+ 2009-06-28 19:52 . 2003-09-04 02:33 2052096 c:\windows\system32\spool\drivers\w32x86\3\LXBRPRPR.DLL
+ 2009-06-28 19:52 . 2003-09-04 02:32 4661248 c:\windows\system32\spool\drivers\w32x86\3\LXBRLPAR.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:35 1175552 c:\windows\system32\spool\drivers\w32x86\3\LXBRCLR4.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:35 3543040 c:\windows\system32\spool\drivers\w32x86\3\LXBRCLR3.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:35 3543040 c:\windows\system32\spool\drivers\w32x86\3\LXBRCLR2.DLL
+ 2009-06-28 19:52 . 2003-09-02 09:35 3543040 c:\windows\system32\spool\drivers\w32x86\3\LXBRCLR1.DLL
+ 2009-09-27 04:17 . 2009-08-29 00:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2009-09-27 04:17 . 2009-08-29 00:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2010-03-10 15:11 . 2010-03-10 15:11 1602048 c:\windows\Installer\e874c09.msi
+ 2008-12-25 18:31 . 2008-12-25 18:31 1295360 c:\windows\Installer\88665.msi
+ 2009-09-27 04:19 . 2009-09-27 04:19 4405248 c:\windows\Installer\6bcb0f0.msi
+ 2009-09-27 04:18 . 2009-09-27 04:18 1659392 c:\windows\Installer\6bcb0ec.msi
+ 2009-09-27 04:18 . 2009-09-27 04:18 9013760 c:\windows\Installer\6bcb0e5.msi
+ 2009-09-27 04:18 . 2009-09-27 04:18 1549312 c:\windows\Installer\6bcaf46.msi
+ 2009-09-27 04:17 . 2009-09-27 04:17 3310592 c:\windows\Installer\6bcaf3f.msi
+ 2008-11-29 04:16 . 2008-11-29 04:16 6068224 c:\windows\Installer\2142898.msi
+ 2008-11-29 04:14 . 2008-11-29 04:14 1067520 c:\windows\Installer\214288c.msi
+ 2008-11-29 04:14 . 2008-11-29 04:14 3504640 c:\windows\Installer\2142877.msi
+ 2008-11-29 04:13 . 2008-11-29 04:13 3317248 c:\windows\Installer\2142870.msi
+ 2008-11-29 04:12 . 2008-11-29 04:12 3815936 c:\windows\Installer\2142862.msi
+ 2008-12-21 23:11 . 2008-12-21 23:11 1880576 c:\windows\Installer\1392e2cc.msi
+ 2009-01-29 19:04 . 2009-01-29 19:04 1479168 c:\windows\Installer\106df676.msi
+ 2002-12-12 01:39 . 2002-12-12 01:39 10995712 c:\windows\Installer\WMEncoder.msi
+ 2010-04-11 23:43 . 2010-04-11 23:43 26143744 c:\windows\Installer\29eb9a23.msi
+ 2008-11-29 05:54 . 2008-11-29 05:54 15044608 c:\windows\Installer\1b5d4d.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-17 24095528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 17421824]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"StandardKeyboard"="KBDaemonA.exe" [2004-11-26 57344]
"Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 106496]
"LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-27 202256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 99840]
"_nltide_3"="advpack.dll" [2004-08-04 99840]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-12-18 12451]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.sys
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svqxbwiw]
2010-05-02 15:46 259328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\gbsoehvmc\qvvxteutssd.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/22/2009 3:21 PM 24652]
R3 KBNTXP;Standard PS/2 Multi-Keyboard Filter Driver for WinXp;c:\windows\system32\drivers\KBNTXP.sys [3/30/2009 9:01 AM 7296]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
helpsvc
wuauserv
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
Contents of the 'Scheduled Tasks' folder
2010-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-343818398-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
2010-05-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-343818398-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e9n3ee1n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-FrostWire - c:\documents and settings\Administrator\Desktop\FrostWire\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-05-03 15:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-03 15:52:49
ComboFix-quarantined-files.txt 2010-05-03 20:52
ComboFix2.txt 2009-06-05 21:26
ComboFix3.txt 2009-01-16 20:24
Pre-Run: 283,829,268,480 bytes free
Post-Run: 283,815,247,872 bytes free
- - End Of File - - 520DDC2D3F2005826C7BF4D5D94CAFAE