ComboFix 08-01-18.5 - marysia 2008-01-19 17:12:20.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.99 [GMT 1:00]
Running from: C:\Documents and Settings\marysia\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\SysPr.prx

.
(((((((((((((((((((((((((   Files Created from 2007-12-19 to 2008-01-19  )))))))))))))))))))))))))))))))
.

2008-01-19 17:11 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-19 15:01 . 2007-12-04 14:04	837,496	--a------	C:\WINDOWS\system32\aswBoot.exe
2008-01-19 15:01 . 2004-01-09 11:13	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2008-01-19 15:01 . 2007-12-04 13:54	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2008-01-19 15:01 . 2007-12-04 15:55	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-19 15:01 . 2007-12-04 15:56	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-19 15:01 . 2007-12-04 15:51	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-19 15:01 . 2007-12-04 15:49	26,624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-19 15:01 . 2007-12-04 15:53	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-13 22:27 . 2007-03-08 00:51	129,784	---------	C:\WINDOWS\system32\pxafs.dll
2008-01-07 02:45 . 2008-01-19 16:48	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-07 02:45 . 2008-01-07 02:45	1,409	--a------	C:\WINDOWS\QTFont.for
2007-12-29 23:45 . 2007-12-29 23:45	126,568	--a------	C:\WINDOWS\system32\_BLOCK.WB4
2007-12-29 23:45 . 2008-01-18 23:01	274	--a------	C:\WINDOWS\system32\_PersonalityVert2.WB4
2007-12-29 23:45 . 2008-01-18 23:01	274	--a------	C:\WINDOWS\system32\_PersonalityVert1.WB4
2007-12-29 23:13 . 2007-12-29 23:13	<DIR>	d--------	C:\Program Files\Stardock
2007-12-29 21:30 . 2007-12-29 21:30	2,560	--a------	C:\WINDOWS\_MSRSTRT.EXE
2007-12-29 21:14 . 2007-12-29 23:27	72	--a------	C:\WINDOWS\WB.ini
2007-12-27 16:35 . 2007-12-27 16:35	<DIR>	d--------	C:\Program Files\The Last.fm Toolshed
2007-12-24 23:38 . 2001-10-26 16:57	12,160	--a------	C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-24 23:38 . 2001-10-26 16:57	12,160	--a--c---	C:\WINDOWS\system32\dllcache\mouhid.sys
2007-12-24 23:38 . 2001-08-17 22:02	9,600	--a------	C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-24 23:38 . 2001-08-17 22:02	9,600	--a--c---	C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-23 15:21 . 2008-01-19 16:31	<DIR>	d--------	C:\Documents and Settings\marysia\Dane aplikacji\MegauploadToolbar

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 05:42	---------	d-----w	C:\Documents and Settings\marysia\Dane aplikacji\foobar2000
2008-01-18 21:49	---------	d-----w	C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-01-18 21:25	---------	d-----w	C:\Documents and Settings\Admin\Dane aplikacji\Winamp
2008-01-18 15:40	---------	d-----w	C:\Documents and Settings\marysia\Dane aplikacji\Teleca
2008-01-18 10:51	---------	d-----w	C:\Documents and Settings\marysia\Dane aplikacji\Tlen.pl
2008-01-18 00:53	---------	d-----w	C:\Documents and Settings\marysia\Dane aplikacji\Skype
2008-01-16 07:00	---------	d-----w	C:\Documents and Settings\marysia\Dane aplikacji\Winamp
2008-01-15 23:25	---------	d-----w	C:\Documents and Settings\marysia\Dane aplikacji\Azureus
2008-01-13 21:30	---------	d-----w	C:\Program Files\Winamp
2008-01-08 21:55	---------	d-----w	C:\Documents and Settings\Admin\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-01-04 06:32	---------	d-----w	C:\Program Files\Last.fm
2008-01-03 21:00	---------	d-----w	C:\Program Files\DC++
2007-12-29 19:34	---------	d-----w	C:\Program Files\foobar2000
2007-12-24 14:46	---------	d-----w	C:\Program Files\The GodFather
2007-12-23 14:21	---------	d-----w	C:\Program Files\MegauploadToolbar
2007-12-22 13:48	---------	d-----w	C:\Program Files\Java
2007-12-12 16:04	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-12-10 13:43	---------	d-----w	C:\Program Files\Last.fm Fingerprinter
2007-12-03 17:54	---------	d-----w	C:\Program Files\MSXML 4.0
2007-12-02 13:52	---------	d-----w	C:\Documents and Settings\Admin\Dane aplikacji\Teleca
2007-12-02 13:51	---------	d-----w	C:\Documents and Settings\Admin\Dane aplikacji\Sony Ericsson
2007-11-30 18:34	---------	d-----w	C:\Program Files\Sony
2007-11-30 18:06	---------	d-----w	C:\Program Files\Common Files\Teleca Shared
2007-11-30 18:04	---------	d-----w	C:\Program Files\Common Files\Sony Ericsson Shared
2007-11-30 18:04	---------	d-----w	C:\Documents and Settings\marysia\Dane aplikacji\Sony Ericsson
2007-11-30 18:04	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2007-11-30 18:04	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-11-30 18:03	---------	d-----w	C:\Program Files\Sony Ericsson
2007-11-29 00:52	---------	d-----w	C:\Program Files\Intermedia Design
2007-11-29 00:52	---------	d-----w	C:\Documents and Settings\marysia\Dane aplikacji\Intermedia Design
2007-11-29 00:52	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Intermedia Design
2007-11-29 00:52	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Data
2007-11-28 18:38	---------	d-----w	C:\Documents and Settings\marysia\Dane aplikacji\Mp3tag
2007-11-28 18:37	---------	d-----w	C:\Program Files\Mp3tag
2007-11-25 13:44	---------	d-----w	C:\Program Files\NAPI-PROJEKT
2007-11-22 11:18	---------	d-----w	C:\Program Files\Easy CD-DA Extractor 6
2007-11-20 13:37	---------	d-----w	C:\Program Files\Tlen.pl
2007-11-07 09:29	723,968	----a-w	C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01	227,328	----a-w	C:\WINDOWS\system32\wmasf.dll
2004-10-01 14:00	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 18:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Resume copy"="copyfstq.exe" [2006-05-31 15:24 73728 C:\WINDOWS\copyfstq.exe]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-07 22:04 185896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03 75128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-30 11:49:09]

C:\Documents and Settings\marysia\Menu Start\Programy\Autostart\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-30 11:49:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 21:16 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ScsiAccess"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MDM"=2 (0x2)

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 15:51]
S3 rockusb;Driver for rockusb Device;C:\WINDOWS\system32\DRIVERS\rockusb.sys [2006-03-22 18:57]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]

*Newly Created Service* - PROCEXP90 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 17:17:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-01-19 17:18:15
ComboFix-quarantined-files.txt  2008-01-19 16:17:59
.
2008-01-10 00:41:23	--- E O F ---