ComboFix 07-08-30.3 - "Administrator" 2007-09-01 16:47:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.609 [GMT 10:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\Casino.ico C:\WINDOWS\Free Online Dating.ico C:\WINDOWS\install.exe C:\WINDOWS\Spyware Remover.ico C:\WINDOWS\system32\ddcbyay.dll C:\WINDOWS\system32\kmllm.bak1 C:\WINDOWS\system32\kmllm.bak2 C:\WINDOWS\system32\kmllm.ini C:\WINDOWS\system32\mllmk.dll C:\WINDOWS\system32\pctrmham.exe C:\WINDOWS\system32\qmopt.dll C:\WINDOWS\system32\vturqqp.dll C:\WINDOWS\system32\winhab32.dll C:\WINDOWS\system32\xpvtxwce.exe C:\WINDOWS\xpupdate.exe C:\windows\xpupdate.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService -------\lanmandrv ((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 ))))))))))))))))))))))))))))))) 2007-09-01 16:48 43,542 --a------ C:\WINDOWS\system32\nnnljgf.dll 2007-09-01 16:48 1,117,085 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\Install.dat 2007-09-01 16:48 d-------- C:\Program Files\Magicantispy 2007-09-01 16:47 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-09-01 16:34 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll 2007-09-01 16:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-08-31 23:01 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-08-31 23:01 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-08-31 23:01 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-08-31 23:01 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-08-31 23:01 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-08-31 23:01 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-31 23:01 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-08-31 22:24 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink 2007-08-31 22:23 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2007-08-31 22:23 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2007-08-31 22:23 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll 2007-08-31 21:51 d--hs---- C:\$RECYCLE.BIN 2007-08-31 21:23 d-------- C:\Program Files\Windows Media Connect 2 2007-08-31 21:21 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Thinstall 2007-08-31 21:21 d-------- C:\0a7a4dfc6631c7bd9198e4 2007-08-31 21:20 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-08-31 21:20 d-------- C:\WINDOWS\system32\LogFiles 2007-08-31 21:20 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-08-31 21:04 737,358 --a------ C:\DOCUME~1\ADMINI~1\EasyBCD 1.6.exe 2007-08-31 20:50 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM 2007-08-31 20:08 d-------- C:\Program Files\Launchy 2007-08-31 20:08 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Launchy 2007-08-31 20:01 77,824 -ra------ C:\WINDOWS\system32\TvRate.dll 2007-08-31 20:01 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-08-31 20:01 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-08-31 20:01 49,152 --a------ C:\WINDOWS\system32\Macrovision.dll 2007-08-31 20:01 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll 2007-08-31 20:01 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll 2007-08-31 20:01 3,072 -ra------ C:\WINDOWS\system32\34CoInstaller.dll 2007-08-31 20:01 11,776 --a--c--- C:\WINDOWS\system32\dllcache\bdasup.sys 2007-08-31 20:01 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys 2007-08-31 18:13 d-------- C:\Program Files\Alwil Software 2007-08-30 19:28 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Registry Booster 2007-08-30 19:27 d-------- C:\Program Files\Steam 2007-08-30 19:19 d-------- C:\DOCUME~1\ADMINI~1\Contacts 2007-08-30 19:18 d-------- C:\Program Files\MSN Messenger 2007-08-30 19:01 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR 2007-08-30 18:49 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-08-30 18:46 606,848 --a------ C:\WINDOWS\flashax.exe 2007-08-30 18:46 12,288 --a------ C:\WINDOWS\impborl.dll 2007-08-30 18:44 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys 2007-08-30 18:44 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys 2007-08-30 18:44 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys 2007-08-30 18:44 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll 2007-08-30 18:44 d-------- C:\Program Files\ASUS 2007-08-30 18:28 15,360 --a------ C:\WINDOWS\system32\drvbacr.dll 2007-08-30 18:26 1,156 --a------ C:\WINDOWS\mozver.dat 2007-08-30 18:21 d-------- C:\Program Files\TrackMania Nations ESWC 2007-08-30 18:19 d-------- C:\Program Files\Ray Adams 2007-08-30 18:19 d-------- C:\Program Files\Microsoft IntelliType Pro 2007-08-30 18:19 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\atitray 2007-08-30 18:11 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe 2007-08-30 18:11 d-------- C:\ATI 2007-08-30 18:04 0 --a------ C:\WINDOWS\nsreg.dat 2007-08-30 18:04 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Thunderbird 2007-08-30 18:02 55,808 -ra------ C:\WINDOWS\system32\EtCoInst.dll 2007-08-30 18:02 19,456 -ra------ C:\WINDOWS\system32\IntelNic.dll 2007-08-30 18:02 176,128 -ra------ C:\WINDOWS\system32\drivers\e1000325.sys 2007-08-30 18:02 163,840 -ra------ C:\WINDOWS\system32\e1000msg.dll 2007-08-30 18:02 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe 2007-08-30 17:56 991,232 --a------ C:\WINDOWS\system32\virtear.dll 2007-08-30 17:56 765,952 --------- C:\WINDOWS\system\crlds3d.dll 2007-08-30 17:56 65,536 --a------ C:\WINDOWS\system32\Audio3d.dll 2007-08-30 17:56 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe 2007-08-30 17:56 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe 2007-08-30 17:56 221,376 --a------ C:\WINDOWS\system32\drivers\smwdm.sys 2007-08-30 17:56 d-------- C:\WINDOWS\VirtualEar 2007-08-30 17:56 d-------- C:\Program Files\Analog Devices 2007-08-30 17:55 30,976 -ra------ C:\WINDOWS\system32\drivers\SiSRaid2.sys 2007-08-30 17:55 135,168 -ra------ C:\WINDOWS\system32\property.dll 2007-08-30 17:55 d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer 2007-08-30 17:54 d----c--- C:\WINDOWS\system32\DRVSTORE 2007-08-30 17:54 d-------- C:\Program Files\QuickTime 2007-08-30 17:54 d-------- C:\Program Files\iTunes 2007-08-30 17:54 d-------- C:\Program Files\iPod 2007-08-30 17:54 d-------- C:\Program Files\Common Files\Apple 2007-08-30 17:54 d-------- C:\Program Files\Apple Software Update 2007-08-30 17:54 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-08-30 17:53 d-------- C:\Program Files\Mozilla Thunderbird 2007-08-30 17:53 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer 2007-08-30 17:34 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-30 17:27 d-------- C:\Program Files\Ubisoft 2007-08-30 17:26 d-------- C:\Program Files\Common Files\InstallShield 2007-08-30 17:14 d-------- C:\Program Files\Empire Interactive 2007-08-30 17:11 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2007-08-30 17:10 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-08-30 09:09 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-08-30 09:08 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-08-30 09:07 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-08-30 09:07 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-08-30 09:06 dr------- C:\DOCUME~1\ALLUSE~1\Documents 2007-08-30 09:04 d-------- C:\WINDOWS\system32\CatRoot2 2007-08-30 09:04 d-------- C:\WINDOWS\system32\CatRoot 2007-08-30 08:14 d-------- C:\Program Files\microsoft frontpage (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-30 19:10 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 18:51] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 08:03] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00] "AtiTrayTools"="C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 19:04] "Steam"="" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys R1 atitray;atitray;\??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-01 16:52:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-01 16:53:29 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-01 16:53 --- E O F ---