Logfile of HijackThis v1.99.1 Scan saved at 09:42:38, on 2008-01-03 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Windows Defender\MsMpEng.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\ehome\ehtray.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe D:\Program Files\Eset\nod32kui.exe D:\Program Files\Windows Defender\MSASCui.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe D:\WINDOWS\eHome\ehRecvr.exe D:\WINDOWS\eHome\ehSched.exe D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\system32\PnkBstrA.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\dllhost.exe D:\WINDOWS\eHome\ehmsas.exe D:\Documents and Settings\Maciek Dabrowski\Desktop\cmtu10017\cmtutool.exe D:\Documents and Settings\Maciek Dabrowski\Desktop\cmtu10017\cmtutool.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe D:\DOCUME~1\MACIEK~1\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [ehTray] D:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189113839359 O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{96399477-0ACC-4A41-B13C-8F9954F54F8C}: NameServer = 192.168.48.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Instinct Drivers Auto Removal (pr2ae5eb) (pr2ae5eb) - Noviy Disk - D:\WINDOWS\system32\pr2ae5eb.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [b]Combofix [/b] ((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))) . 2008-01-02 23:50 . 2008-01-03 00:16 d-------- D:\Program Files\Rigs of Rods 0.33d 2008-01-02 23:50 . 2007-10-12 15:14 3,734,536 --a------ D:\WINDOWS\system32\d3dx9_36.dll 2008-01-02 23:50 . 2007-10-12 15:14 1,374,232 --a------ D:\WINDOWS\system32\D3DCompiler_36.dll 2008-01-02 23:50 . 2007-10-02 09:56 444,776 --a------ D:\WINDOWS\system32\d3dx10_36.dll 2008-01-02 23:50 . 2007-10-22 03:39 267,272 --a------ D:\WINDOWS\system32\xactengine2_10.dll 2008-01-02 23:48 . 2008-01-02 23:50 d--h----- D:\WINDOWS\msdownld.tmp 2008-01-02 22:04 . 2004-01-08 02:43 253,952 --a------ D:\WINDOWS\system32\histogram.ocx 2008-01-02 22:04 . 2004-01-09 11:54 188,416 --a------ D:\WINDOWS\system32\actsplash.ocx 2008-01-02 22:04 . 2000-07-15 00:00 118,784 --a------ D:\WINDOWS\system32\MSSTDFMT.DLL 2008-01-02 21:09 . 2008-01-02 21:09 d-------- D:\WINDOWS\SxsCaPendDel 2008-01-02 20:25 . 2008-01-02 20:25 d-------- D:\Documents and Settings\Maciek Dabrowski\Application Data\Kerio 2008-01-02 20:13 . 2008-01-02 20:13 d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-02 12:02 . 2008-01-02 12:02 d-------- D:\Program Files\Yahoo! 2008-01-02 12:02 . 2008-01-02 12:02 d-------- D:\Program Files\CCleaner 2008-01-01 23:33 . 2008-01-01 23:33 d-------- D:\Documents and Settings\Maciek Dabrowski\Application Data\InstallShield 2008-01-01 23:01 . 2008-01-01 23:01 244 --ah----- D:\sqmnoopt01.sqm 2008-01-01 23:01 . 2008-01-01 23:01 232 --ah----- D:\sqmdata01.sqm 2008-01-01 22:55 . 2008-01-01 22:58 3,507,513 --a------ D:\craig_david_-_hot_stuff.mp3 2007-12-31 21:51 . 2007-12-31 21:51 d-------- D:\Program Files\MarBit 2007-12-31 14:22 . 2007-12-31 14:21 737,280 --a------ D:\WINDOWS\iun6002.exe 2007-12-30 20:00 . 2007-12-30 20:00 568,554 --a------ D:\to_teraz_lece_ekspresem.jpg 2007-12-29 16:12 . 2007-12-29 16:12 d-------- D:\Program Files\Bus Driver 2007-12-27 13:29 . 2007-12-27 13:29 332 --a------ D:\WINDOWS\desctemp.dat 2007-12-20 18:15 . 2007-12-20 18:15 1,198,557 --a------ D:\WINDOWS\system32\Object Browser For Trainz ScreenSaver.scr 2007-12-16 14:50 . 2007-12-16 14:50 d-------- D:\Program Files\Windows Media Connect 2 2007-12-16 14:47 . 