12-29 06:40:37 ----D---- C:\games
2009-12-28 18:53:30 ----D---- C:\Program Files\PhotoScape
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-12-28 18:52:11 ----N---- C:\WINDOWS\system32\px.dll
2009-12-28 18:51:36 ----D---- C:\Program Files\DivX
2009-12-28 18:51:36 ----D---- C:\Program Files\Common Files\DivX Shared
2009-12-28 18:49:50 ----D---- C:\WINDOWS\system32\custom matrices
2009-12-28 18:49:38 ----D---- C:\WINDOWS\system32\QuickTime
2009-12-28 18:49:38 ----D---- C:\WINDOWS\system32\C2MP
2009-12-28 16:25:19 ----D---- C:\Program Files\Decoz
2009-12-28 15:45:21 ----D---- C:\Documents and Settings\Amil\Application Data\Help
2009-12-28 14:11:01 ----D---- C:\Program Files\DirectX7
2009-12-28 14:07:58 ----D---- C:\Program Files\Silent
2009-12-28 12:40:46 ----D---- C:\Program Files\directx
2009-12-28 12:17:08 ----D---- C:\Program Files\Prolific Publishing, Inc
2009-12-28 12:11:49 ----A---- C:\WINDOWS\encore_launcher.ini
2009-12-28 08:59:46 ----D---- C:\Documents and Settings\Amil\Application Data\SoundSpectrum
2009-12-28 08:52:50 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-12-28 08:52:43 ----D---- C:\Program Files\SoundSpectrum
2009-12-28 02:14:04 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-12-28 02:14:02 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2009-12-28 02:14:02 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2009-12-28 02:14:02 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2009-12-28 02:14:02 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2009-12-28 02:14:02 ----N---- C:\WINDOWS\system32\ImagX7.dll
2009-12-28 02:14:01 ----N---- C:\WINDOWS\system32\TwnLib20.dll
2009-12-28 02:14:00 ----N---- C:\WINDOWS\system32\picn20.dll
2009-12-28 02:13:23 ----D---- C:\Program Files\Common Files\Ahead
2009-12-28 02:11:18 ----D---- C:\Program Files\Nero
2009-12-24 17:23:46 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-23 13:53:02 ----D---- C:\Documents and Settings\Amil\Application Data\GlarySoft
2009-12-23 13:44:48 ----D---- C:\Documents and Settings\Amil\Application Data\Desktopicon
2009-12-23 13:44:47 ----D---- C:\Program Files\Unlocker
2009-12-23 13:35:11 ----A---- C:\WINDOWS\system32\wbsys.dll
2009-12-23 13:33:55 ----D---- C:\Program Files\Glary Utilities
2009-12-23 13:19:41 ----D---- C:\Documents and Settings\Amil\Application Data\WinRAR
2009-12-23 12:42:15 ----D---- C:\Program Files\Common Files\Stardock
2009-12-23 12:41:59 ----D---- C:\Program Files\Stardock
2009-12-23 12:37:32 ----D---- C:\Program Files\Common Files\Apple
2009-12-23 12:36:31 ----D---- C:\Program Files\Apple Software Update
2009-12-23 12:36:31 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-12-23 12:28:30 ----D---- C:\Documents and Settings\Amil\Application Data\Apple Computer
2009-12-23 12:26:44 ----D---- C:\Program Files\iTunes
2009-12-23 12:24:37 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-12-23 12:23:53 ----D---- C:\Program Files\iPod
2009-12-23 12:17:43 ----D---- C:\WINDOWS\Downloaded Installations
2009-12-23 04:05:50 ----D---- C:\Program Files\WinRAR
2009-12-23 03:52:38 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft
2009-12-23 03:39:19 ----SH---- C:\WINDOWS\S42269111.tmp
2009-12-23 03:35:36 ----D---- C:\Program Files\SlySoft
2009-12-23 03:34:40 ----D---- C:\Program Files\ImgBurn
2009-12-23 03:30:05 ----D---- C:\Program Files\Lavalys
2009-12-23 03:25:42 ----A---- C:\WINDOWS\system32\XceedZip.dll
2009-12-23 03:20:55 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-12-23 03:20:42 ----D---- C:\Program Files\DVD Shrink
2009-12-23 02:21:07 ----D---- C:\Program Files\LimeWire
2009-12-23 01:47:31 ----A---- C:\WINDOWS\CTREGRUN.EXE
2009-12-23 01:47:28 ----D---- C:\Program Files\Creative
2009-12-23 01:47:25 ----A---- C:\WINDOWS\IsUninst.exe
2009-12-23 00:34:12 ----D---- C:\Program Files\PcSetup
2009-12-23 00:34:06 ----D---- C:\Program Files\LG Software Innovations
2009-12-08 09:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-08 09:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-08 09:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

======List of files/folders modified in the last 1 months======

2010-01-03 16:42:14 ----RD---- C:\Program Files
2010-01-03 16:34:59 ----D---- C:\WINDOWS\system32
2010-01-03 16:32:44 ----SD---- C:\WINDOWS\Tasks
2010-01-03 16:32:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-03 16:27:22 ----D---- C:\WINDOWS
2010-01-03 16:24:03 ----D---- C:\WINDOWS\Temp
2010-01-03 16:22:19 ----SHD---- C:\RECYCLER
2010-01-03 15:50:41 ----D---- C:\Documents and Settings
2010-01-03 15:48:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-03 02:23:14 ----HD---- C:\WINDOWS\inf
2010-01-03 02:22:12 ----D---- C:\WINDOWS\Help
2010-01-03 02:15:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-03 02:15:52 ----D---- C:\WINDOWS\system32\drivers
2010-01-03 02:15:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-03 01:58:31 ----D---- C:\WINDOWS\Prefetch
2010-01-02 19:19:56 ----D---- C:\WINDOWS\VirtualEar
2010-01-02 19:19:56 ----D---- C:\WINDOWS\system
2010-01-02 19:19:26 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-02 19:06:57 ----D---- C:\Program Files\Intel
2010-01-02 19:04:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-02 17:53:23 ----SHD---- C:\WINDOWS\Installer
2010-01-02 12:19:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-02 12:18:31 ----D---- C:\WINDOWS\WinSxS
2010-01-02 12:15:42 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-02 12:14:08 ----A---- C:\WINDOWS\imsins.BAK
2010-01-01 19:13:55 ----D---- C:\Program Files\Common Files
2010-01-01 19:13:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-01 14:31:53 ----D---- C:\Program Files\Windows Media Player
2010-01-01 14:31:47 ----A---- C:\WINDOWS\win.ini
2010-01-01 13:55:29 ----D---- C:\WINDOWS\system32\en-us
2010-01-01 13:55:25 ----RSD---- C:\WINDOWS\Fonts
2010-01-01 13:55:03 ----D---- C:\WINDOWS\system32\spool
2010-01-01 13:52:36 ----D---- C:\WINDOWS\system32\mui
2010-01-01 13:52:35 ----D---- C:\Program Files\Internet Explorer
2010-01-01 01:49:36 ----D---- C:\WINDOWS\twain_32
2010-01-01 01:03:51 ----SH---- C:\boot.ini
2010-01-01 01:03:51 ----A---- C:\WINDOWS\system.ini
2009-12-31 23:34:33 ----SD---- C:\Documents and Settings\Amil\Application Data\Microsoft
2009-12-31 15:45:33 ----D---- C:\WINDOWS\ie8updates
2009-12-31 15:45:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-31 01:35:22 ----D---- C:\WINDOWS\network diagnostic
2009-12-29 14:03:25 ----D---- C:\WINDOWS\Media
2009-12-29 05:46:56 ----D---- C:\Program Files\Online Services
2009-12-28 01:40:14 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-23 16:07:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-12-23 39488]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-31 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 lxbt_device;lxbt_device; C:\WINDOWS\system32\lxbtcoms.exe [2004-02-20 421888]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:29 AM

Posted 05 January 2010 - 11:35 AM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

After running ComboFix, please post the ComboFix log as a reply to this

#3 ocktahedron

ocktahedron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 05 January 2010 - 12:47 PM

ComboFix 10-01-04.01 - Amil 01/05/2010 12:37:27.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.793 [GMT -5:00]
Running from: c:\documents and settings\Amil\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Desktop\Internet Security 2010.lnk
c:\documents and settings\Amil\Application Data\Desktopicon
c:\windows\system32\18467.exe
c:\windows\system32\msssc.dll
c:\windows\system32\WORK.DAT

