ComboFix 07-06-13.3 - C:\Documents and Settings\Carlos Ramos\Desktop\ComboFix.exe
"Carlos Ramos" - 2007-06-17  2:38:02 - Service Pack 2  NTFS  


((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winjcf32.dll 
C:\WINDOWS\system32\wvvwa.bak1 
C:\WINDOWS\system32\wvvwa.bak2 
C:\WINDOWS\system32\wvvwa.ini 
C:\WINDOWS\system32\wvvwa.ini2 
C:\WINDOWS\system32\wvvwa.tmp 
C:\WINDOWS\system32\awvvw.dll 


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((   Files Created from 2007-05-17 to 2007-06-17  )))))))))))))))))))))))))))))))


2007-06-17 02:36	49,152	--a------	C:\WINDOWS\nircmd.exe
2007-06-16 18:08	<DIR>	d--------	C:\DOCUME~1\CARLOS~1\APPLIC~1\LimeWire
2007-06-16 18:07	<DIR>	d--------	C:\Program Files\LimeWire
2007-06-16 14:14	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-16 11:08	163,600	--a------	C:\WINDOWS\system\Wmaudsdk.dll
2007-06-16 03:18	<DIR>	d--------	C:\DOCUME~1\CARLOS~1\.netbeans
2007-06-16 03:04	<DIR>	d--------	C:\Program Files\netbeans-5.5.1
2007-06-16 00:16	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll
2007-06-16 00:04	<DIR>	d--------	C:\Program Files\MSBuild
2007-06-16 00:04	<DIR>	d--------	C:\Program Files\Microsoft Works
2007-06-15 23:53	<DIR>	d--------	C:\WINDOWS\SHELLNEW
2007-06-15 23:51	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-15 23:48	<DIR>	dr-h-----	C:\MSOCache
2007-06-15 23:15	24,643	--a------	C:\WINDOWS\system32\urqonkj.dll
2007-06-15 14:53	<DIR>	d--------	C:\DOCUME~1\CARLOS~1\APPLIC~1\DivX
2007-06-15 14:52	<DIR>	d--------	C:\Program Files\AC3Filter
2007-06-15 14:01	118,520	--a------	C:\WINDOWS\system32\pxinsi64.exe
2007-06-15 14:01	116,472	--a------	C:\WINDOWS\system32\pxcpyi64.exe
2007-06-15 14:01	<DIR>	d--------	C:\Program Files\DivX
2007-06-15 12:13	<DIR>	d--------	C:\DOCUME~1\CARLOS~1\APPLIC~1\Apple Computer
2007-06-15 12:12	<DIR>	d--------	C:\Program Files\iTunes
2007-06-15 12:12	<DIR>	d--------	C:\Program Files\iPod
2007-06-15 12:10	<DIR>	d--------	C:\Program Files\QuickTime
2007-06-15 12:08	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-15 11:21	<DIR>	d--------	C:\DOCUME~1\CARLOS~1\APPLIC~1\WinRAR
2007-06-15 04:21	<DIR>	d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-14 23:31	<DIR>	d--------	C:\WINDOWS\system32\PreInstall
2007-06-14 22:31	9,464	--a------	C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-14 22:31	9,336	--a------	C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-14 22:31	43,528	--a------	C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-14 22:31	129,784	--a------	C:\WINDOWS\system32\pxafs.dll
2007-06-14 22:31	<DIR>	d--------	C:\Program Files\Winamp
2007-06-14 22:24	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
2007-06-14 22:12	<DIR>	d--------	C:\WINDOWS\Prefetch
2007-06-14 22:05	95,424	--a------	C:\WINDOWS\system32\drivers\slnthal.sys
2007-06-14 22:05	937,984	--a------	C:\WINDOWS\system32\winbrand.dll
2007-06-14 22:05	9,216	--a------	C:\WINDOWS\system32\proxycfg.exe
2007-06-14 22:05	88,064	--a------	C:\WINDOWS\system32\p2pnetsh.dll
2007-06-14 22:05	870,784	--a------	C:\WINDOWS\system32\ati3d1ag.dll
2007-06-14 22:05	86,016	--a------	C:\WINDOWS\system32\p2pgasvc.dll
2007-06-14 22:05	86,016	--a------	C:\WINDOWS\system32\mdmxsdk.dll
2007-06-14 22:05	81,408	--a------	C:\WINDOWS\system32\wscsvc.dll
2007-06-14 22:05	8,192	--a------	C:\WINDOWS\system32\smbinst.exe
2007-06-14 22:05	78,464	--a------	C:\WINDOWS\system32\drivers\usbvideo.sys
2007-06-14 22:05	78,336	--a------	C:\WINDOWS\system32\ieencode.dll
2007-06-14 22:05	75,776	--a------	C:\WINDOWS\system32\strmfilt.dll
2007-06-14 22:05	73,832	--a------	C:\WINDOWS\system32\slcoinst.dll
2007-06-14 22:05	73,796	--a------	C:\WINDOWS\system32\slserv.exe
2007-06-14 22:05	73,216	--a------	C:\WINDOWS\system32\drivers\atintuxx.sys
2007-06-14 22:05	71,680	--a------	C:\WINDOWS\system32\blastcln.exe
2007-06-14 22:05	701,440	--a------	C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-14 22:05	7,680	--a------	C:\WINDOWS\system32\kbdsmsno.dll
2007-06-14 22:05	7,680	--a------	C:\WINDOWS\system32\kbdsmsfi.dll
2007-06-14 22:05	7,168	--a------	C:\WINDOWS\system32\kbdukx.dll
2007-06-14 22:05	7,168	--a------	C:\WINDOWS\system32\kbdno1.dll
2007-06-14 22:05	7,168	--a------	C:\WINDOWS\system32\kbdfi1.dll
2007-06-14 22:05	7,168	--a------	C:\WINDOWS\system32\hccoin.dll
2007-06-14 22:05	685,056	--a------	C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-06-14 22:05	67,584	--a------	C:\WINDOWS\system32\drivers\sdbus.sys
2007-06-14 22:05	63,663	--a------	C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-06-14 22:05	63,488	--a------	C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-06-14 22:05	60,416	--a------	C:\WINDOWS\system32\fwcfg.dll
