ComboFix 08-10-29.07 - Dad 2008-10-29 13:47:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1397 [GMT -4:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\tempzor
C:\WINDOWS\system32\bllkeuep.dll
C:\WINDOWS\system32\bnrxggkt.ini
C:\WINDOWS\system32\cdrldcfc.ini
C:\WINDOWS\system32\cfcdlrdc.dll
C:\WINDOWS\system32\ebodkfap.dll
C:\WINDOWS\system32\ehqneiut.dll
C:\WINDOWS\system32\iktkawvm.dll
C:\WINDOWS\system32\ixnjtx.dll
C:\WINDOWS\system32\laqnhget.exe
C:\WINDOWS\system32\mgfbkz.dll
C:\WINDOWS\system32\mkxyxu.dll
C:\WINDOWS\system32\mnWvCcdd.ini
C:\WINDOWS\system32\mnWvCcdd.ini2
C:\WINDOWS\system32\pqugsjvm.ini
C:\WINDOWS\system32\pwhwjaup.ini
C:\WINDOWS\system32\rCcKkUvw.ini
C:\WINDOWS\system32\rCcKkUvw.ini2
C:\WINDOWS\system32\snyxvppv.ini
C:\WINDOWS\system32\tdpdzw.dll
C:\WINDOWS\system32\uzdgqg.dll
C:\WINDOWS\system32\vxbnlgdq.dll
C:\WINDOWS\system32\wbysep.dll
C:\WINDOWS\system32\wvUkKcCr.dll
C:\WINDOWS\system32\xcxlricc.ini
C:\WINDOWS\system32\ychsbkau.dll
C:\WINDOWS\system32\yedunhmb.dll
C:\WINDOWS\system32\zgfadk.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.
2008-10-29 11:41 . 2008-10-29 11:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-16 11:20 . 2008-10-16 11:20 121 --ahs---- C:\WINDOWS\system32\ueffiasc.ini
2008-10-15 11:20 . 2008-10-15 11:20 120 --ahs---- C:\WINDOWS\system32\ibqdswae.ini
2008-10-15 11:00 . 2008-10-19 20:11 153 --a------ C:\WINDOWS\wininit.ini
2008-10-15 02:05 . 2008-10-15 02:05 29,696 --a------ C:\WINDOWS\system32\opnlMcbx.dll
2008-10-15 02:05 . 2008-10-15 02:05 29,696 --a------ C:\WINDOWS\system32\jkkIXOfD.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 03:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-20 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-05 23:55 --------- d-----w C:\Program Files\Picasa2
2008-09-28 05:55 --------- d-----w C:\Program Files\America Online 9.0b
2008-09-12 12:00 --------- d-----w C:\Program Files\McAfee
2008-09-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-12 03:40 --------- d-----w C:\Program Files\Lavasoft
2008-09-12 03:40 --------- d-----w C:\Documents and Settings\Dad\Application Data\Lavasoft
2008-09-12 03:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-12 03:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-11 21:18 --------- d-----w C:\Documents and Settings\Dad\Application Data\HouseCall 6.6
2008-09-06 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-11-10 00:35 22,328 ----a-w C:\Documents and Settings\Dad\Application Data\PnkBstrK.sys
2006-05-30 22:09 1 ----a-w C:\Documents and Settings\Pete\SI.bin
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 50,776 2005-07-12 05:17:42 C:\Program Files\America Online 9.0b\bak\AOL.EXE
----a-w 339,968 2004-07-14 02:10:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1142944241\ee\bak\AOLSoftware.exe
----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1142944241\ee\AOLSoftware.exe
----a-w 153,168 2006-11-20 20:42:15 C:\Program Files\Common Files\AOL\1142944241\ee\bak\SSCRun.exe
----a-r 71,216 2006-10-23 12:50:37 C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe
----a-w 65,536 2003-05-01 23:44:50 C:\Program Files\Common Files\Roxio Shared\System\bak\EngUtil.exe
----a-w 53,248 2005-02-23 20:19:56 C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe
----a-w 241,664 2004-05-12 20:18:56 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe
----a-w 324 2008-02-21 06:30:36 C:\Program Files\HP\hpcoretech\bak\data\EvntData-1007428232.xml
----a-w 20,480 2007-01-08 16:22:46 C:\Program Files\McAfee\MBK\bak\LogOnHook.exe
----a-w 20,480 2007-01-08 16:22:46 C:\Program Files\McAfee\MBK\LogonHook.exe
----a-w 4,838,952 2007-01-16 18:59:50 C:\Program Files\McAfee\MBK\bak\McAfeeDataBackup.exe
----a-w 4,838,952 2007-01-16 18:59:50 C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