.
((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 13:10 . 2010-01-05 17:24 -------- d-----w- c:\windows\LastGood
2010-01-05 07:27 . 2010-01-05 07:27 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-01-04 19:22 . 2010-01-04 19:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help
2010-01-04 04:20 . 2010-01-04 04:20 -------- d-----w- c:\documents and settings\Amil\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-04 03:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-04 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-05 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 03:43 . 2010-01-04 03:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-04 02:45 . 2008-12-04 06:25 120832 ----a-w- c:\documents and settings\Amil\Application Data\Mozilla\Firefox\Profiles\wguoq6vy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2010-01-03 21:42 . 2010-01-03 21:42 -------- d-----w- C:\rsit
2010-01-03 21:42 . 2010-01-03 21:42 -------- d-----w- c:\program files\trend micro
2010-01-03 20:52 . 2010-01-03 20:52 13104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 20:51 . 2010-01-03 20:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-03 07:50 . 2010-01-03 07:50 -------- d-----w- c:\windows\Sun
2010-01-03 07:28 . 2010-01-03 21:35 0 ---ha-w- c:\windows\system32\wupd.dat
2010-01-03 07:28 . 2010-01-03 07:28 24576 ----a-w- c:\windows\system32\PR19.DLL
2010-01-03 07:28 . 2010-01-03 21:34 13312 ---ha-w- c:\windows\system32\wexe.exe
2010-01-03 07:23 . 2010-01-03 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-01-03 07:16 . 2010-01-03 07:22 -------- d-----w- c:\windows\nview
2010-01-03 07:16 . 2006-10-22 17:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-03 07:15 . 2006-10-22 20:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-03 07:14 . 2010-01-03 07:14 -------- d-----w- C:\NVIDIA
2010-01-03 07:12 . 2009-06-16 17:05 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-01-03 07:10 . 2010-01-03 07:10 -------- d-----w- C:\Intel
2010-01-03 06:58 . 2010-01-03 06:58 24576 ----a-w- c:\windows\system32\PR11.DLL
2010-01-03 06:58 . 2010-01-03 06:58 60416 ----a-w- c:\windows\system32\npbbmgx.exe
2010-01-03 06:58 . 2010-01-03 06:58 60416 ---h--w- c:\documents and settings\Amil\vujf.exe
2010-01-03 00:19 . 2010-01-03 00:19 -------- d-----w- c:\program files\Intel Desktop Board Audio Driver
2010-01-02 23:08 . 2002-08-23 19:46 549672 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-01-02 23:08 . 2002-08-23 16:13 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-01-02 23:08 . 2002-08-22 22:57 98752 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-01-02 22:23 . 2010-01-02 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-01-02 06:20 . 2010-01-03 08:01 -------- d-----w- c:\documents and settings\Amil\Application Data\BitTorrent
2010-01-02 06:20 . 2010-01-02 06:20 -------- d-----w- c:\program files\BitTorrent
2010-01-02 05:50 . 2010-01-02 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-02 05:49 . 2010-01-02 05:49 -------- d-----w- c:\documents and settings\Amil\Application Data\AVS4YOU
2010-01-02 03:56 . 2010-01-02 03:56 -------- d-----w- c:\program files\SRS Labs
2010-01-02 03:35 . 2010-01-02 03:35 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\SRS Labs
2010-01-02 03:34 . 2010-01-02 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SRS Labs
2010-01-02 03:31 . 2007-07-26 14:25 39808 ----a-r- c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 42112 ----a-r- c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 47360 ----a-r- c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 47104 ----a-r- c:\windows\system32\drivers\tshd4_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 32000 ----a-r- c:\windows\system32\drivers\wowhd_kern_i386.sys
2010-01-02 00:13 . 2003-05-22 05:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-02 00:12 . 2003-05-21 17:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-01 19:39 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-01 19:31 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-01 19:31 . 2010-01-01 19:31 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-01 19:29 . 2010-01-01 19:30 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-01 19:29 . 2010-01-01 19:29 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\program files\MSBuild
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\program files\Reference Assemblies
2010-01-01 18:55 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-01 18:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-01 18:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-01 18:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-01 18:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-01 18:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-01 18:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-01 18:54 . 2010-01-01 18:55 -------- d-----w- C:\677d202563da779bd1df1e9d4a164219
2010-01-01 18:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-01 18:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-01 18:05 . 2010-01-01 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 18:04 . 2010-01-01 18:04 -------- d-----w- c:\program files\QuickTime
2010-01-01 18:02 . 2010-01-01 18:06 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-01 06:50 . 2010-01-04 21:23 -------- d-----w- c:\program files\Lx_cats
2010-01-01 06:48 . 2010-01-01 17:32 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- C:\Temp
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- c:\windows\system\install
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- c:\windows\system\drivers
2010-01-01 06:30 . 2010-01-01 06:43 -------- d-----w- c:\documents and settings\Amil\Application Data\FaxCtr
2010-01-01 06:27 . 2004-08-24 19:22 32768 ----a-w- c:\windows\system32\LXPRMON.DLL
2010-01-01 06:27 . 2003-03-11 23:26 98345 ----a-r- c:\windows\system32\IMHOST32.DLL
2010-01-01 06:27 . 2003-03-11 23:26 339968 ----a-r- c:\windows\system32\IMGMAN32.DLL
2010-01-01 05:56 . 2010-01-01 05:56 0 ----a-w- c:\windows\nsreg.dat
2010-01-01 05:56 . 2010-01-01 05:56 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Mozilla
2010-01-01 04:36 . 2010-01-02 04:00 -------- d-----w- c:\documents and settings\Amil\Shared
2010-01-01 04:36 . 2010-01-02 04:04 -------- d-----w- c:\documents and settings\Amil\Incomplete
2010-01-01 04:35 . 2010-01-02 04:04 -------- d-----w- c:\documents and settings\Amil\Application Data\LimeWire
2010-01-01 04:34 . 2010-01-01 04:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-01 04:34 . 2010-01-01 04:34 -------- d-----w- c:\program files\Java
2010-01-01 00:03 . 2010-01-01 00:03 -------- d-sh--w- c:\documents and settings\Amil\IECompatCache
2009-12-31 21:19 . 2009-12-31 21:19 -------- d-----w- c:\program files\SBC Yahoo!
2009-12-31 21:11 . 2009-12-31 21:11 -------- d-----w- c:\program files\Yahoo!
2009-12-30 06:24 . 2009-12-30 06:24 -------- d-----w- c:\documents and settings\Amil\Application Data\DivX
2009-12-30 06:05 . 2009-12-30 06:07 -------- d-----w- c:\program files\Easy DVD Creator
2009-12-30 05:54 . 2009-12-30 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-12-29 23:09 . 2009-12-30 06:02 -------- d-----w- c:\program files\Roxio Easy Media Creator
2009-12-29 19:03 . 1998-06-05 07:00 84992 ----a-w- c:\windows\system32\sfcvrt32.dll
2009-12-29 19:03 . 1995-08-30 07:02 82432 ----a-w- c:\windows\system32\CTWFLT32.DLL
2009-12-29 19:03 . 1995-01-13 19:10 149504 ----a-w- c:\windows\system32\mfcans32.dll
2009-12-29 19:03 . 1995-01-13 19:10 108032 ----a-w- c:\windows\system32\mfcuia32.dll
2009-12-29 19:03 . 1998-01-08 06:00 1048576 ----a-w- c:\windows\system32\sfman.dat
2009-12-29 19:03 . 1997-06-02 09:06 34816 ----a-w- c:\windows\CTRes32.dll
2009-12-29 19:03 . 1996-05-23 07:24 24976 ----a-w- c:\windows\ctres.dll
2009-12-29 19:03 . 1995-07-13 07:01 26768 ----a-w- c:\windows\system32\ctl3d.dll
2009-12-29 19:03 . 1994-12-05 08:11 53552 ----a-w- c:\windows\ctccw.dll
2009-12-29 19:00 . 2001-01-31 06:01 307200 ----a-w- c:\windows\system32\CtMp3Lib.dll
2009-12-29 19:00 . 2001-01-23 06:05 110592 ----a-w- c:\windows\system32\ctmp3io2.dll
2009-12-29 12:12 . 2009-12-29 12:12 -------- d-----w- c:\program files\InterActual
2009-12-29 11:48 . 2009-12-29 11:48 -------- d-----w- c:\documents and settings\Amil\Application Data\ImgBurn
2009-12-29 11:40 . 2009-12-29 11:40 -------- d-----w- C:\games
2009-12-28 23:53 . 2009-12-28 23:58 -------- d-----w- c:\program files\PhotoScape
2009-12-28 23:51 . 2009-12-28 23:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-28 23:49 . 2009-12-28 23:49 -------- d-----w- c:\windows\system32\custom matrices
2009-12-28 23:49 . 2009-12-28 23:50 -------- d-----w- c:\windows\system32\C2MP
2009-12-28 23:49 . 2009-12-28 23:49 -------- d-----w- c:\windows\system32\QuickTime
2009-12-28 23:06 . 2009-12-28 23:06 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Stardock
2009-12-28 21:25 . 2009-12-30 23:25 -------- d-----w- c:\program files\Decoz
2009-12-28 20:45 . 2009-12-28 21:32 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Help
2009-12-28 19:11 . 2009-12-28 19:11 -------- d-----w- c:\program files\DirectX7
2009-12-28 17:40 . 2009-12-28 17:40 -------- d-----w- c:\program files\directx
2009-12-28 17:17 . 2006-02-02 23:48 323584 ----a-w- c:\windows\system32\Carousel.scr
2009-12-28 17:17 . 2006-02-14 20:22 10616900 ----a-w- c:\windows\system32\Goldfish2.scr
2009-12-28 17:17 . 2009-12-28 17:17 -------- d-----w- c:\program files\Prolific Publishing, Inc
2009-12-28 17:17 . 2006-02-14 20:21 2932736 ----a-w- c:\windows\system32\MA2_6.scr
2009-12-28 13:59 . 2010-01-05 07:34 -------- d-----w- c:\documents and settings\Amil\Application Data\SoundSpectrum
2009-12-28 13:52 . 2009-04-05 01:01 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-12-28 13:52 . 2010-01-05 07:34 -------- d-----w- c:\program files\SoundSpectrum
2009-12-28 07:14 . 2009-12-28 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-12-28 07:14 . 2004-07-20 22:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-12-28 07:14 . 2004-07-20 22:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-12-28 07:14 . 2004-07-20 22:24 262144 ------w- c:\windows\system32\ImagXR7.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 10:05 . 2009-10-27 21:10 13104 ----a-w- c:\documents and settings\Amil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 00:19 . 2009-12-02 19:05 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-03 00:06 . 2009-10-27 17:26 -------- d-----w- c:\program files\Intel
2010-01-03 00:04 . 2009-12-02 19:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 06:49 . 2010-01-01 06:49 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-12-28 23:52 . 2009-12-28 23:51 -------- d-----w- c:\program files\DivX
2009-12-23 08:52 . 2009-12-23 08:39 24 --sh--w- c:\windows\S42269111.tmp
2009-12-02 17:02 . 2009-12-02 17:02 1632887 ----a-w- c:\windows\system32\ffmpegmt.dll
2009-12-02 16:56 . 2009-12-02 16:56 4840081 ----a-w- c:\windows\system32\libavcodec.dll
2009-11-14 00:49 . 2009-12-28 23:52 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 00:49 . 2009-12-28 23:52 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 00:49 . 2009-12-28 23:52 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-14 00:49 . 2009-12-28 23:52 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:49 . 2009-12-28 23:52 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-12-28 23:52 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-12 08:15 . 2009-11-12 08:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:45 . 2009-11-04 18:45 611638 ----a-w- c:\windows\system32\libmplayer.dll
2009-11-04 18:43 . 2009-11-04 18:43 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-11-03 20:11 . 2009-11-03 20:11 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-11-03 20:11 . 2009-11-03 20:11 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-11-03 20:10 . 2009-11-03 20:10 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-11-03 20:09 . 2009-11-03 20:09 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-11-03 20:08 . 2009-11-03 20:08 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-11-03 20:08 . 2009-11-03 20:08 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-11-03 20:07 . 2009-11-03 20:07 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-11-03 19:36 . 2009-11-03 19:36 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-11-03 19:34 . 2009-11-03 19:34 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2009-11-03 19:34 . 2009-11-03 19:34 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-03 18:07 . 2009-11-03 18:07 895308 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-03 18:05 . 2009-11-03 18:05 957047 ----a-w- c:\windows\system32\ff_x264.dll
2009-11-03 01:42 . 2009-10-27 21:12 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 22:46 . 2009-10-27 22:46 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-10-27 16:55 . 2009-10-27 16:55 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-27 16:53 . 2009-10-27 16:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-05 3215360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"npbbmgx"="c:\windows\system32\npbbmgx.exe \u" [X]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
2001-05-10 08:49 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\npbbmgx.exe"=