2007-12-22 19:09 d-------- D:\WINDOWS\system32\drivers\UMDF 2007-12-16 14:46 . 2007-12-16 14:47 d-------- D:\e3216ae2aa77139ce379600b 2007-12-14 23:22 . 2007-12-14 23:28 d-------- D:\Documents and Settings\Maciek Dabrowski\Application Data\GetRightToGo 2007-12-13 17:14 . 2007-12-05 14:17 593,920 --------- D:\WINDOWS\system32\ati2sgag.exe 2007-12-13 17:12 . 2007-12-13 17:12 10 --a------ D:\WINDOWS\WININIT.INI 2007-12-13 16:43 . 2007-12-13 16:53 d-------- D:\fles gete 2007-12-13 16:42 . 2008-01-01 19:53 d-------- D:\Program Files\FlashGet 2007-12-13 16:42 . 2006-04-20 12:51 359,808 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.flg 2007-12-13 16:00 . 2008-01-02 20:54 d-------- D:\Documents and Settings\All Users\Application Data\RFA_Backups 2007-12-13 15:59 . 2007-12-13 16:00 d-------- D:\Program Files\RFA 2007-12-11 20:33 . 2007-12-11 20:33 d-------- D:\Program Files\YouTube Video Downloader 2007-12-10 09:14 . 2007-12-10 09:14 0 --a------ D:\WINDOWS\ativpsrm.bin 2007-12-09 22:50 . 2006-03-21 04:23 23,040 --------- D:\WINDOWS\kb913800.exe 2007-12-09 22:18 . 2007-12-09 22:18 d-------- D:\Program Files\Windows Defender 2007-12-09 22:06 . 2008-01-02 21:09 d-------- D:\WINDOWS\system32\XPSViewer 2007-12-09 22:05 . 2007-12-09 22:05 d-------- D:\Program Files\Reference Assemblies 2007-12-09 22:04 . 2007-12-09 22:04 d-------- D:\Program Files\MSXML 6.0 2007-12-09 22:04 . 2007-12-09 22:04 d-------- D:\ee344117599e396f62a91356604e3d 2007-12-09 22:04 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll 2007-12-09 22:00 . 2006-01-11 01:48 46,592 --------- D:\WINDOWS\system32\drivers\irbus.sys 2007-12-09 22:00 . 2006-01-11 01:48 19,200 --------- D:\WINDOWS\system32\drivers\hidir.sys 2007-12-09 21:40 . 2006-11-13 07:02 288,768 --------- D:\WINDOWS\system32\rhttpaa.dll 2007-12-09 21:40 . 2006-11-13 07:02 116,736 --------- D:\WINDOWS\system32\aaclient.dll 2007-12-09 21:40 . 2006-11-13 07:02 36,352 --------- D:\WINDOWS\system32\tsgqec.dll 2007-12-08 12:15 . 2007-12-08 12:15 d-------- D:\Program Files\Common Files\PCSuite 2007-12-08 12:14 . 2007-12-08 12:14 d-------- D:\Program Files\PC Connectivity Solution 2007-12-08 12:14 . 2007-02-22 10:15 137,216 --a------ D:\WINDOWS\system32\drivers\nmwcd.sys 2007-12-08 12:14 . 2007-02-22 10:15 65,536 --a------ D:\WINDOWS\system32\nmwcdcocls.dll 2007-12-08 12:14 . 2007-02-22 10:15 12,288 --a------ D:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-12-08 12:14 . 2007-02-22 10:15 12,288 --a------ D:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-12-08 12:14 . 2007-02-22 10:15 8,320 --a------ D:\WINDOWS\system32\drivers\nmwcdc.sys 2007-12-07 21:17 . 2007-12-07 21:17 d-------- D:\Program Files\MSXML 4.0 2007-12-07 20:35 . 2008-01-03 09:11 d-------- D:\WINDOWS\system32\CatRoot2 2007-12-07 16:45 . 2007-12-07 16:45 d-------- D:\Program Files\Windows Resource Kits 2007-12-07 12:02 . 2007-12-07 12:02 65,024 --a------ D:\WINDOWS\system32\drivers\kvpndrv.sys 2007-12-07 00:14 . 2008-01-01 23:38 d-------- D:\direx 2007-12-06 23:35 . 2007-12-06 23:35 d-------- D:\Program Files\MSECache 2007-12-05 18:19 . 2007-12-05 18:19 d-------- D:\Documents and Settings\NetworkService\Application Data\Xfire 2007-12-04 23:09 . 2007-12-16 14:50 85 --a------ D:\WINDOWS\win.ini 2007-12-04 23:08 . 2005-11-30 21:20 2,314,332 --a------ D:\WINDOWS\system32\LIBMMD.DLL 2007-12-04 23:08 . 2000-05-21 22:00 647,872 --a------ D:\WINDOWS\system32\mscomct2.ocx 2007-12-04 23:08 . 