ComboFix 09-06-25.01 - Me 06/25/2009 17:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1582 [GMT -7:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Me\Start Menu\A360
c:\documents and settings\Me\Start Menu\A360\A360.lnk
c:\documents and settings\Me\Start Menu\A360\Help.lnk
c:\documents and settings\Me\Start Menu\A360\Registration.lnk
c:\program files\Common Files\System\Uninstall
c:\program files\Common Files\System\Uninstall\Uninstall A360.lnk
c:\program files\IEToolbar
c:\program files\IEToolbar\Ant.com Toolbar\ant.dll
c:\program files\IEToolbar\Ant.com Toolbar\AntPlugin.dll
c:\windows\kb913800.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.
2009-06-20 07:50 . 2009-06-20 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-20 07:50 . 2009-06-20 08:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-19 01:54 . 2009-06-19 01:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-19 01:50 . 2001-08-18 05:36 119296 ----a-w- c:\windows\system32\dllcache\camext30.dll
2009-06-19 01:49 . 2001-08-17 19:13 37568 ----a-w- c:\windows\system32\dllcache\avmwan.sys
2009-06-19 01:48 . 2004-08-04 05:29 56623 ----a-w- c:\windows\system32\dllcache\ati1btxx.sys
2009-06-19 01:47 . 2004-08-10 10:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2009-06-16 23:44 . 2005-12-19 16:08 667648 ----a-w- c:\windows\system32\BCMLogon.dll
2009-06-16 23:44 . 2005-12-19 16:08 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll
2009-06-16 23:44 . 2005-12-19 16:08 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS
2009-06-16 23:44 . 2005-12-19 16:08 253952 ----a-w- c:\windows\system32\bcmwlu00.exe
2009-06-16 23:44 . 2005-12-19 16:08 1200128 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2009-06-16 23:43 . 2005-12-19 16:08 86016 ----a-w- c:\windows\system32\preflib.dll
2009-06-16 23:43 . 2005-12-19 16:08 44032 ----a-w- c:\windows\system32\wltrynt.dll
2009-06-16 23:43 . 2005-12-19 16:08 2129920 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL
2009-06-16 23:43 . 2005-12-19 16:08 18944 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2009-06-16 23:43 . 2005-12-19 16:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE
2009-06-16 23:43 . 2005-12-19 16:08 757760 ----a-w- c:\windows\system32\bcm1xsup.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 06:25 . 2009-01-14 08:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-24 05:56 . 2007-04-13 20:35 -------- d-----w- c:\documents and settings\Me\Application Data\dvdcss
2009-06-20 19:35 . 2006-08-23 20:03 -------- d-----w- c:\documents and settings\Me\Application Data\ATI
2009-06-20 19:35 . 2006-08-17 22:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-06-20 19:34 . 2008-09-26 07:39 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-06-20 19:32 . 2006-08-17 21:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 19:29 . 2006-11-15 23:12 -------- d-----w- c:\program files\BitComet
2009-06-20 19:06 . 2007-09-29 16:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-16 23:44 . 2006-08-17 21:55 -------- d-----w- c:\program files\Dell
2009-06-02 05:15 . 2008-09-26 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Cyberlink
2009-05-29 04:32 . 2006-08-23 20:06 -------- d-----w- c:\program files\Dl_cats
2009-05-07 15:44 . 2005-08-16 09:18 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-08-16 09:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-20 06:23 . 2006-09-21 00:23 56 --sh--r- c:\windows\system32\996CE12773.sys
2009-04-20 06:23 . 2006-08-24 04:51 5486 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-17 09:58 . 2005-08-16 09:18 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2005-08-16 09:18 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2007-09-23 07:13 . 2007-09-23 07:15 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-12-06 04:33 . 2006-12-06 04:33 251 ----a-w- c:\program files\wt3d.ini
2006-12-17 19:50 . 2006-08-24 04:51 88 --sh--r- c:\windows\system32\7327E16C99.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-07 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22516:TCP"= 22516:TCP:BitComet 22516 TCP
"22516:UDP"= 22516:UDP:BitComet 22516 UDP
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4D494B45-4D49-4D49-4D49-4D494B454D49}]
"c:\windows\Cursors\lsass.exe" /s
.
Contents of the 'Scheduled Tasks' folder
2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]
2009-06-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-19 02:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1203105751&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search - ?p=ZUzeb004YYCA_ZZzer000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunApp.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-06-25 17:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1598283739-452893982-683752979-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-06-26 17:23
ComboFix-quarantined-files.txt 2009-06-26 00:23
Pre-Run: 39,105,552,384 bytes free
Post-Run: 39,870,218,240 bytes free
155 --- E O F --- 2009-06-19 01:54