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{8CC627DD-E997-4676-8AEC-BDDE9B2B0082}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.att.net
FF - ProfilePath - c:\documents and settings\Amil\Application Data\Mozilla\Firefox\Profiles\wguoq6vy.default\
FF - prefs.js: browser.startup.homepage - www.att.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-adobemedia.exe - c:\windows\system32\adobemedia.exe
HKLM-Run-ISUSScheduler - c:\documents and settings\Amil\Desktop\Roxio Easy Media Creator 8 Suite 2CDs With Keygen\CD1\Common\InstallShield\UpdateService\issch.exe
HKLM-Run-Disc Detector - c:\program files\Creative\ShareDLL\CtNotify.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-AudioHQ - c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE
MSConfigStartUp-ISUSPM Startup - c:\docume~1\Amil\Desktop\ROXIOE~1\CD1\Common\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-Smapp - c:\program files\Analog Devices\SoundMAX\Smtray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-UpdReg - c:\windows\Updreg.exe
AddRemove-SereneScreen Marine Aquarium 2.6 & LifeGlobe Gol~BB92B863_is1 - c:\program files\Prolific Publishing



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 12:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A?? ????B???@?????P???$?@?? ??????~?B~??????????@???????????????????B?????? ????????????????????????????B
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
Completion time: 2010-01-05 12:43:35
ComboFix-quarantined-files.txt 2010-01-05 17:43

Pre-Run: 21,599,801,344 bytes free
Post-Run: 23,610,003,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C75B80455446B4730EE6C9296FD68074

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:29 AM

Posted 05 January 2010 - 01:12 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\documents and settings\Amil\vujf.exe
c:\windows\S42269111.tmp

Suspect::[3]
c:\windows\system32\CSVer.dll
c:\windows\system32\PR11.DLL
c:\windows\system32\npbbmgx.exe
c:\windows\system32\wupd.dat
c:\windows\system32\PR19.DLL
c:\windows\system32\wexe.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"npbbmgx"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"= 1 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\npbbmgx.exe"=-

Reglock::
[HKEY_USERS\S-1-5-21-1409082233-162531612-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#5 ocktahedron

ocktahedron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 05 January 2010 - 02:23 PM

ComboFix 10-01-04.01 - Amil 01/05/2010 14:16:54.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.641 [GMT -5:00]
Running from: c:\documents and settings\Amil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Amil\Desktop\cfscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\documents and settings\Amil\vujf.exe"
"c:\windows\S42269111.tmp"

file zipped: c:\windows\system32\CSVer.dll
file zipped: c:\windows\system32\npbbmgx.exe
file zipped: c:\windows\system32\PR11.DLL
file zipped: c:\windows\system32\PR19.DLL
file zipped: c:\windows\system32\wexe.exe
file zipped: c:\windows\system32\wupd.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Amil\vujf.exe
c:\windows\S42269111.tmp