----a-w 401,491 2004-02-03 21:42:54 C:\Program Files\Microsoft ActiveSync\bak\WCESCOMM.EXE
----a-w 99,480 2004-04-05 21:33:54 C:\Program Files\Pure Networks\Port Magic\bak\bak\PortAOL.exe
----a-w 99,480 2004-04-05 21:33:54 C:\Program Files\Pure Networks\Port Magic\bak\bak\PortAOL.exe
----a-w 282,624 2007-04-27 13:41:54 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 03:37:20 C:\Program Files\QuickTime\QTTask.exe
----a-w 319,488 2003-07-15 17:36:50 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\bak\RxMon.exe
----a-w 868,352 2003-10-21 15:43:12 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\bak\DrgToDsc.exe
----a-w 292,152 2007-09-23 17:30:24 C:\Program Files\WinPatrol\bak\winpatrol.exe
----a-w 64,512 2005-08-05 18:56:34 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-05 18:56:34 C:\WINDOWS\ehome\ehtray.exe
----a-w 15,360 2004-08-10 11:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 11:00:00 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86E7AEDE-F36B-4CCC-8F97-50923DB32982}]
2008-10-15 02:05 29696 --a------ C:\WINDOWS\system32\jkkIXOfD.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DD4658C-27E2-422C-90DD-C93BF0015DA5}]
2008-10-29 14:03 313344 --a------ C:\WINDOWS\system32\jkkhiIcY.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d3f70ce6-888e-4115-9924-ba0d44acad0e}]
2008-10-29 14:05 123904 --a------ C:\WINDOWS\system32\wmxcms.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.EXE" [N/A]
"Start WingMan Profiler"="" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"HostManager"="C:\Program Files\Common Files\AOL\1142944241\ee\AOLSoftware.exe" [2006-09-25 50736]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"1cb92e0b"="C:\WINDOWS\system32\cfcdlrdc.dll" [N/A]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{86E7AEDE-F36B-4CCC-8F97-50923DB32982}"= "C:\WINDOWS\system32\jkkIXOfD.dll" [2008-10-15 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIXOfD]
2008-10-15 02:05 29696 C:\WINDOWS\system32\jkkIXOfD.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=mgfbkz.dll ixnjtx.dll wbysep.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkhiIcY
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0b\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\1142944241\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 chdrvr01;CH Control Manager Driver 1;C:\WINDOWS\system32\DRIVERS\chdrvr01.sys [2004-09-13 198880]
R3 chdrvr02;CH Control Manager Driver 2;C:\WINDOWS\system32\DRIVERS\chdrvr02.sys [2001-10-29 3712]
R3 chdrvr03;CH Control Manager Driver 3;C:\WINDOWS\system32\DRIVERS\chdrvr03.sys [2001-10-29 7584]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f89b2fe-5e51-11db-80de-00038a000015}]
\Shell\AutoRun\command - explorer.exe http://www.cymbaltamd.com
.
Contents of the 'Scheduled Tasks' folder
2008-10-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-10-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -
BHO-{26FB4E7B-69EE-4A1E-A64E-B215A6E44D01} - C:\WINDOWS\system32\wvUkKcCr.dll
BHO-{296E9158-78F1-4747-A6FB-A9E262B350EF} - C:\WINDOWS\system32\ddcCvWnm.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\lpyuq3xn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.pcusa.org/cgi-bin/lectiond.cgi
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 13:58:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\jkkIXOfD.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\jkkhiIcY.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wkdmtxqk.exe
.
**************************************************************************
.
Completion time: 2008-10-29 14:09:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-29 18:09:19
Pre-Run: 185,860,902,912 bytes free
Post-Run: 185,964,376,064 bytes free
242 --- E O F --- 2008-09-27 18:09:32