Tech Support Forum - View Single Post

Kaninen · 11-10-2008, 07:44 AM

It didn't upload any file

ComboFix 08-11-09.04 - Mattias 2008-11-10 15:35:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.143 [GMT 1:00]
Running from: c:\documents and settings\Mattias\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mattias\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NetMeeting\Winlog.exe
c:\windows\avguard.exe
c:\windows\syscheck
c:\windows\system32\wowformf436_130.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RPCHE
-------\Legacy_WOWSYSTEMCODE
-------\Service_RPCHE
-------\Service_wowsystemcode

((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-09 05:00 . 2008-11-09 05:00 <DIR> d-------- c:\windows\system32\scripting
2008-11-09 05:00 . 2008-11-09 05:00 <DIR> d-------- c:\windows\system32\en
2008-11-09 05:00 . 2008-11-09 05:00 <DIR> d-------- c:\windows\system32\bits
2008-11-09 05:00 . 2008-11-09 05:00 <DIR> d-------- c:\windows\l2schemas
2008-11-09 04:57 . 2008-11-09 05:00 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-07 19:14 . 2004-08-03 22:29 1,897,408 --------- c:\windows\system32\drivers\nv4_mini.sys
2008-11-07 19:13 . 2004-08-03 22:29 327,040 --------- c:\windows\system32\drivers\ati2mtaa.sys
2008-11-06 22:24 . 2008-11-10 01:24 0 --a------ c:\windows\1.ini
2008-11-06 21:19 . 2008-11-06 21:19 <DIR> d-------- C:\Logs
2008-11-06 19:52 . 2008-11-06 19:52 <DIR> d-------- C:\rsit
2008-11-06 19:52 . 2008-11-06 19:52 <DIR> d-------- c:\program files\trend micro
2008-11-06 19:30 . 2008-11-06 19:39 250 --a------ c:\windows\gmer.ini
2008-11-06 19:10 . 2008-11-06 19:10 1,529,241 --a------ C:\SDFix.exe
2008-11-06 18:22 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-06 18:22 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-06 18:20 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-06 18:20 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-06 18:20 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-06 18:20 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-06 18:20 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-06 18:19 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-06 18:19 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-06 18:19 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-06 18:18 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-06 18:18 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-06 18:15 . 2008-11-09 11:57 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-06 18:15 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-06 18:09 . 2008-11-06 18:13 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-06 17:57 . 2008-11-06 17:57 <DIR> d---s---- c:\documents and settings\Mattias\UserData
2008-11-06 14:06 . 2008-11-06 14:06 <DIR> d-------- c:\windows\Eurobattle.net Installer
2008-11-06 13:45 . 2008-11-06 13:59 <DIR> d-------- c:\documents and settings\Mattias\Application Data\Ventrilo
2008-11-06 13:44 . 2008-11-06 13:44 <DIR> d-------- c:\program files\VentriloMIX
2008-11-06 13:43 . 2008-11-06 13:48 139,264 --a------ c:\windows\War3Unin.exe
2008-11-06 13:43 . 2008-11-06 14:03 77,057 --a------ c:\windows\War3Unin.dat
2008-11-06 13:43 . 2008-11-06 13:48 2,829 --a------ c:\windows\War3Unin.pif
2008-11-06 13:41 . 2008-11-06 21:13 <DIR> d-------- c:\program files\Warcraft III
2008-11-06 13:36 . 2008-11-06 13:36 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-06 12:35 . 2008-11-06 12:35 <DIR> d-------- c:\documents and settings\Mattias\Application Data\DAEMON Tools
2008-11-06 12:35 . 2008-11-06 12:35 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-06 12:30 . 2008-11-06 12:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 14:26 --------- d-----w c:\documents and settings\Mattias\Application Data\uTorrent
2008-11-09 10:57 --------- d-----w c:\program files\MSN Messenger
2008-11-08 09:21 --------- d-----w c:\program files\World of Warcraft
2008-11-06 16:30 4,224 ----a-w c:\windows\system32\drivers\beep.sys
2008-11-06 12:44 --------- d-----w c:\program files\VentriloMIX
2008-11-06 11:27 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-06 10:53 --------- d-----w c:\documents and settings\Mattias\Application Data\ATI
2008-11-06 10:53 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-06 10:34 --------- d-----w c:\program files\ATI Technologies
2008-11-06 10:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 10:25 --------- d-----w c:\program files\ESET
2008-11-06 10:25 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-11-06 10:23 --------- d-----w c:\program files\Creative
2008-11-06 10:21 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-06 10:21 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-06 10:21 --------- d-----w c:\documents and settings\Mattias\Application Data\Creative
2008-11-06 10:13 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-06 10:09 --------- d-----w c:\program files\uTorrent
2008-11-06 10:04 --------- d-----w c:\program files\microsoft frontpage
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-21 02:19 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w c:\windows\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w c:\windows\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w c:\windows\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w c:\windows\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w c:\windows\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w c:\windows\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w c:\windows\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w c:\windows\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-08-21 01:17 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-08-21 01:11 561,152 ----a-w c:\windows\system32\ati2cqag.dll
2008-08-20 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-09_23.58.42,57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Google Update"="c:\documents and settings\Mattias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-08 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.4.2-enGB-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
.
Contents of the 'Scheduled Tasks' folder