.
((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 13:10 . 2010-01-05 17:24 -------- d-----w- c:\windows\LastGood
2010-01-05 07:27 . 2010-01-05 07:27 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-01-04 19:22 . 2010-01-04 19:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help
2010-01-04 04:20 . 2010-01-04 04:20 -------- d-----w- c:\documents and settings\Amil\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-04 03:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-04 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-05 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 03:43 . 2010-01-04 03:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-04 02:45 . 2008-12-04 06:25 120832 ----a-w- c:\documents and settings\Amil\Application Data\Mozilla\Firefox\Profiles\wguoq6vy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2010-01-03 21:42 . 2010-01-03 21:42 -------- d-----w- C:\rsit
2010-01-03 21:42 . 2010-01-03 21:42 -------- d-----w- c:\program files\trend micro
2010-01-03 20:52 . 2010-01-03 20:52 13104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 20:51 . 2010-01-03 20:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-03 07:50 . 2010-01-03 07:50 -------- d-----w- c:\windows\Sun
2010-01-03 07:28 . 2010-01-03 21:35 0 ---ha-w- c:\windows\system32\wupd.dat
2010-01-03 07:28 . 2010-01-03 07:28 24576 ----a-w- c:\windows\system32\PR19.DLL
2010-01-03 07:28 . 2010-01-03 21:34 13312 ---ha-w- c:\windows\system32\wexe.exe
2010-01-03 07:23 . 2010-01-03 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-01-03 07:16 . 2010-01-03 07:22 -------- d-----w- c:\windows\nview
2010-01-03 07:16 . 2006-10-22 17:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-03 07:15 . 2006-10-22 20:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-03 07:14 . 2010-01-03 07:14 -------- d-----w- C:\NVIDIA
2010-01-03 07:12 . 2009-06-16 17:05 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-01-03 07:10 . 2010-01-03 07:10 -------- d-----w- C:\Intel
2010-01-03 06:58 . 2010-01-03 06:58 24576 ----a-w- c:\windows\system32\PR11.DLL
2010-01-03 06:58 . 2010-01-03 06:58 60416 ----a-w- c:\windows\system32\npbbmgx.exe
2010-01-03 00:19 . 2010-01-03 00:19 -------- d-----w- c:\program files\Intel Desktop Board Audio Driver
2010-01-02 23:08 . 2002-08-23 19:46 549672 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-01-02 23:08 . 2002-08-23 16:13 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-01-02 23:08 . 2002-08-22 22:57 98752 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-01-02 22:23 . 2010-01-02 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-01-02 06:20 . 2010-01-03 08:01 -------- d-----w- c:\documents and settings\Amil\Application Data\BitTorrent
2010-01-02 06:20 . 2010-01-02 06:20 -------- d-----w- c:\program files\BitTorrent
2010-01-02 05:50 . 2010-01-02 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-02 05:49 . 2010-01-02 05:49 -------- d-----w- c:\documents and settings\Amil\Application Data\AVS4YOU
2010-01-02 03:56 . 2010-01-02 03:56 -------- d-----w- c:\program files\SRS Labs
2010-01-02 03:35 . 2010-01-02 03:35 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\SRS Labs
2010-01-02 03:34 . 2010-01-02 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SRS Labs
2010-01-02 03:31 . 2007-07-26 14:25 39808 ----a-r- c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 42112 ----a-r- c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 47360 ----a-r- c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 47104 ----a-r- c:\windows\system32\drivers\tshd4_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 32000 ----a-r- c:\windows\system32\drivers\wowhd_kern_i386.sys
2010-01-02 00:13 . 2003-05-22 05:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-02 00:12 . 2003-05-21 17:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-01 19:39 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-01 19:31 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-01 19:31 . 2010-01-01 19:31 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-01 19:29 . 2010-01-01 19:30 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-01 19:29 . 2010-01-01 19:29 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\program files\MSBuild
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\program files\Reference Assemblies
2010-01-01 18:55 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-01 18:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-01 18:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-01 18:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-01 18:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-01 18:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-01 18:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-01 18:54 . 2010-01-01 18:55 -------- d-----w- C:\677d202563da779bd1df1e9d4a164219
2010-01-01 18:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-01 18:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-01 18:05 . 2010-01-01 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 18:04 . 2010-01-01 18:04 -------- d-----w- c:\program files\QuickTime
2010-01-01 18:02 . 2010-01-01 18:06 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-01 06:50 . 2010-01-04 21:23 -------- d-----w- c:\program files\Lx_cats
2010-01-01 06:48 . 2010-01-01 17:32 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- C:\Temp
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- c:\windows\system\install
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- c:\windows\system\drivers
2010-01-01 06:30 . 2010-01-01 06:43 -------- d-----w- c:\documents and settings\Amil\Application Data\FaxCtr
2010-01-01 06:27 . 2004-08-24 19:22 32768 ----a-w- c:\windows\system32\LXPRMON.DLL
2010-01-01 06:27 . 2003-03-11 23:26 98345 ----a-r- c:\windows\system32\IMHOST32.DLL
2010-01-01 06:27 . 2003-03-11 23:26 339968 ----a-r- c:\windows\system32\IMGMAN32.DLL
2010-01-01 05:56 . 2010-01-01 05:56 0 ----a-w- c:\windows\nsreg.dat
2010-01-01 05:56 . 2010-01-01 05:56 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Mozilla
2010-01-01 04:36 . 2010-01-02 04:00 -------- d-----w- c:\documents and settings\Amil\Shared
2010-01-01 04:36 . 2010-01-02 04:04 -------- d-----w- c:\documents and settings\Amil\Incomplete
2010-01-01 04:35 . 2010-01-02 04:04 -------- d-----w- c:\documents and settings\Amil\Application Data\LimeWire
2010-01-01 04:34 . 2010-01-01 04:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-01 04:34 . 2010-01-01 04:34 -------- d-----w- c:\program files\Java
2010-01-01 00:03 . 2010-01-01 00:03 -------- d-sh--w- c:\documents and settings\Amil\IECompatCache
2009-12-31 21:19 . 2009-12-31 21:19 -------- d-----w- c:\program files\SBC Yahoo!
2009-12-31 21:11 . 2009-12-31 21:11 -------- d-----w- c:\program files\Yahoo!
2009-12-30 06:24 . 2009-12-30 06:24 -------- d-----w- c:\documents and settings\Amil\Application Data\DivX
2009-12-30 06:05 . 2009-12-30 06:07 -------- d-----w- c:\program files\Easy DVD Creator
2009-12-30 05:54 . 2009-12-30 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-12-29 23:09 . 2009-12-30 06:02 -------- d-----w- c:\program files\Roxio Easy Media Creator
2009-12-29 19:03 . 1998-06-05 07:00 84992 ----a-w- c:\windows\system32\sfcvrt32.dll
2009-12-29 19:03 . 1995-08-30 07:02 82432 ----a-w- c:\windows\system32\CTWFLT32.DLL
2009-12-29 19:03 . 1995-01-13 19:10 149504 ----a-w- c:\windows\system32\mfcans32.dll
2009-12-29 19:03 . 1995-01-13 19:10 108032 ----a-w- c:\windows\system32\mfcuia32.dll
2009-12-29 19:03 . 1998-01-08 06:00 1048576 ----a-w- c:\windows\system32\sfman.dat
2009-12-29 19:03 . 1997-06-02 09:06 34816 ----a-w- c:\windows\CTRes32.dll
2009-12-29 19:03 . 1996-05-23 07:24 24976 ----a-w- c:\windows\ctres.dll
2009-12-29 19:03 . 1995-07-13 07:01 26768 ----a-w- c:\windows\system32\ctl3d.dll
2009-12-29 19:03 . 1994-12-05 08:11 53552 ----a-w- c:\windows\ctccw.dll
2009-12-29 19:00 . 2001-01-31 06:01 307200 ----a-w- c:\windows\system32\CtMp3Lib.dll
2009-12-29 19:00 . 2001-01-23 06:05 110592 ----a-w- c:\windows\system32\ctmp3io2.dll
2009-12-29 12:12 . 2009-12-29 12:12 -------- d-----w- c:\program files\InterActual
2009-12-29 11:48 . 2009-12-29 11:48 -------- d-----w- c:\documents and settings\Amil\Application Data\ImgBurn
2009-12-29 11:40 . 2009-12-29 11:40 -------- d-----w- C:\games
2009-12-28 23:53 . 2009-12-28 23:58 -------- d-----w- c:\program files\PhotoScape
2009-12-28 23:51 . 2009-12-28 23:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-28 23:49 . 2009-12-28 23:49 -------- d-----w- c:\windows\system32\custom matrices
2009-12-28 23:49 . 2009-12-28 23:50 -------- d-----w- c:\windows\system32\C2MP
2009-12-28 23:49 . 2009-12-28 23:49 -------- d-----w- c:\windows\system32\QuickTime
2009-12-28 23:06 . 2009-12-28 23:06 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Stardock
2009-12-28 21:25 . 2009-12-30 23:25 -------- d-----w- c:\program files\Decoz
2009-12-28 20:45 . 2009-12-28 21:32 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Help
2009-12-28 19:11 . 2009-12-28 19:11 -------- d-----w- c:\program files\DirectX7
2009-12-28 17:40 . 2009-12-28 17:40 -------- d-----w- c:\program files\directx
2009-12-28 17:17 . 2006-02-02 23:48 323584 ----a-w- c:\windows\system32\Carousel.scr
2009-12-28 17:17 . 2006-02-14 20:22 10616900 ----a-w- c:\windows\system32\Goldfish2.scr
2009-12-28 17:17 . 2009-12-28 17:17 -------- d-----w- c:\program files\Prolific Publishing, Inc
2009-12-28 17:17 . 2006-02-14 20:21 2932736 ----a-w- c:\windows\system32\MA2_6.scr
2009-12-28 13:59 . 2010-01-05 07:34 -------- d-----w- c:\documents and settings\Amil\Application Data\SoundSpectrum
2009-12-28 13:52 . 2009-04-05 01:01 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-12-28 13:52 . 2010-01-05 07:34 -------- d-----w- c:\program files\SoundSpectrum
2009-12-28 07:14 . 2009-12-28 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-12-28 07:14 . 2004-07-20 22:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-12-28 07:14 . 2004-07-20 22:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-12-28 07:14 . 2004-07-20 22:24 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-12-28 07:14 . 2004-07-20 22:24 1568768 ------w- c:\windows\system32\ImagX7.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 10:05 . 2009-10-27 21:10 13104 ----a-w- c:\documents and settings\Amil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 00:19 . 2009-12-02 19:05 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-03 00:06 . 2009-10-27 17:26 -------- d-----w- c:\program files\Intel
2010-01-03 00:04 . 2009-12-02 19:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 06:49 . 2010-01-01 06:49 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-12-28 23:52 . 2009-12-28 23:51 -------- d-----w- c:\program files\DivX
2009-12-02 17:02 . 2009-12-02 17:02 1632887 ----a-w- c:\windows\system32\ffmpegmt.dll
2009-12-02 16:56 . 2009-12-02 16:56 4840081 ----a-w- c:\windows\system32\libavcodec.dll
2009-11-14 00:49 . 2009-12-28 23:52 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 00:49 . 2009-12-28 23:52 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 00:49 . 2009-12-28 23:52 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-14 00:49 . 2009-12-28 23:52 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:49 . 2009-12-28 23:52 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-12-28 23:52 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-12 08:15 . 2009-11-12 08:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:45 . 2009-11-04 18:45 611638 ----a-w- c:\windows\system32\libmplayer.dll
2009-11-04 18:43 . 2009-11-04 18:43 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-11-03 20:11 . 2009-11-03 20:11 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-11-03 20:11 . 2009-11-03 20:11 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-11-03 20:10 . 2009-11-03 20:10 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-11-03 20:09 . 2009-11-03 20:09 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-11-03 20:08 . 2009-11-03 20:08 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-11-03 20:08 . 2009-11-03 20:08 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-11-03 20:07 . 2009-11-03 20:07 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-11-03 19:36 . 2009-11-03 19:36 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-11-03 19:34 . 2009-11-03 19:34 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2009-11-03 19:34 . 2009-11-03 19:34 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-03 18:07 . 2009-11-03 18:07 895308 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-03 18:05 . 2009-11-03 18:05 957047 ----a-w- c:\windows\system32\ff_x264.dll
2009-11-03 01:42 . 2009-10-27 21:12 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 22:46 . 2009-10-27 22:46 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-10-27 16:55 . 2009-10-27 16:55 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-27 16:53 . 2009-10-27 16:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-05 3215360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
2001-05-10 08:49 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{8CC627DD-E997-4676-8AEC-BDDE9B2B0082}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.att.net
FF - ProfilePath - c:\documents and settings\Amil\Application Data\Mozilla\Firefox\Profiles\wguoq6vy.default\
FF - prefs.js: browser.startup.homepage - www.att.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 14:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-05 14:22:02
ComboFix-quarantined-files.txt 2010-01-05 19:21
ComboFix2.txt 2010-01-05 17:43

