ComboFix 08-05-25.5 - Roy 05/26/2008 20:41:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1255.1.1033.18.288 [GMT 2:00]
Running from: C:\Documents and Settings\Roy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Roy\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\ckiaojre.dll
C:\WINDOWS\system32\htflmuij.dll
C:\WINDOWS\system32\nnyrigqy.dll
C:\WINDOWS\system32\xxyywvUK.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Gal\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\htflmuij.dll
C:\WINDOWS\system32\xxyywvUK.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 18:42 38,176 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-26 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-26 17:54 5,384 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-26 17:54 23,708 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-26 17:54 2,127,136 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-26 15:56 --------- d-----w C:\Program Files\Trend Micro
2008-05-25 05:00 --------- d-----w C:\Documents and Settings\Roy\Application Data\uTorrent
2008-05-24 08:20 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-24 08:20 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-24 08:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-24 08:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-24 07:54 354,560 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-24 07:54 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-24 07:52 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-05-23 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-05-23 12:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-23 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-23 08:15 164 ----a-w C:\install.dat
2008-05-23 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-23 08:13 --------- d-----w C:\Program Files\Lavasoft
2008-05-23 08:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 07:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-22 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-22 17:17 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-21 04:43 --------- d-----w C:\Program Files\Windows Live
2008-05-21 04:42 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-21 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-20 22:52 --------- d-----w C:\Documents and Settings\Roy\Application Data\DivX
2008-05-20 22:50 --------- d-----w C:\Program Files\Winamp
2008-05-20 22:41 --------- d-----w C:\Documents and Settings\Roy\Application Data\Winamp
2008-05-20 22:37 --------- d-----w C:\Program Files\uTorrent
2008-05-20 22:33 --------- d-----w C:\Documents and Settings\Roy\Application Data\TuneUp Software
2008-05-20 22:31 --------- d-----w C:\Program Files\SopCast
2008-05-20 22:26 --------- d-----w C:\Program Files\DivX
2008-05-20 22:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-20 16:37 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-14 03:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 03:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 03:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{663656DF-6BAE-460C-A612-8133DF519346}]
C:\WINDOWS\SYSTEM32\awtssQIA.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CBA267E-7F36-40BC-A883-9C3EAA4C1109}]
C:\WINDOWS\system32\wvUoNGYO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2008 02:12 AM 1695232]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 02:12 AM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"BM6b152507"="C:\WINDOWS\system32\ragnxwca.dll" [ ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 04/14/2008 02:12 AM 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [04/14/2008 02:12 AM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [12/13/2007 01:28 PM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [05/24/2008 09:54 AM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 17:01:29 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 20:42:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 05/26/2008 20:44:07
ComboFix-quarantined-files.txt 2008-05-26 18:44:03
ComboFix2.txt 2008-05-26 18:03:15
Pre-Run: 32,538,075,136 bytes free
Post-Run: 32,548,605,952 bytes free
185 --- E O F --- 2008-05-26 16:46:15