2008-11-10 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Mattias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 05:53]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 15:39:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-11-10 15:41:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-10 14:41:10
ComboFix2.txt 2008-11-09 22:59:12

Pre-Run: 57*128*710*144 bytes free
Post-Run: 57,883,574,272 bytes free

173 --- E O F --- 2008-11-09 19:16:04

11-10-2008, 07:44 AM	#5 (permalink)
Kaninen Registered User Join Date: Nov 2008 Posts: 9 OS: xp	Re: c:\windows\avguard.exe It didn't upload any file ComboFix 08-11-09.04 - Mattias 2008-11-10 15:35:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.143 [GMT 1:00] Running from: c:\documents and settings\Mattias\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Mattias\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\NetMeeting\Winlog.exe c:\windows\avguard.exe c:\windows\syscheck c:\windows\system32\wowformf436_130.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RPCHE -------\Legacy_WOWSYSTEMCODE -------\Service_RPCHE -------\Service_wowsystemcode ((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))))) . 2008-11-09 05:00 . 2008-11-09 05:00 <DIR> d-------- c:\windows\system32\scripting 2008-11-09 05:00 . 2008-11-09 05:00 <DIR> d-------- c:\windows\system32\en 2008-11-09 05:00 . 2008-11-09 05:00 <DIR> d-------- c:\windows\system32\bits 2008-11-09 05:00 . 2008-11-09 05:00 <DIR> d-------- c:\windows\l2schemas 2008-11-09 04:57 . 2008-11-09 05:00 <DIR> d-------- c:\windows\ServicePackFiles 2008-11-07 19:14 . 2004-08-03 22:29 1,897,408 --------- c:\windows\system32\drivers\nv4_mini.sys 2008-11-07 19:13 . 2004-08-03 22:29 327,040 --------- c:\windows\system32\drivers\ati2mtaa.sys 2008-11-06 22:24 . 2008-11-10 01:24 0 --a------ c:\windows\1.ini 2008-11-06 21:19 . 2008-11-06 21:19 <DIR> d-------- C:\Logs 2008-11-06 19:52 . 2008-11-06 19:52 <DIR> d-------- C:\rsit 2008-11-06 19:52 . 2008-11-06 19:52 <DIR> d-------- c:\program files\trend micro 2008-11-06 19:30 . 2008-11-06 19:39 250 --a------ c:\windows\gmer.ini 2008-11-06 19:10 . 2008-11-06 19:10 1,529,241 --a------ C:\SDFix.exe 2008-11-06 18:22 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys 2008-11-06 18:22 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-06 18:20 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-06 18:20 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-06 18:20 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-06 18:20 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-06 18:20 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-06 18:19 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-06 18:19 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-06 18:19 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-11-06 18:18 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-06 18:18 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-06 18:15 . 2008-11-09 11:57 <DIR> d--h----- c:\windows\$hf_mig$ 2008-11-06 18:15 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe 2008-11-06 18:09 . 2008-11-06 18:13 <DIR> d-------- c:\program files\Windows Live Safety Center 2008-11-06 17:57 . 2008-11-06 17:57 <DIR> d---s---- c:\documents and settings\Mattias\UserData 2008-11-06 14:06 . 2008-11-06 14:06 <DIR> d-------- c:\windows\Eurobattle.net Installer 2008-11-06 13:45 . 2008-11-06 13:59 <DIR> d-------- c:\documents and settings\Mattias\Application Data\Ventrilo 2008-11-06 13:44 . 2008-11-06 13:44 <DIR> d-------- c:\program files\VentriloMIX 2008-11-06 13:43 . 2008-11-06 13:48 139,264 --a------ c:\windows\War3Unin.exe 2008-11-06 13:43 . 2008-11-06 14:03 77,057 --a------ c:\windows\War3Unin.dat 2008-11-06 13:43 . 2008-11-06 13:48 2,829 --a------ c:\windows\War3Unin.pif 2008-11-06 13:41 . 2008-11-06 21:13 <DIR> d-------- c:\program files\Warcraft III 2008-11-06 13:36 . 