ComboFix 10-03-23.04 - Administrator 03/23/2010 18:20:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.363 [GMT 0:00]
Running from: c:\documents and settings\Administrator.EXPERIEN-4B3693\My Documents\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\Recycle Bin
c:\windows\system32\msssc.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.
2010-03-23 20:26 . 2010-03-23 20:26 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Local Settings\Application Data\Identities
2010-03-23 18:29 . 2008-03-20 19:38 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-03-23 18:29 . 2008-03-20 19:38 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-03-23 18:29 . 2008-03-20 19:38 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-03-23 18:29 . 2008-03-20 19:38 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-03-23 18:29 . 2008-03-20 18:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-03-23 18:29 . 2008-03-20 19:38 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-03-23 18:29 . 2008-03-20 20:07 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-03-23 18:29 . 2008-03-20 20:09 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-03-23 18:11 . 2010-03-23 18:11 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft
2010-03-23 18:11 . 2010-03-23 18:11 -------- d-----w- c:\windows\system32\dllcache
2010-03-23 18:09 . 2010-03-23 18:09 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS\DRM
2010-03-23 18:09 . 2010-03-23 19:08 -------- d-s---w- c:\windows\Downloaded Program Files
2010-03-23 18:07 . 2008-05-03 12:00 274944 ----a-w- c:\windows\system32\mstask.dll
2010-03-23 18:07 . 2008-05-03 12:00 192512 ----a-w- c:\windows\system32\schedsvc.dll
2010-03-23 18:07 . 2008-05-03 12:00 12288 ----a-w- c:\windows\system32\mstinit.exe
2010-03-23 18:07 . 2008-05-03 12:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-03-23 18:07 . 2008-05-03 12:00 73728 ----a-w- c:\windows\system32\icwdial.dll
2010-03-23 18:07 . 2008-05-03 12:00 65536 ----a-w- c:\windows\system32\icwphbk.dll
2010-03-23 18:07 . 2008-05-03 12:00 274432 ----a-w- c:\windows\system32\inetcfg.dll
2010-03-23 18:07 . 2010-03-23 18:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-23 18:05 . 2008-05-03 12:00 58880 ----a-w- c:\windows\system32\licwmi.dll
2010-03-23 18:05 . 2008-05-03 12:00 56320 ----a-w- c:\windows\system32\servdeps.dll
2010-03-23 18:05 . 2008-05-03 12:00 185344 ----a-w- c:\windows\system32\cmprops.dll
2010-03-23 18:05 . 2008-05-03 12:00 17408 ----a-w- c:\windows\system32\mmfutil.dll
2010-03-23 18:05 . 2008-05-03 12:00 1358848 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2010-03-23 18:05 . 2008-03-21 01:37 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-03-23 18:05 . 2008-03-20 19:25 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2010-03-23 18:04 . 2008-03-20 19:32 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-03-23 18:04 . 2008-03-20 19:39 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-03-23 18:04 . 2008-03-20 19:40 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-03-23 18:04 . 2008-03-20 19:39 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-03-23 18:04 . 2008-03-20 19:32 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-03-23 18:04 . 2008-03-20 19:39 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-03-23 18:04 . 2008-03-20 19:40 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-03-23 18:04 . 2008-03-20 19:32 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-03-23 18:04 . 2008-03-20 19:39 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-03-23 18:04 . 2008-03-20 19:32 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-03-23 18:04 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-03-23 18:03 . 2008-03-21 01:36 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-23 18:03 . 2008-03-21 01:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-03-23 18:03 . 2003-10-21 03:20 104960 ----a-w- c:\windows\system32\drivers\atinrvxx.sys
2010-03-23 18:03 . 2003-10-21 03:18 32768 ----a-w- c:\windows\system32\ativtmxx.dll
2010-03-23 18:03 . 2003-10-21 03:23 13824 ----a-w- c:\windows\system32\drivers\atinmdxx.sys
2010-03-23 18:03 . 2008-03-20 19:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-03-23 18:02 . 2003-12-02 13:44 865472 ----a-w- c:\windows\system32\ati3d1ag.dll
2010-03-23 18:02 . 2001-08-17 12:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2010-03-23 18:02 . 2008-03-21 01:36 74240 ----a-w- c:\windows\system32\usbui.dll
2010-03-23 17:59 . 2008-05-03 12:00 7168 ----a-r- c:\windows\system32\kbdcz.dll
2010-03-23 17:58 . 2003-07-02 02:42 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2010-03-23 17:58 . 2010-03-23 18:18 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2010-03-23 17:58 . 2010-03-23 18:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2010-03-21 22:55 . 2010-03-21 22:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2010-03-21 21:55 . 2010-03-21 21:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
2010-03-21 20:39 . 2010-03-21 20:39 -------- d-sha-r- c:\program files\cmdcons
2010-03-21 18:17 . 2010-03-21 18:23 -------- d-----w- c:\program files\Winamp
2010-03-21 16:58 . 2010-03-21 16:58 -------- d-----w- c:\program files\CCleaner
2010-03-21 16:29 . 2010-03-21 16:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2010-03-21 16:24 . 2010-03-21 16:24 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-21 16:24 . 2010-03-21 16:24 -------- d-----w- c:\program files\Ahead
2010-03-21 15:20 . 2010-03-21 15:20 -------- d-----w- c:\program files\Kaspersky Lab
2010-03-21 14:27 . 2010-03-21 14:27 -------- d-----w- c:\windows\system32\xircom
2010-03-21 14:27 . 2010-03-21 14:27 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-21 14:27 . 2010-03-21 14:27 -------- d-----w- c:\program files\microsoft frontpage
2010-03-21 13:04 . 2010-03-21 13:04 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-03-21 13:04 . 2010-03-21 13:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI
2010-03-21 13:04 . 2010-03-21 13:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2010-03-21 13:04 . 2010-03-21 13:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-03-21 13:01 . 2010-03-23 19:27 -------- d-----w- c:\windows\system32\URTTemp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 19:43 . 2010-03-21 12:59 -------- d-----w- c:\program files\ATI Technologies
2010-03-23 19:42 . 2010-03-23 18:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-23 19:33 . 2010-03-23 19:33 13664 ----a-w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-23 19:32 . 2010-03-23 19:32 152 ----a-w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Local Settings\Application Data\fusioncache.dat
2010-03-23 19:32 . 2010-03-23 19:32 -------- d-----w- c:\documents and settings\Administrator.EXPERIEN-4B3693\Application Data\ATI
2010-03-23 18:10 . 2010-03-23 18:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-21 13:02 . 2010-03-21 12:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 12:48 . 2010-03-21 12:48 -------- d-----w- c:\program files\Analog Devices
2010-03-21 12:31 . 2010-03-21 12:31 -------- d-----w- c:\program files\Windows Media Connect 2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-05-03 99840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"StartMenuFavorites"= 0 (0x0)
"Start_ShowMyComputer"= 1 (0x1)
"Start_ShowMyDocs"= 1 (0x1)
"Start_ShowMyMusic"= 0 (0x0)
"Start_ShowRun"= 1 (0x1)
"Start_ShowSearch"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SR
*NewlyCreated* - SRSERVICE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-03-23 18:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-23 18:26:28
ComboFix-quarantined-files.txt 2010-03-23 18:26
ComboFix2.txt 2010-03-21 20:58
Pre-Run: 77,794,349,056 bytes free
Post-Run: 77,846,781,952 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 7D4EE0D002EA14832A1205E9AB435321