Pre-Run: 23,594,426,368 bytes free
Post-Run: 23,586,869,248 bytes free

- - End Of File - - 15701FC21514473D81DBFD75312094D3
Upload was successful

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:29 AM

Posted 05 January 2010 - 02:55 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

c:\windows\system32\PR11.DLL
c:\windows\system32\PR19.DLL
c:\windows\system32\wexe.exe
c:\windows\system32\wupd.dat
c:\windows\system32\npbbmgx.exe


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

Also,

Download GMER Rootkit Scanner from here.
  • Extract the contents of the zipped file to the desktop.
  • Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
  • In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Now click on the Scan button and wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.
Then post the ark.txt log with the combofix.log from the previous steps in this post.

#7 ocktahedron

ocktahedron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 05 January 2010 - 06:14 PM

ComboFix 10-01-04.01 - Amil 01/05/2010 15:30:17.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.688 [GMT -5:00]
Running from: c:\documents and settings\Amil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Amil\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 19:57 . 2010-01-05 19:58 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Thunderbird
2010-01-05 19:57 . 2010-01-05 19:57 -------- d-----w- c:\documents and settings\Amil\Application Data\Thunderbird
2010-01-05 19:57 . 2010-01-05 19:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-05 13:10 . 2010-01-05 17:24 -------- d-----w- c:\windows\LastGood
2010-01-05 07:27 . 2010-01-05 07:27 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-01-04 19:22 . 2010-01-04 19:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help
2010-01-04 04:20 . 2010-01-04 04:20 -------- d-----w- c:\documents and settings\Amil\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-04 03:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-04 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-05 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 03:43 . 2010-01-04 03:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-04 02:45 . 2008-12-04 06:25 120832 ----a-w- c:\documents and settings\Amil\Application Data\Mozilla\Firefox\Profiles\wguoq6vy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2010-01-03 21:42 . 2010-01-03 21:42 -------- d-----w- C:\rsit
2010-01-03 21:42 . 2010-01-03 21:42 -------- d-----w- c:\program files\trend micro
2010-01-03 20:52 . 2010-01-03 20:52 13104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 20:51 . 2010-01-03 20:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-03 07:50 . 2010-01-03 07:50 -------- d-----w- c:\windows\Sun
2010-01-03 07:28 . 2010-01-03 21:35 0 ---ha-w- c:\windows\system32\wupd.dat
2010-01-03 07:28 . 2010-01-03 07:28 24576 ----a-w- c:\windows\system32\PR19.DLL
2010-01-03 07:28 . 2010-01-03 21:34 13312 ---ha-w- c:\windows\system32\wexe.exe
2010-01-03 07:23 . 2010-01-03 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-01-03 07:16 . 2010-01-03 07:22 -------- d-----w- c:\windows\nview
2010-01-03 07:16 . 2006-10-22 17:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-03 07:15 . 2006-10-22 20:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-03 07:14 . 2010-01-03 07:14 -------- d-----w- C:\NVIDIA
2010-01-03 07:12 . 2009-06-16 17:05 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-01-03 07:10 . 2010-01-03 07:10 -------- d-----w- C:\Intel
2010-01-03 06:58 . 2010-01-03 06:58 24576 ----a-w- c:\windows\system32\PR11.DLL
2010-01-03 06:58 . 2010-01-03 06:58 60416 ----a-w- c:\windows\system32\npbbmgx.exe
2010-01-03 00:19 . 2010-01-03 00:19 -------- d-----w- c:\program files\Intel Desktop Board Audio Driver
2010-01-02 23:08 . 2002-08-23 19:46 549672 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-01-02 23:08 . 2002-08-23 16:13 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-01-02 23:08 . 2002-08-22 22:57 98752 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-01-02 22:23 . 2010-01-02 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-01-02 06:20 . 2010-01-03 08:01 -------- d-----w- c:\documents and settings\Amil\Application Data\BitTorrent
2010-01-02 06:20 . 2010-01-02 06:20 -------- d-----w- c:\program files\BitTorrent
2010-01-02 05:50 . 2010-01-02 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-02 05:49 . 2010-01-02 05:49 -------- d-----w- c:\documents and settings\Amil\Application Data\AVS4YOU
2010-01-02 03:56 . 2010-01-02 03:56 -------- d-----w- c:\program files\SRS Labs
2010-01-02 03:35 . 2010-01-02 03:35 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\SRS Labs
2010-01-02 03:34 . 2010-01-02 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SRS Labs
2010-01-02 03:31 . 2007-07-26 14:25 39808 ----a-r- c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 42112 ----a-r- c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 47360 ----a-r- c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 47104 ----a-r- c:\windows\system32\drivers\tshd4_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 32000 ----a-r- c:\windows\system32\drivers\wowhd_kern_i386.sys
2010-01-02 00:13 . 2003-05-22 05:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-02 00:12 . 2003-05-21 17:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-01 19:39 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-01 19:31 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-01 19:31 . 2010-01-01 19:31 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-01 19:29 . 2010-01-01 19:30 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-01 19:29 . 2010-01-01 19:29 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\program files\MSBuild
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\program files\Reference Assemblies
2010-01-01 18:55 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-01 18:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-01 18:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-01 18:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-01 18:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-01 18:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-01 18:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-01 18:54 . 2010-01-01 18:55 -------- d-----w- C:\677d202563da779bd1df1e9d4a164219
2010-01-01 18:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-01 18:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-01 18:05 . 2010-01-01 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 18:04 . 2010-01-01 18:04 -------- d-----w- c:\program files\QuickTime
2010-01-01 18:02 . 2010-01-01 18:06 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-01 06:50 . 2010-01-04 21:23 -------- d-----w- c:\program files\Lx_cats
2010-01-01 06:48 . 2010-01-01 17:32 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- C:\Temp
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- c:\windows\system\install
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- c:\windows\system\drivers
2010-01-01 06:30 . 2010-01-01 06:43 -------- d-----w- c:\documents and settings\Amil\Application Data\FaxCtr
2010-01-01 06:27 . 2004-08-24 19:22 32768 ----a-w- c:\windows\system32\LXPRMON.DLL
2010-01-01 06:27 . 2003-03-11 23:26 98345 ----a-r- c:\windows\system32\IMHOST32.DLL
2010-01-01 06:27 . 2003-03-11 23:26 339968 ----a-r- c:\windows\system32\IMGMAN32.DLL
2010-01-01 05:56 . 2010-01-01 05:56 0 ----a-w- c:\windows\nsreg.dat
2010-01-01 05:56 . 2010-01-01 05:56 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Mozilla
2010-01-01 04:36 . 2010-01-02 04:00 -------- d-----w- c:\documents and settings\Amil\Shared
2010-01-01 04:36 . 2010-01-02 04:04 -------- d-----w- c:\documents and settings\Amil\Incomplete
