ComboFix 09-08-07.09 - April 08/08/2009 22:13.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1527 [GMT -5:00]
Running from: c:\documents and settings\April\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\kb913800.exe
c:\windows\system32\drivers\UACjevjbqplhh.sys
c:\windows\system32\UACbaqjkwbard.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjltenlwfgk.dll
c:\windows\system32\UACkbqxugppvl.dll
c:\windows\system32\UACmqkbaxmasq.dll
c:\windows\system32\UACmqwidulrup.db
c:\windows\system32\UACnvclyxmobo.dat
c:\windows\system32\UACylkmxfmqtt.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.
2009-08-06 02:17 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 02:17 . 2009-08-08 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-06 02:17 . 2009-08-06 02:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-06 02:17 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 23:47 . 2009-08-05 23:47 -------- d-----w- c:\program files\Trend Micro
2009-08-05 07:13 . 2009-08-05 07:13 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-05 04:21 . 2009-08-05 04:30 -------- d-----w- c:\documents and settings\April\.housecall6.6
2009-08-05 03:37 . 2009-08-05 03:37 -------- d-----w- c:\documents and settings\April\Application Data\Logs
2009-08-05 03:36 . 2009-08-05 14:02 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\14480464
2009-07-15 17:08 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-15 17:08 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-07-15 17:06 . 2009-07-15 17:10 256 ----a-w- c:\windows\system32\pool.bin
2009-07-15 17:06 . 2009-07-15 17:06 -------- d-----w- c:\documents and settings\April\Application Data\Research In Motion
2009-07-15 16:34 . 2009-07-15 16:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Roxio
2009-07-15 16:28 . 2007-01-18 15:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-07-15 16:27 . 2009-07-15 16:27 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-15 16:26 . 2009-07-15 16:26 -------- d-----w- c:\program files\Research In Motion
2009-07-15 16:16 . 2009-07-15 16:16 -------- d-sh--w- c:\windows\ftpcache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 04:06 . 2006-12-14 11:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-07 04:04 . 2008-10-06 15:22 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
2009-08-07 04:04 . 2007-03-31 22:14 -------- d-----w- c:\documents and settings\April\Application Data\Symantec
2009-08-06 03:53 . 2007-01-04 02:47 16060 ----a-w- c:\documents and settings\April\Application Data\wklnhst.dat
2009-08-06 02:12 . 2009-06-28 18:37 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 23:15 . 2008-09-20 17:28 -------- d-----w- c:\program files\DivX
2009-07-31 16:26 . 2009-03-01 18:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-16 16:19 . 2006-12-26 16:22 -------- d-----w- c:\documents and settings\Barrett\Application Data\InstallShield
2009-07-15 17:03 . 2006-12-14 11:06 103624 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 17:02 . 2006-12-23 16:32 -------- d-----w- c:\documents and settings\April\Application Data\InstallShield
2009-07-15 16:37 . 2006-12-14 11:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sonic
2009-07-15 16:35 . 2006-12-14 11:18 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-07-15 16:35 . 2006-12-14 11:17 -------- d-----w- c:\program files\Roxio
2009-07-08 13:04 . 2007-02-03 19:54 -------- d-----w- c:\program files\NoAdware5.0
2009-07-06 01:16 . 2009-07-06 01:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-06 01:06 . 2009-07-06 01:05 -------- d-----w- c:\program files\QuickTime
2009-07-06 01:02 . 2007-05-22 01:14 -------- d-----w- c:\program files\Apple Software Update
2009-06-29 16:12 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-08-16 10:18 17408 ------w- c:\windows\system32\corpol.dll
2009-06-28 18:37 . 2009-06-28 18:37 -------- d-----w- c:\program files\Avira
2009-06-28 18:37 . 2009-06-28 18:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-06-16 14:36 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 22:55 . 2006-12-14 11:11 -------- d-----w- c:\program files\Microsoft Works
2009-06-03 19:09 . 2005-08-16 10:18 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 23:33 . 2006-12-30 16:56 9394 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-11-19 22:50 . 2007-11-19 22:50 7193538 -c--a-w- c:\program files\Dell.zip
2007-01-04 01:06 . 2007-01-04 01:06 251 -c--a-w- c:\program files\wt3d.ini
2007-06-01 04:45 . 2007-03-30 11:33 56 -csh--r- c:\windows\system32\993332DCBF.sys
2009-04-08 04:06 . 2006-12-30 16:56 168 --sh--r- c:\windows\system32\BFDC323399.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-23 1032192]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]
c:\documents and settings\April\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-10-7 21504]
c:\documents and settings\Brian\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-10-7 21504]
c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-14 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/28/2009 1:37 PM 108289]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [6/22/2007 3:39 PM 29522]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page =
hxxp://www.rr.com/flash/index.cfmuInternet Connection Wizard,ShellNext =
hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214uInternet Settings,ProxyOverride = *.local
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} -
hxxp://www.facebook.com/controls/contactx.dllDPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} -
hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-08 22:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-08-09 22:23
ComboFix-quarantined-files.txt 2009-08-09 03:23
Pre-Run: 84,997,828,608 bytes free
Post-Run: 85,064,331,264 bytes free
Current=1 Default=1 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
161 --- E O F --- 2009-07-31 14:49