2007-06-14 22:05	6,656	--a------	C:\WINDOWS\system32\kbdinmal.dll
2007-06-14 22:05	6,656	--a------	C:\WINDOWS\system32\kbdinben.dll
2007-06-14 22:05	6,144	--a------	C:\WINDOWS\system32\kbdmlt48.dll
2007-06-14 22:05	6,144	--a------	C:\WINDOWS\system32\kbdmlt47.dll
2007-06-14 22:05	6,144	--a------	C:\WINDOWS\system32\kbdinbe1.dll
2007-06-14 22:05	6,016	--a------	C:\WINDOWS\system32\drivers\smbali.sys
2007-06-14 22:05	59,648	--a------	C:\WINDOWS\system32\drivers\rfcomm.sys
2007-06-14 22:05	59,392	--a------	C:\WINDOWS\system32\logman.exe
2007-06-14 22:05	57,856	--a------	C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-06-14 22:05	56,623	--a------	C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-06-14 22:05	526,848	--a------	C:\WINDOWS\system32\p2psvc.dll
2007-06-14 22:05	52,224	--a------	C:\WINDOWS\system32\mspmsnsv.dll
2007-06-14 22:05	52,224	--a------	C:\WINDOWS\system32\drivers\atinraxx.sys
2007-06-14 22:05	516,768	--a------	C:\WINDOWS\system32\ativvaxx.dll
2007-06-14 22:05	50,688	--a------	C:\WINDOWS\system32\btpanui.dll
2007-06-14 22:05	50,176	--a------	C:\WINDOWS\system32\xmlprovi.dll
2007-06-14 22:05	5,632	--a------	C:\WINDOWS\system32\kbdmaori.dll
2007-06-14 22:05	49,152	--a------	C:\WINDOWS\system32\powercfg.exe
2007-06-14 22:05	48,640	--a------	C:\WINDOWS\system32\pnrpnsp.dll
2007-06-14 22:05	46,464	--a------	C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-06-14 22:05	452,736	--a------	C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-06-14 22:05	44,928	--a------	C:\WINDOWS\system32\drivers\agpcpq.sys
2007-06-14 22:05	44,672	--a------	C:\WINDOWS\system32\drivers\uagp35.sys
2007-06-14 22:05	44,032	--a------	C:\WINDOWS\system32\twext.dll
2007-06-14 22:05	43,008	--a------	C:\WINDOWS\system32\drivers\amdagp.sys
2007-06-14 22:05	42,752	--a------	C:\WINDOWS\system32\drivers\alim1541.sys
2007-06-14 22:05	42,240	--a------	C:\WINDOWS\system32\drivers\viaagp.sys
2007-06-14 22:05	41,088	--a------	C:\WINDOWS\system32\drivers\sisagp.sys
2007-06-14 22:05	404,990	--a------	C:\WINDOWS\system32\drivers\slntamr.sys
2007-06-14 22:05	4,255	--a------	C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-06-14 22:05	4,096	--a------	C:\WINDOWS\system32\dsprpres.dll
2007-06-14 22:05	397,056	--a------	C:\WINDOWS\system32\s3gnb.dll
2007-06-14 22:05	38,016	--a------	C:\WINDOWS\system32\drivers\bthmodem.sys
2007-06-14 22:05	377,984	--a------	C:\WINDOWS\system32\ati2dvaa.dll
2007-06-14 22:05	37,376	--a------	C:\WINDOWS\system32\drivers\amdk7.sys
2007-06-14 22:05	36,463	--a------	C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-06-14 22:05	36,096	--a------	C:\WINDOWS\system32\drivers\intelppm.sys
2007-06-14 22:05	35,456	--a------	C:\WINDOWS\system32\drivers\bthprint.sys


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-25 14:21:15	144,896	----a-w	C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34	73,728	----a-w	C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34	196,608	----a-w	C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33	53,248	----a-w	C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31	593,920	----a-w	C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31	57,344	----a-w	C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31	344,064	----a-w	C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31	294,912	----a-w	C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31	294,912	----a-w	C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47	12,288	----a-w	C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46	124,472	----a-w	C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23	2,854,400	----a-w	C:\WINDOWS\system32\msi.dll
2007-04-13 19:19:52	7,680	----a-w	C:\WINDOWS\system32\lsdelete.exe
2007-03-17 13:43:01	292,864	----a-w	C:\WINDOWS\system32\winsrv.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}=C:\WINDOWS\system32\urqonkj.dll [2007-06-15 23:15]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-06-24 17:32 C:\WINDOWS\system32\nwiz.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"NWEReboot"="" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 14:51]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="C:\WINDOWS\system32\urqonkj.dll" [2007-06-15 23:15]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonkj]
urqonkj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 02:46:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-17  2:50:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-17 02:50

	--- E O F ---