2010-01-01 04:35 . 2010-01-02 04:04 -------- d-----w- c:\documents and settings\Amil\Application Data\LimeWire
2010-01-01 04:34 . 2010-01-01 04:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-01 04:34 . 2010-01-01 04:34 -------- d-----w- c:\program files\Java
2010-01-01 00:03 . 2010-01-01 00:03 -------- d-sh--w- c:\documents and settings\Amil\IECompatCache
2009-12-31 21:19 . 2009-12-31 21:19 -------- d-----w- c:\program files\SBC Yahoo!
2009-12-31 21:11 . 2009-12-31 21:11 -------- d-----w- c:\program files\Yahoo!
2009-12-30 06:24 . 2009-12-30 06:24 -------- d-----w- c:\documents and settings\Amil\Application Data\DivX
2009-12-30 06:05 . 2009-12-30 06:07 -------- d-----w- c:\program files\Easy DVD Creator
2009-12-30 05:54 . 2009-12-30 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-12-29 23:09 . 2009-12-30 06:02 -------- d-----w- c:\program files\Roxio Easy Media Creator
2009-12-29 19:03 . 1998-06-05 07:00 84992 ----a-w- c:\windows\system32\sfcvrt32.dll
2009-12-29 19:03 . 1995-08-30 07:02 82432 ----a-w- c:\windows\system32\CTWFLT32.DLL
2009-12-29 19:03 . 1995-01-13 19:10 149504 ----a-w- c:\windows\system32\mfcans32.dll
2009-12-29 19:03 . 1995-01-13 19:10 108032 ----a-w- c:\windows\system32\mfcuia32.dll
2009-12-29 19:03 . 1998-01-08 06:00 1048576 ----a-w- c:\windows\system32\sfman.dat
2009-12-29 19:03 . 1997-06-02 09:06 34816 ----a-w- c:\windows\CTRes32.dll
2009-12-29 19:03 . 1996-05-23 07:24 24976 ----a-w- c:\windows\ctres.dll
2009-12-29 19:03 . 1995-07-13 07:01 26768 ----a-w- c:\windows\system32\ctl3d.dll
2009-12-29 19:03 . 1994-12-05 08:11 53552 ----a-w- c:\windows\ctccw.dll
2009-12-29 19:00 . 2001-01-31 06:01 307200 ----a-w- c:\windows\system32\CtMp3Lib.dll
2009-12-29 19:00 . 2001-01-23 06:05 110592 ----a-w- c:\windows\system32\ctmp3io2.dll
2009-12-29 12:12 . 2009-12-29 12:12 -------- d-----w- c:\program files\InterActual
2009-12-29 11:48 . 2009-12-29 11:48 -------- d-----w- c:\documents and settings\Amil\Application Data\ImgBurn
2009-12-29 11:40 . 2009-12-29 11:40 -------- d-----w- C:\games
2009-12-28 23:53 . 2009-12-28 23:58 -------- d-----w- c:\program files\PhotoScape
2009-12-28 23:51 . 2009-12-28 23:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-28 23:49 . 2009-12-28 23:49 -------- d-----w- c:\windows\system32\custom matrices
2009-12-28 23:49 . 2009-12-28 23:50 -------- d-----w- c:\windows\system32\C2MP
2009-12-28 23:49 . 2009-12-28 23:49 -------- d-----w- c:\windows\system32\QuickTime
2009-12-28 23:06 . 2009-12-28 23:06 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Stardock
2009-12-28 21:25 . 2009-12-30 23:25 -------- d-----w- c:\program files\Decoz
2009-12-28 20:45 . 2009-12-28 21:32 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Help
2009-12-28 19:11 . 2009-12-28 19:11 -------- d-----w- c:\program files\DirectX7
2009-12-28 17:40 . 2009-12-28 17:40 -------- d-----w- c:\program files\directx
2009-12-28 17:17 . 2006-02-02 23:48 323584 ----a-w- c:\windows\system32\Carousel.scr
2009-12-28 17:17 . 2006-02-14 20:22 10616900 ----a-w- c:\windows\system32\Goldfish2.scr
2009-12-28 17:17 . 2009-12-28 17:17 -------- d-----w- c:\program files\Prolific Publishing, Inc
2009-12-28 17:17 . 2006-02-14 20:21 2932736 ----a-w- c:\windows\system32\MA2_6.scr
2009-12-28 13:59 . 2010-01-05 07:34 -------- d-----w- c:\documents and settings\Amil\Application Data\SoundSpectrum
2009-12-28 13:52 . 2009-04-05 01:01 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-12-28 13:52 . 2010-01-05 07:34 -------- d-----w- c:\program files\SoundSpectrum
2009-12-28 07:14 . 2009-12-28 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-12-28 07:14 . 2004-07-20 22:24 476320 ------w- c:\windows\system32\ImagXpr7.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 10:05 . 2009-10-27 21:10 13104 ----a-w- c:\documents and settings\Amil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 00:19 . 2009-12-02 19:05 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-03 00:06 . 2009-10-27 17:26 -------- d-----w- c:\program files\Intel
2010-01-03 00:04 . 2009-12-02 19:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 06:49 . 2010-01-01 06:49 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-12-28 23:52 . 2009-12-28 23:51 -------- d-----w- c:\program files\DivX
2009-12-02 17:02 . 2009-12-02 17:02 1632887 ----a-w- c:\windows\system32\ffmpegmt.dll
2009-12-02 16:56 . 2009-12-02 16:56 4840081 ----a-w- c:\windows\system32\libavcodec.dll
2009-11-14 00:49 . 2009-12-28 23:52 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 00:49 . 2009-12-28 23:52 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 00:49 . 2009-12-28 23:52 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-14 00:49 . 2009-12-28 23:52 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:49 . 2009-12-28 23:52 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-12-28 23:52 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-12 08:15 . 2009-11-12 08:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:45 . 2009-11-04 18:45 611638 ----a-w- c:\windows\system32\libmplayer.dll
2009-11-04 18:43 . 2009-11-04 18:43 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-11-03 20:11 . 2009-11-03 20:11 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-11-03 20:11 . 2009-11-03 20:11 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-11-03 20:10 . 2009-11-03 20:10 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-11-03 20:09 . 2009-11-03 20:09 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-11-03 20:08 . 2009-11-03 20:08 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-11-03 20:08 . 2009-11-03 20:08 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-11-03 20:07 . 2009-11-03 20:07 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-11-03 19:36 . 2009-11-03 19:36 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-11-03 19:34 . 2009-11-03 19:34 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2009-11-03 19:34 . 2009-11-03 19:34 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-03 18:07 . 2009-11-03 18:07 895308 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-03 18:05 . 2009-11-03 18:05 957047 ----a-w- c:\windows\system32\ff_x264.dll
2009-11-03 01:42 . 2009-10-27 21:12 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 22:46 . 2009-10-27 22:46 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-10-27 16:55 . 2009-10-27 16:55 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-27 16:53 . 2009-10-27 16:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-05 3215360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
2001-05-10 08:49 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{8CC627DD-E997-4676-8AEC-BDDE9B2B0082}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.att.net
FF - ProfilePath - c:\documents and settings\Amil\Application Data\Mozilla\Firefox\Profiles\wguoq6vy.default\
FF - prefs.js: browser.startup.homepage - www.att.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 15:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-05 15:35:37
ComboFix-quarantined-files.txt 2010-01-05 20:35
ComboFix2.txt 2010-01-05 19:22
ComboFix3.txt 2010-01-05 17:43

Pre-Run: 23,491,543,040 bytes free
Post-Run: 23,483,404,288 bytes free

- - End Of File - - 471AB7B84ED9BCF287610A0D34B28FCB

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-05 18:13:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Amil\LOCALS~1\Temp\fwtdypod.sys


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\Amil\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:29 AM

Posted 06 January 2010 - 10:00 AM

I messed something up on the previous post. Please do this:

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\system32\PR11.DLL
c:\windows\system32\PR19.DLL
c:\windows\system32\wexe.exe
c:\windows\system32\wupd.dat
c:\windows\system32\npbbmgx.exe


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply[/b].

