ComboFix 08-11-05.02 - Nick 2008-11-07 18:02:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1397 [GMT 0:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nick\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\akcfdj29387.exe
c:\windows\aldie20938.exe
c:\windows\jutb6721.exe
c:\windows\kdiue021.exe
c:\windows\ldoie0293.exe
c:\windows\lpib7535.exe
c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
c:\windows\Tasks\Uniblue SpeedUpMyPC.job
c:\windows\Tasks\Uniblue SpyEraser.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Nick\Application Data\Uniblue
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\1206361446.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\1208613237.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\1209295414.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\1209657500.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\1215105523.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\1218363275.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\1223137904.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\Defrag.dat
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\F_1206361370.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\F_1206361434.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\F_1208613221.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\F_1209295393.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\F_1215105503.zip
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\ignorelist.dat
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\problems.html
c:\documents and settings\Nick\Application Data\Uniblue\Registry Booster2\RBLog.dat
c:\documents and settings\Nick\Application Data\Uniblue\SpyEraser\config2.dat
c:\documents and settings\Nick\Application Data\Uniblue\SpyEraser\Deletedspyware2.dat
c:\documents and settings\Nick\Application Data\Uniblue\SpyEraser\quarantinedspyware2.dat
c:\documents and settings\Nick\Application Data\Uniblue\SpyEraser\scanhistory2.dat
c:\windows\akcfdj29387.exe
c:\windows\aldie20938.exe
c:\windows\jutb6721.exe
c:\windows\kdiue021.exe
c:\windows\ldoie0293.exe
c:\windows\lpib7535.exe
c:\windows\odtb2482.exe
c:\windows\pptb1948.exe
c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
c:\windows\Tasks\Uniblue SpeedUpMyPC.job
c:\windows\Tasks\Uniblue SpyEraser.job
c:\windows\vntb9283.exe
c:\windows\yrtb5246.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.
2008-11-03 13:12 . 2008-11-03 13:13 <DIR> d-------- C:\rsit
2008-11-02 22:33 . 2008-11-03 13:19 250 --a------ c:\windows\gmer.ini
2008-11-02 15:13 . 2008-11-02 15:13 0 --a------ c:\windows\Infob.dat
2008-11-02 15:13 . 2008-11-02 15:13 0 --a------ c:\windows\Infoa.dat
2008-11-02 15:07 . 2008-11-02 15:07 <DIR> d-------- c:\program files\barExam
2008-11-02 15:02 . 2008-11-02 15:02 842 --a------ c:\documents and settings\Nick\Application Data\filterclsid.dat
2008-11-01 19:24 . 2008-11-01 19:25 <DIR> d-------- c:\documents and settings\Nick\Application Data\Red Alert 3
2008-10-28 22:36 . 2008-10-28 22:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 . 2008-10-28 22:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 . 2008-10-28 22:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 . 2008-10-28 22:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 . 2008-10-28 22:35 729,088 --a------ c:\windows\system32\divxdec.ax
2008-10-28 22:35 . 2008-10-28 22:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-24 09:45 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 20:28 . 2008-10-23 20:27 728,858 --a------ c:\program files\Common Files\unins000.exe
2008-10-23 20:28 . 2008-10-23 20:28 2,521 --a------ c:\program files\Common Files\unins000.dat
2008-10-23 20:28 . 2008-03-09 06:25 236 --ah----- c:\program files\Common Files\dx.reg
2008-10-23 20:19 . 2008-10-07 12:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-10-23 14:57 . 2008-10-23 14:57 <DIR> d-------- c:\documents and settings\Nick\Application Data\Samsung
2008-10-23 14:43 . 2006-05-03 21:53 174,592 --a------ c:\windows\system32\framedyn.dll
2008-10-23 14:42 . 2008-10-23 14:42 <DIR> d-------- c:\program files\DIFX
2008-10-23 14:42 . 2008-10-23 14:54 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2008-10-23 14:41 . 2008-10-23 14:41 <DIR> d-------- c:\program files\Samsung
2008-10-21 12:48 . 2008-10-21 12:48 <DIR> dr-h----- c:\documents and settings\Nick\Application Data\SecuROM
2008-10-20 12:31 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2008-10-20 12:31 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-10-20 12:31 . 2008-05-30 13:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-10-20 12:31 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2008-10-20 12:31 . 2008-05-30 13:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-10-20 12:31 . 2008-05-30 13:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-10-20 12:31 . 2008-05-30 13:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-10-20 12:30 . 2008-10-20 12:30 <DIR> d-------- c:\windows\Logs
2008-10-19 12:18 . 2008-10-19 12:18 33,019 --a------ c:\windows\system32\CoreAAC-uninstall.exe
2008-10-19 12:10 . 2008-10-19 12:10 244 --ah----- C:\sqmnoopt15.sqm
2008-10-19 12:10 . 2008-10-19 12:10 232 --ah----- C:\sqmdata15.sqm
2008-10-18 22:09 . 2008-10-18 22:09 <DIR> d-------- c:\documents and settings\Nick\Application Data\vlc
2008-10-17 12:51 . 2008-10-17 12:51 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2008-10-16 10:00 . 2008-10-16 10:00 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-16 10:00 . 2008-10-16 10:00 1,409 --a------ c:\windows\QTFont.for
2008-10-15 21:48 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 21:48 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 21:48 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 21:48 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 21:48 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 21:48 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-13 11:58 . 2008-10-14 17:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Codemasters