2000-05-22 16:58 608,448 --a------ D:\WINDOWS\system32\comctl32.ocx 2007-12-04 23:08 . 2000-05-22 15:58 115,920 --a------ D:\WINDOWS\system32\msinet.ocx 2007-12-04 20:00 . 2007-12-04 20:00 d-------- D:\Documents and Settings\Maciek Dabrowski\.thumbnails . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-03 08:24 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-03 08:24 107,832 ----a-w D:\WINDOWS\system32\PnkBstrB.exe 2008-01-03 08:17 --------- d-----w D:\Program Files\English Translator 3 2008-01-02 19:39 12,432 ----a-w D:\WINDOWS\system32\drivers\kwflower.log 2008-01-02 19:35 5,202 ----a-w D:\WINDOWS\system32\drivers\kwfupper.log 2008-01-01 23:31 --------- d-----w D:\Program Files\WarRock 2008-01-01 22:34 --------- d--h--w D:\Program Files\InstallShield Installation Information 2007-12-31 20:41 --------- d-----w D:\Program Files\NAPI-PROJEKT 2007-12-29 10:47 --------- d-----w D:\Program Files\Common Files\Symantec Shared 2007-12-28 14:00 --------- d-----w D:\Program Files\Norton Security Scan 2007-12-26 11:18 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\Skype 2007-12-23 08:00 --------- d-----w D:\Program Files\Xfire 2007-12-22 20:14 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\Xfire 2007-12-22 18:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\PC Suite 2007-12-18 08:04 --------- d-----w D:\Program Files\Auran 2007-12-13 16:35 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\ATI 2007-12-13 15:18 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP 2007-12-11 11:16 --------- d-----w D:\Program Files\Winamp 2007-12-08 11:16 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\Nokia 2007-12-08 11:15 --------- d-----w D:\Program Files\Common Files\Nokia 2007-12-08 11:14 --------- d-----w D:\Program Files\Nokia 2007-12-08 11:13 --------- d-----w D:\Documents and Settings\All Users\Application Data\Installations 2007-12-08 10:47 --------- d-----w D:\Program Files\Lonely Cat Games 2007-12-05 19:38 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\gtk-2.0 2007-12-05 05:26 2,782,208 ----a-w D:\WINDOWS\system32\drivers\ati2mtag.sys 2007-12-05 03:05 368,640 ----a-w D:\WINDOWS\system32\ATIDEMGX.dll 2007-12-05 03:04 269,312 ----a-w D:\WINDOWS\system32\ati2dvag.dll 2007-12-05 02:56 147,456 ----a-w D:\WINDOWS\system32\atipdlxx.dll 2007-12-05 02:55 43,520 ----a-w D:\WINDOWS\system32\ati2edxx.dll 2007-12-05 02:55 26,112 ----a-w D:\WINDOWS\system32\Ati2mdxx.exe 2007-12-05 02:55 122,880 ----a-w D:\WINDOWS\system32\Oemdspif.dll 2007-12-05 02:55 122,880 ----a-w D:\WINDOWS\system32\ati2evxx.dll 2007-12-05 02:54 307,200 ----a-w D:\WINDOWS\system32\atiiiexx.dll 2007-12-05 02:53 53,248 ----a-w D:\WINDOWS\system32\ATIDDC.DLL 2007-12-05 02:53 495,616 ----a-w D:\WINDOWS\system32\ati2evxx.exe 2007-12-05 02:48 9,535,488 ----a-w D:\WINDOWS\system32\atioglx2.dll 2007-12-05 02:44 3,175,584 ----a-w D:\WINDOWS\system32\ati3duag.dll 2007-12-05 02:33 1,640,192 ----a-w D:\WINDOWS\system32\ativvaxx.dll 2007-12-05 02:19 5,435,392 ----a-w D:\WINDOWS\system32\atioglxx.dll 2007-12-05 02:19 385,024 ----a-w D:\WINDOWS\system32\atikvmag.dll 2007-12-05 02:17 17,408 ----a-w D:\WINDOWS\system32\atitvo32.dll 2007-12-05 02:16 49,152 ----a-w D:\WINDOWS\system32\drivers\ati2erec.dll 2007-12-05 02:14 180,224 ----a-w D:\WINDOWS\system32\atiok3x2.dll 2007-12-05 02:11 499,712 ----a-w D:\WINDOWS\system32\ati2cqag.dll 2007-12-02 08:22 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\Grisoft 