#9 ocktahedron

ocktahedron
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 06 January 2010 - 07:57 PM

ComboFix 10-01-04.01 - Amil 01/06/2010 19:48:25.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.625 [GMT -5:00]
Running from: c:\documents and settings\Amil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Amil\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\system32\npbbmgx.exe"
"c:\windows\system32\PR11.DLL"
"c:\windows\system32\PR19.DLL"
"c:\windows\system32\wexe.exe"
"c:\windows\system32\wupd.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\npbbmgx.exe
c:\windows\system32\PR11.DLL
c:\windows\system32\PR19.DLL
c:\windows\system32\wexe.exe
c:\windows\system32\wupd.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-06 01:12 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-06 01:05 . 2010-01-06 02:38 -------- d-----w- c:\documents and settings\Amil\Application Data\Wizards of the Coast
2010-01-06 01:05 . 2010-01-06 01:05 -------- d-----w- c:\program files\Wizards of the Coast
2010-01-05 23:42 . 2010-01-06 00:30 -------- d-----w- c:\program files\WOTC games
2010-01-05 19:57 . 2010-01-05 19:58 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Thunderbird
2010-01-05 19:57 . 2010-01-05 19:57 -------- d-----w- c:\documents and settings\Amil\Application Data\Thunderbird
2010-01-05 19:57 . 2010-01-06 17:03 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-05 07:27 . 2010-01-05 07:27 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-01-04 19:22 . 2010-01-04 19:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Help
2010-01-04 04:20 . 2010-01-04 04:20 -------- d-----w- c:\documents and settings\Amil\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-04 03:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-04 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-04 03:48 . 2010-01-05 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-04 03:43 . 2010-01-04 03:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-04 02:45 . 2008-12-04 06:25 120832 ----a-w- c:\documents and settings\Amil\Application Data\Mozilla\Firefox\Profiles\wguoq6vy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2010-01-03 21:42 . 2010-01-03 21:42 -------- d-----w- C:\rsit
2010-01-03 21:42 . 2010-01-03 21:42 -------- d-----w- c:\program files\trend micro
2010-01-03 20:52 . 2010-01-03 20:52 13104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 20:51 . 2010-01-03 20:51 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-03 07:50 . 2010-01-03 07:50 -------- d-----w- c:\windows\Sun
2010-01-03 07:23 . 2010-01-03 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2010-01-03 07:16 . 2010-01-03 07:22 -------- d-----w- c:\windows\nview
2010-01-03 07:16 . 2006-10-22 17:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-03 07:15 . 2006-10-22 20:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-01-03 07:14 . 2010-01-03 07:14 -------- d-----w- C:\NVIDIA
2010-01-03 07:12 . 2009-06-16 17:05 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-01-03 07:10 . 2010-01-03 07:10 -------- d-----w- C:\Intel
2010-01-03 00:19 . 2010-01-03 00:19 -------- d-----w- c:\program files\Intel Desktop Board Audio Driver
2010-01-02 23:08 . 2002-08-23 19:46 549672 ----a-w- c:\windows\system32\drivers\smwdm.sys
2010-01-02 23:08 . 2002-08-23 16:13 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2010-01-02 23:08 . 2002-08-22 22:57 98752 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-01-02 22:23 . 2010-01-02 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-01-02 06:20 . 2010-01-03 08:01 -------- d-----w- c:\documents and settings\Amil\Application Data\BitTorrent
2010-01-02 06:20 . 2010-01-02 06:20 -------- d-----w- c:\program files\BitTorrent
2010-01-02 05:50 . 2010-01-02 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-02 05:49 . 2010-01-02 05:49 -------- d-----w- c:\documents and settings\Amil\Application Data\AVS4YOU
2010-01-02 03:56 . 2010-01-02 03:56 -------- d-----w- c:\program files\SRS Labs
2010-01-02 03:35 . 2010-01-02 03:35 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\SRS Labs
2010-01-02 03:34 . 2010-01-02 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SRS Labs
2010-01-02 03:31 . 2007-07-26 14:25 39808 ----a-r- c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 42112 ----a-r- c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 47360 ----a-r- c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 47104 ----a-r- c:\windows\system32\drivers\tshd4_kern_i386.sys
2010-01-02 03:31 . 2007-07-26 14:25 32000 ----a-r- c:\windows\system32\drivers\wowhd_kern_i386.sys
2010-01-02 00:13 . 2003-05-22 05:50 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-02 00:12 . 2003-05-21 17:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-01-01 19:39 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-01 19:31 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-01 19:31 . 2010-01-01 19:31 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-01 19:29 . 2010-01-01 19:30 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-01 19:29 . 2010-01-01 19:29 -------- d-----w- c:\windows\system32\LogFiles
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\program files\MSBuild
2010-01-01 18:55 . 2010-01-01 18:55 -------- d-----w- c:\program files\Reference Assemblies
2010-01-01 18:55 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-01 18:54 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-01 18:54 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-01 18:54 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-01 18:54 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-01 18:54 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-01 18:54 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-01 18:54 . 2010-01-01 18:55 -------- d-----w- C:\677d202563da779bd1df1e9d4a164219
2010-01-01 18:54 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-01 18:54 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-01 18:05 . 2010-01-01 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-01 18:04 . 2010-01-01 18:04 -------- d-----w- c:\program files\QuickTime
2010-01-01 18:02 . 2010-01-01 18:06 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-01 06:50 . 2010-01-04 21:23 -------- d-----w- c:\program files\Lx_cats
2010-01-01 06:48 . 2010-01-06 01:12 -------- d-----w- C:\Temp
2010-01-01 06:48 . 2010-01-01 17:32 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- c:\windows\system\install
2010-01-01 06:48 . 2010-01-01 06:48 -------- d-----w- c:\windows\system\drivers
2010-01-01 06:30 . 2010-01-01 06:43 -------- d-----w- c:\documents and settings\Amil\Application Data\FaxCtr
2010-01-01 06:27 . 2004-08-24 19:22 32768 ----a-w- c:\windows\system32\LXPRMON.DLL
2010-01-01 06:27 . 2003-03-11 23:26 98345 ----a-r- c:\windows\system32\IMHOST32.DLL
2010-01-01 06:27 . 2003-03-11 23:26 339968 ----a-r- c:\windows\system32\IMGMAN32.DLL
2010-01-01 05:56 . 2010-01-01 05:56 0 ----a-w- c:\windows\nsreg.dat
2010-01-01 05:56 . 2010-01-01 05:56 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Mozilla
2010-01-01 04:36 . 2010-01-02 04:00 -------- d-----w- c:\documents and settings\Amil\Shared
2010-01-01 04:36 . 2010-01-02 04:04 -------- d-----w- c:\documents and settings\Amil\Incomplete
2010-01-01 04:35 . 2010-01-02 04:04 -------- d-----w- c:\documents and settings\Amil\Application Data\LimeWire
2010-01-01 04:34 . 2010-01-01 04:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-01 04:34 . 2010-01-01 04:34 -------- d-----w- c:\program files\Java
2010-01-01 00:03 . 2010-01-01 00:03 -------- d-sh--w- c:\documents and settings\Amil\IECompatCache
2009-12-31 21:19 . 2009-12-31 21:19 -------- d-----w- c:\program files\SBC Yahoo!
2009-12-31 21:11 . 2009-12-31 21:11 -------- d-----w- c:\program files\Yahoo!
2009-12-30 06:24 . 2009-12-30 06:24 -------- d-----w- c:\documents and settings\Amil\Application Data\DivX
2009-12-30 06:05 . 2009-12-30 06:07 -------- d-----w- c:\program files\Easy DVD Creator
2009-12-30 05:54 . 2009-12-30 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-12-29 23:09 . 2009-12-30 06:02 -------- d-----w- c:\program files\Roxio Easy Media Creator
2009-12-29 19:03 . 1998-06-05 07:00 84992 ----a-w- c:\windows\system32\sfcvrt32.dll
2009-12-29 19:03 . 1995-08-30 07:02 82432 ----a-w- c:\windows\system32\CTWFLT32.DLL
2009-12-29 19:03 . 1995-01-13 19:10 149504 ----a-w- c:\windows\system32\mfcans32.dll