2008-10-13 11:57 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\d3dx9_37.dll
2008-10-13 11:57 . 2008-03-05 14:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-10-13 11:57 . 2008-04-28 14:53 805,400 -ra------ c:\windows\system32\tmp12C.tmp
2008-10-13 11:57 . 2008-04-28 14:53 805,400 -ra------ c:\windows\system32\tmp12B.tmp
2008-10-13 11:57 . 2008-03-05 15:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-10-13 11:57 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-10-13 11:57 . 2008-03-05 15:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-10-13 11:57 . 2008-03-05 15:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-10-09 18:24 . 2008-10-12 09:41 <DIR> d-------- c:\documents and settings\Nick\Application Data\Orbit
2008-10-09 17:28 . 2008-10-09 17:28 104 --a------ C:\My Computer.lnk
2008-10-07 15:34 . 2008-10-07 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 16:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-07 10:56 --------- d-----w c:\program files\Trend Micro
2008-11-06 20:51 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-30 16:20 --------- d-----w c:\documents and settings\Nick\Application Data\SolidWorks
2008-10-23 20:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-23 20:20 --------- d-----w c:\program files\AGEIA Technologies
2008-10-23 19:31 22,328 -c--a-w c:\documents and settings\Nick\Application Data\PnkBstrK.sys
2008-10-23 19:31 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-23 19:31 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2008-10-23 19:31 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-23 19:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-18 14:37 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-17 12:51 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-16 19:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-13 11:57 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-13 11:57 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-13 11:57 --------- d-----w c:\program files\OpenAL
2008-10-13 09:24 --------- d-----w c:\documents and settings\Nick\Application Data\Azureus
2008-10-11 17:44 --------- d-----w c:\program files\Java
2008-10-09 11:04 --------- d-----w c:\program files\Norton 360
2008-10-06 13:57 --------- d-----w c:\documents and settings\Nick\Application Data\Symantec
2008-10-06 13:40 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-10-06 13:40 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2008-10-06 13:40 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-06 13:40 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-06 13:40 --------- d-----w c:\program files\Symantec
2008-10-05 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-05 14:04 --------- d-----w c:\program files\Kaspersky Lab
2008-10-05 13:31 108,040,938 ----a-w C:\registrybackup.reg
2008-10-05 12:48 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-05 12:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-05 12:18 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2008-10-05 11:24 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2008-10-04 16:33 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-04 16:19 262,144 ----a-w c:\windows\system32\config\systemprofile\NTUSER(2).DAT
2008-10-02 15:05 253,952 ----a-w c:\windows\system32\config\systemprofile\NTUSER(3).DAT
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 -c--a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 -c--a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 -c--a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 -c--a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 -c--a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 -c--a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 -c--a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 -c--a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 -c--a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 -c--a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 07:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-05-07 15:53 784 -c--a-w c:\documents and settings\Nick\Application Data\mpauth.dat
2008-02-27 17:49 73,728 -c--a-w c:\documents and settings\Nick\SetupNI.dll
2006-06-23 06:48 32,768 -c--a-r c:\windows\inf\UpdateUSB.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\barExam ----
2008-10-28 23:47 24576 --a------ c:\program files\barExam\Executor.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"NVIDIA nTune"="d:\apps\Nvidia\nTune\nTuneCmd.exe" [2007-07-03 81920]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="d:\apps\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="d:\apps\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-18 188416]
"CherryKeyMan"="d:\program files\Cherry\KeyMan\KeyMan.exe" [2006-08-02 237620]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Nick\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - d:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Games\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Games\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Games\\Far Cry 2\\bin\\FC2Editor.exe"=
R0 vburner;vburner;c:\windows\system32\DRIVERS\vburner.sys [2008-03-10 15872]
R3 Ch2kUSB;Cherry USB Driver for CDI;c:\windows\system32\drivers\Ch2kUSB.sys [2006-06-29 167566]
R3 Ch2kUSBM;Cherry USB Mouse Driver for CDI;c:\windows\system32\drivers\Ch2kUSBm.sys [2006-04-28 72149]
R3 Cherry Device Interface;Cherry Device Interface;d:\program files\Cherry\CDI\cdi.exe [2006-06-27 573486]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 TunRDriverV32;TunRDriverV32;c:\windows\system32\drivers\TunRDriverV32.sys [2007-07-12 513152]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-07 18:03:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 350 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
Completion time: 2008-11-07 18:04:35
ComboFix-quarantined-files.txt 2008-11-07 18:04:26
ComboFix2.txt 2008-11-07 10:53:42
Pre-Run: 35,031,740,416 bytes free
Post-Run: 35,021,701,120 bytes free
257 --- E O F --- 2008-10-24 19:00:45