ComboFix 12-04-20.03 - Ja 20/04/2012 17:54:58.1.1 - x86 Running from: c:\documents and settings\Ja\My Documents\Downloads\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\SET14EB.tmp c:\windows\system32\SET2D2.tmp c:\windows\system32\SET2DE.tmp c:\windows\system32\SET2E0.tmp . . ((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 ))))))))))))))))))))))))))))))) . . 2012-04-18 17:01 . 2012-04-18 17:05 -------- d-----w- C:\dff33730f482484d164b1a2d1a0ae71b 2012-04-18 16:20 . 2012-04-20 07:03 90112 ----a-w- c:\windows\DUMP6c75.tmp 2012-04-18 16:20 . 2012-04-19 18:53 90112 ----a-w- c:\windows\DUMP5275.tmp 2012-04-18 16:20 . 2012-04-19 14:42 90112 ----a-w- c:\windows\DUMP8155.tmp 2012-04-17 06:37 . 2012-04-17 06:37 -------- d-----w- C:\windows@system 2012-04-16 20:11 . 2012-04-19 15:17 -------- d-----w- C:\Poker 2012-04-15 12:14 . 2012-04-15 12:15 -------- dc-h--w- c:\windows\ie8 2012-04-15 12:00 . 2012-04-15 12:00 -------- d-----w- C:\temp 2012-04-15 11:58 . 2012-04-15 11:58 -------- d-----w- c:\windows\tiinst 2012-04-15 11:57 . 2012-04-15 11:57 -------- d-----w- c:\windows\Motorola 2012-04-15 11:57 . 2005-07-06 03:47 69632 ----a-w- c:\windows\sm56spn.dll 2012-04-15 11:57 . 2005-07-06 03:47 69632 ----a-w- c:\windows\sm56itl.dll 2012-04-15 11:57 . 2005-07-06 03:47 69632 ----a-w- c:\windows\sm56eng.dll 2012-04-15 11:57 . 2005-07-06 03:47 69632 ----a-w- c:\windows\sm56brz.dll 2012-04-15 11:57 . 2005-07-06 03:47 61440 ----a-w- c:\windows\sm56ger.dll 2012-04-15 11:57 . 2005-07-06 03:47 61440 ----a-w- c:\windows\sm56fra.dll 2012-04-15 11:57 . 2005-07-06 03:47 544768 ----a-w- c:\windows\sm56hlpr.exe 2012-04-15 11:57 . 2005-07-06 03:47 53248 ----a-w- c:\windows\sm56jpn.dll 2012-04-15 11:57 . 2005-07-06 03:47 49152 ----a-w- c:\windows\sm56cht.dll 2012-04-15 11:57 . 2005-07-06 03:47 49152 ----a-w- c:\windows\sm56chs.dll 2012-04-14 19:50 . 2012-04-14 19:50 -------- d-----w- c:\windows\l2schemas 2012-04-14 19:41 . 2012-04-14 19:41 -------- d-----w- c:\windows\EHome 2012-04-12 07:58 . 2012-04-12 07:58 -------- d-----w- C:\found.000 2012-04-11 19:16 . 2012-04-11 19:16 -------- d-----w- c:\windows\Sun 2012-04-11 18:42 . 2012-04-14 19:48 -------- d-----w- c:\windows\ServicePackFiles . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-28 18:50 . 2004-09-29 18:47 667136 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 18:50 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2012-02-28 13:50 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec 2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Error !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-22 344064] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824] "SMSERIAL"="sm56hlpr.exe" [2005-07-06 544768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank TCP: DhcpNameServer = 62.179.1.62 62.179.1.63 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-20 17:58 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(632) c:\windows\system32\Ati2evxx.dll . Completion time: 2012-04-20 17:59:32 ComboFix-quarantined-files.txt 2012-04-20 16:59 . Pre-Run: 32,656,257,024 bytes free Post-Run: 32,647,630,848 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - A63FF518CEE8EBCCA86A130193CF3700