2009-12-29 19:03 . 1995-01-13 19:10 108032 ----a-w- c:\windows\system32\mfcuia32.dll
2009-12-29 19:03 . 1998-01-08 06:00 1048576 ----a-w- c:\windows\system32\sfman.dat
2009-12-29 19:03 . 1997-06-02 09:06 34816 ----a-w- c:\windows\CTRes32.dll
2009-12-29 19:03 . 1996-05-23 07:24 24976 ----a-w- c:\windows\ctres.dll
2009-12-29 19:03 . 1995-07-13 07:01 26768 ----a-w- c:\windows\system32\ctl3d.dll
2009-12-29 19:03 . 1994-12-05 08:11 53552 ----a-w- c:\windows\ctccw.dll
2009-12-29 19:00 . 2001-01-31 06:01 307200 ----a-w- c:\windows\system32\CtMp3Lib.dll
2009-12-29 19:00 . 2001-01-23 06:05 110592 ----a-w- c:\windows\system32\ctmp3io2.dll
2009-12-29 12:12 . 2009-12-29 12:12 -------- d-----w- c:\program files\InterActual
2009-12-29 11:48 . 2009-12-29 11:48 -------- d-----w- c:\documents and settings\Amil\Application Data\ImgBurn
2009-12-29 11:40 . 2009-12-29 11:40 -------- d-----w- C:\games
2009-12-28 23:53 . 2009-12-28 23:58 -------- d-----w- c:\program files\PhotoScape
2009-12-28 23:51 . 2009-12-28 23:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-28 23:49 . 2009-12-28 23:49 -------- d-----w- c:\windows\system32\custom matrices
2009-12-28 23:49 . 2009-12-28 23:50 -------- d-----w- c:\windows\system32\C2MP
2009-12-28 23:49 . 2009-12-28 23:49 -------- d-----w- c:\windows\system32\QuickTime
2009-12-28 23:06 . 2009-12-28 23:06 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Stardock
2009-12-28 21:25 . 2009-12-30 23:25 -------- d-----w- c:\program files\Decoz
2009-12-28 20:45 . 2009-12-28 21:32 -------- d-----w- c:\documents and settings\Amil\Local Settings\Application Data\Help
2009-12-28 19:11 . 2009-12-28 19:11 -------- d-----w- c:\program files\DirectX7
2009-12-28 17:40 . 2009-12-28 17:40 -------- d-----w- c:\program files\directx
2009-12-28 17:17 . 2006-02-02 23:48 323584 ----a-w- c:\windows\system32\Carousel.scr
2009-12-28 17:17 . 2006-02-14 20:22 10616900 ----a-w- c:\windows\system32\Goldfish2.scr
2009-12-28 17:17 . 2009-12-28 17:17 -------- d-----w- c:\program files\Prolific Publishing, Inc
2009-12-28 17:17 . 2006-02-14 20:21 2932736 ----a-w- c:\windows\system32\MA2_6.scr
2009-12-28 13:59 . 2010-01-05 07:34 -------- d-----w- c:\documents and settings\Amil\Application Data\SoundSpectrum
2009-12-28 13:52 . 2009-04-05 01:01 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-12-28 13:52 . 2010-01-05 07:34 -------- d-----w- c:\program files\SoundSpectrum
2009-12-28 07:14 . 2009-12-28 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-12-28 07:14 . 2004-07-20 22:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-12-28 07:14 . 2004-07-20 22:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-12-28 07:14 . 2004-07-20 22:24 262144 ------w- c:\windows\system32\ImagXR7.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 01:04 . 2009-12-02 19:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 10:05 . 2009-10-27 21:10 13104 ----a-w- c:\documents and settings\Amil\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-03 00:19 . 2009-12-02 19:05 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-03 00:06 . 2009-10-27 17:26 -------- d-----w- c:\program files\Intel
2010-01-01 06:49 . 2010-01-01 06:49 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-12-28 23:52 . 2009-12-28 23:51 -------- d-----w- c:\program files\DivX
2009-12-02 17:02 . 2009-12-02 17:02 1632887 ----a-w- c:\windows\system32\ffmpegmt.dll
2009-12-02 16:56 . 2009-12-02 16:56 4840081 ----a-w- c:\windows\system32\libavcodec.dll
2009-11-14 00:49 . 2009-12-28 23:52 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 00:49 . 2009-12-28 23:52 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 00:49 . 2009-12-28 23:52 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-14 00:49 . 2009-12-28 23:52 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:49 . 2009-12-28 23:52 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-12-28 23:52 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-12 08:15 . 2009-11-12 08:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 18:45 . 2009-11-04 18:45 611638 ----a-w- c:\windows\system32\libmplayer.dll
2009-11-04 18:43 . 2009-11-04 18:43 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-11-03 20:11 . 2009-11-03 20:11 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-11-03 20:11 . 2009-11-03 20:11 146944 ----a-w- c:\windows\system32\ff_tremor.dll
2009-11-03 20:10 . 2009-11-03 20:10 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-11-03 20:09 . 2009-11-03 20:09 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-11-03 20:08 . 2009-11-03 20:08 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll
2009-11-03 20:08 . 2009-11-03 20:08 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-11-03 20:07 . 2009-11-03 20:07 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-11-03 19:36 . 2009-11-03 19:36 145408 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-11-03 19:34 . 2009-11-03 19:34 100864 ----a-w- c:\windows\system32\ff_wmv9.dll
2009-11-03 19:34 . 2009-11-03 19:34 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-03 18:07 . 2009-11-03 18:07 895308 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-03 18:05 . 2009-11-03 18:05 957047 ----a-w- c:\windows\system32\ff_x264.dll
2009-11-03 01:42 . 2009-10-27 21:12 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 22:46 . 2009-10-27 22:46 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2009-10-27 16:55 . 2009-10-27 16:55 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-27 16:53 . 2009-10-27 16:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-05_17.42.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-06 01:12 . 2005-12-05 23:07 61136 c:\windows\system32\xinput9_1_0.dll
+ 2010-01-06 01:12 . 2005-03-18 21:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2010-01-06 01:12 . 2005-03-18 21:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-01-06 01:12 . 2005-12-05 22:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2005-09-28 19:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2005-07-22 22:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2005-05-26 20:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2005-03-18 22:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2005-02-06 00:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2005-03-18 21:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2010-01-06 01:12 . 2005-03-18 21:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2010-01-06 01:12 . 2005-03-18 21:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2010-01-06 01:12 . 2005-03-18 21:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2010-01-06 01:12 . 2005-03-18 21:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2010-01-06 01:12 . 2005-03-18 21:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-01-06 01:12 . 2005-12-05 23:09 2323664 c:\windows\system32\d3dx9_28.dll
+ 2010-01-06 01:12 . 2005-07-23 00:59 2319568 c:\windows\system32\d3dx9_27.dll
+ 2010-01-06 01:12 . 2005-03-18 22:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2010-01-06 01:12 . 2005-02-06 00:45 2222800 c:\windows\system32\d3dx9_24.dll
+ 2010-01-06 01:12 . 2004-12-01 20:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2004-09-29 17:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-06 01:12 . 2010-01-06 01:12 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-05 3215360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
2001-05-10 08:49 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]

2010-01-07 c:\windows\Tasks\User_Feed_Synchronization-{8CC627DD-E997-4676-8AEC-BDDE9B2B0082}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.att.net
FF - ProfilePath - c:\documents and settings\Amil\Application Data\Mozilla\Firefox\Profiles\wguoq6vy.default\
FF - prefs.js: browser.startup.homepage - www.att.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-01-06 19:55:58
ComboFix-quarantined-files.txt 2010-01-07 00:55
ComboFix2.txt 2010-01-05 20:35
ComboFix3.txt 2010-01-05 19:22
ComboFix4.txt 2010-01-05 17:43

Pre-Run: 21,345,398,784 bytes free
Post-Run: 21,378,703,360 bytes free

- - End Of File - - A8D7DA9AC10F3712B671EE4DF7DD14B6

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:29 AM

Posted 06 January 2010 - 08:43 PM

Looks good. Are you still getting the virus warning?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users