2007-12-01 15:12 --------- d-----w D:\Documents and Settings\All Users\Application Data\MailFrontier 2007-12-01 15:09 512,096 ----a-w D:\WINDOWS\system32\drivers\amon.sys 2007-12-01 15:09 298,104 ----a-w D:\WINDOWS\system32\imon.dll 2007-12-01 15:09 15,424 ----a-w D:\WINDOWS\system32\drivers\nod32drv.sys 2007-12-01 14:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-11-29 22:24 --------- d-----w D:\Program Files\Firefly Studios 2007-11-27 21:32 --------- d-----w D:\Program Files\ATI Technologies 2007-11-24 20:06 --------- d-----w D:\Program Files\eMule 2007-11-22 10:58 --------- d-----w D:\Program Files\Ares 2007-11-21 21:36 --------- d-----w D:\Program Files\MoorHunt 2007-11-20 10:59 --------- d-----w D:\Program Files\WinUHA 2007-11-19 21:05 --------- d-----w D:\Program Files\HyperSnap 6 2007-11-18 20:21 --------- d-----w D:\Program Files\Auto Send Message 2007-11-18 16:50 --------- d-----w D:\Documents and Settings\Maciek Dabrowski\Application Data\PC Suite 2007-11-18 07:46 --------- d-----w D:\Program Files\Counter-Strike 2007-11-16 16:47 66,872 ----a-w D:\WINDOWS\system32\PnkBstrA.exe 2007-11-16 16:33 22,328 ----a-w D:\Documents and Settings\Maciek Dabrowski\Application Data\PnkBstrK.sys 2007-11-16 15:10 --------- d-----w D:\Program Files\Activision 2007-11-15 18:06 --------- d-----w D:\Program Files\The Witcher 2007-11-13 18:28 --------- d-----w D:\Program Files\Sony Ericsson 2007-11-13 17:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth 2007-11-13 17:07 --------- d-----w D:\Program Files\IVT Corporation 2007-11-13 17:00 --------- d-----w D:\Program Files\EA GAMES 2007-11-13 16:59 --------- d-----w D:\Program Files\USB all-in-one game controller 2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2007-11-12 19:20 --------- d-----w D:\Program Files\Red Orchestra 2007-11-11 09:10 --------- d-----w D:\Documents and Settings\All Users\Application Data\Downloaded Installations 2007-11-11 09:09 --------- d-----w D:\Program Files\DIFX 2007-11-11 09:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nokia 2007-11-10 09:58 --------- d-----w D:\Program Files\Gothic III 2007-11-09 15:10 86,016 ----a-w D:\WINDOWS\system32\OpenAL32.dll 2007-11-09 15:10 413,696 ----a-w D:\WINDOWS\system32\wrap_oal.dll 2007-11-09 15:04 --------- d-----w D:\Program Files\Bohemia Interactive 2007-11-08 11:16 --------- d-----w D:\Program Files\MC2 2007-11-06 08:20 831,048 ----a-w D:\WINDOWS\system32\WudfUpdate_01005.dll 2007-11-04 11:27 --------- d-----w D:\Program Files\Image-Line 2007-10-29 22:35 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll 2007-10-29 14:17 23,786,395 ----a-w D:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_29_15_15_48_full.dmp.zip 2007-10-27 16:40 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll 2007-10-27 08:35 72,748 ----a-w D:\WINDOWS\unins000.exe 2007-10-24 00:47 96,760 ----a-w D:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 ----a-w D:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 ----a-w D:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 ----a-w D:\WINDOWS\system32\mscorier.dll 2007-10-22 02:37 17,928 ----a-w D:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-21 08:52 107,888 ----a-w D:\WINDOWS\system32\CmdLineExt.dll 2007-10-21 08:47 674,600 ----a-w D:\WINDOWS\system32\pbsvc.exe 2007-10-19 20:32 53,855,419 ----a-w D:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_19_09_28_31_full.dmp.zip 2007-10-19 20:32 53,851,687 ----a-w D:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_19_09_28_45_full.dmp.zip 2007-10-19 20:30 53,855,073 ----a-w D:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_19_09_28_18_full.dmp.zip 2007-10-09 21:26 648,568 ----a-w D:\WINDOWS\system32\SpoonUninstall.exe 2007-10-09 12:03 779,800 ----a-w D:\WINDOWS\system32\PresentationNative_v0300.dll 2007-10-09 12:03 73,752 ----a-w D:\WINDOWS\system32\dxva2.dll 2007-10-09 12:03 493,080 ----a-w D:\WINDOWS\system32\evr.dll 2007-10-09 12:03 350,744 ----a-w D:\WINDOWS\system32\PresentationHost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\PROGRA~1\GADU-G~1\gg.exe" [2007-07-09 08:39 2119104] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-15 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="D:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512] "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 09:22 577536 D:\WINDOWS\soundman.exe] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-12-01 16:09 949376] "Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 13:00 15360] "Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= D:\WINDOWS\Resources\Themes\Royale.theme "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST – pasek zadań.lnk] backup=D:\WINDOWS\pss\ATI CATALYST – pasek zadań.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\IVT BlueSoleil\BlueSoleil.lnk backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Maciek Dabrowski^Start Menu^Programs^Startup^GM_DevUpdate.lnk] backup=D:\WINDOWS\pss\GM_DevUpdate.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ D:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "Ati HotKey Poller"=2 (0x2) R0 pe3ae5eb;Instinct Environment Driver (pe3ae5eb);D:\WINDOWS\system32\drivers\pe3ae5eb.sys [2007-07-18 11:06] R0 ps6ae5eb;Instinct Synchronization Driver (ps6ae5eb);D:\WINDOWS\system32\drivers\ps6ae5eb.sys [2007-07-18 11:06] R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38] R0 VirtualK;VirtaulK;D:\WINDOWS\system32\drivers\VirtualK.sys [2003-11-27 18:48] R0 xfilt;VIA SATA IDE Hot-plug Driver;D:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;D:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 11:24] R3 skbusenum;SKBus Enumerator;D:\WINDOWS\system32\DRIVERS\skbusenum.sys [2004-12-16 11:20] S2 pr2ae5eb;Instinct Drivers Auto Removal (pr2ae5eb);D:\WINDOWS\system32\pr2ae5eb.exe svc [] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;D:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2004-03-31 19:03] S3 kvpndev;Kerio VPN adapter;D:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2007-12-07 12:02] S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;D:\WINDOWS\system32\DRIVERS\kwflower.sys [] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);D:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50] . Contents of the 'Scheduled Tasks' folder "2008-01-03 08:34:40 D:\WINDOWS\Tasks\MP Scheduled Scan.job" - D:\Program Files\Windows Defender\MpCmdRun.exe "2007-12-28 15:24:16 D:\WINDOWS\Tasks\Norton Security Scan.job" - D:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-03 09:49:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> D:\Program Files\Eset\pr_imon.dll . Completion time: 2008-01-03 9:50:16 D:\qoobox\ComboFix-quarantined-files.txt 2008-01-03 08:50:13 D:\qoobox\ComboFix2.txt 2008-01-01 19:31:31 D:\qoobox\ComboFix3.txt 2007-12-01 19:10:52 D:\qoobox\ComboFix4.txt 2007-12-01 19:02:37 D:\qoobox\ComboFix5.txt 2007-11-29 19:13:25 . 2007-12-29 08:38:54 --- E O F ---