2008-11-06 13:36 <DIR> d-------- c:\program files\DAEMON Tools Lite 2008-11-06 12:35 . 2008-11-06 12:35 <DIR> d-------- c:\documents and settings\Mattias\Application Data\DAEMON Tools 2008-11-06 12:35 . 2008-11-06 12:35 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-06 12:30 . 2008-11-06 12:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 14:26 --------- d-----w c:\documents and settings\Mattias\Application Data\uTorrent 2008-11-09 10:57 --------- d-----w c:\program files\MSN Messenger 2008-11-08 09:21 --------- d-----w c:\program files\World of Warcraft 2008-11-06 16:30 4,224 ----a-w c:\windows\system32\drivers\beep.sys 2008-11-06 12:44 --------- d-----w c:\program files\VentriloMIX 2008-11-06 11:27 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2008-11-06 10:53 --------- d-----w c:\documents and settings\Mattias\Application Data\ATI 2008-11-06 10:53 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2008-11-06 10:34 --------- d-----w c:\program files\ATI Technologies 2008-11-06 10:26 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-06 10:25 --------- d-----w c:\program files\ESET 2008-11-06 10:25 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2008-11-06 10:23 --------- d-----w c:\program files\Creative 2008-11-06 10:21 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2008-11-06 10:21 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2008-11-06 10:21 --------- d-----w c:\documents and settings\Mattias\Application Data\Creative 2008-11-06 10:13 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-06 10:09 --------- d-----w c:\program files\uTorrent 2008-11-06 10:04 --------- d-----w c:\program files\microsoft frontpage 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-08-21 02:19 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-08-21 02:18 314,880 ----a-w c:\windows\system32\ati2dvag.dll 2008-08-21 02:08 184,320 ----a-w c:\windows\system32\atipdlxx.dll 2008-08-21 02:08 143,360 ----a-w c:\windows\system32\Oemdspif.dll 2008-08-21 02:07 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-08-21 02:07 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-08-21 02:07 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-08-21 02:05 573,440 ----a-w c:\windows\system32\ati2evxx.exe 2008-08-21 02:04 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-08-21 02:01 10,084,352 ----a-w c:\windows\system32\atioglxx.dll 2008-08-21 01:55 4,094,560 ----a-w c:\windows\system32\ati3duag.dll 2008-08-21 01:50 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-08-21 01:38 2,377,856 ----a-w c:\windows\system32\ativvaxx.dll 2008-08-21 01:23 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-08-21 01:19 380,928 ----a-w c:\windows\system32\atikvmag.dll 2008-08-21 01:18 37,376 ----a-w c:\windows\system32\atiadlxx.dll 2008-08-21 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-08-21 01:17 253,952 ----a-w c:\windows\system32\atiok3x2.dll 2008-08-21 01:11 561,152 ----a-w c:\windows\system32\ati2cqag.dll 2008-08-20 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-09_23.58.42,57 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Google Update"="c:\documents and settings\Mattias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-08 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\World of Warcraft\\WoW-2.4.2-enGB-downloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] . Contents of the 'Scheduled Tasks' folder 2008-11-10 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\Mattias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-08 05:53] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-10 15:39:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\wscntfy.exe c:\windows\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-11-10 15:41:17 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-10 14:41:10 ComboFix2.txt 2008-11-09 22:59:12 Pre-Run: 57128710*144 bytes free Post-Run: 57,883,574,272 bytes free 173 --- E O F --- 2008-11-09 19:16:04