azkab
2008-01-30, 08:49
Hi there,
CCleaner:
µTorrent
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Archiveur WinRAR
Athan Basic 3.3
CCleaner (remove only)
Cisco Systems VPN Client 5.0.00.0340
DivX Codec
DivX Web Player
Google Toolbar for Internet Explorer
HijackThis 2.0.0
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 7
Java(TM) 6 Update 2
LimeWire 4.14.12
Magic ISO Maker v5.4 (build 0245)
McAfee SecurityCenter
Microsoft .NET Framework 2.0
Microsoft LifeChat
Microsoft Office Professional Edition 2003
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Updates Downloader
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ComboFix
ComboFix 08-01-30.1 - _1 2008-01-30 0:38:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.661 [GMT -5:00]
Running from: \\AZKAB\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-30 00:39 . 2008-01-30 00:39 11,207 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-30 00:37 . 2008-01-30 00:37 <DIR> dr-h----- C:\Documents and Settings\_1\Recent
2008-01-30 00:03 . 2008-01-30 00:03 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 23:30 . 2008-01-29 23:31 270 --a------ C:\WINDOWS\wininit.ini
2008-01-29 22:43 . 2008-01-29 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-29 12:37 . 2008-01-29 12:37 16,596 --a------ C:\WINDOWS\BM07c076d5.xml
2008-01-27 15:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-27 15:06 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-27 14:56 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip312.dll
2008-01-27 14:55 . 2008-01-27 14:55 <DIR> d-------- C:\Program Files\McAfee.com
2008-01-27 14:55 . 2008-01-29 21:22 <DIR> d-------- C:\Program Files\McAfee
2008-01-27 14:55 . 2008-01-27 14:55 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-27 14:55 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-01-27 14:50 . 2008-01-27 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-27 13:50 . 2008-01-27 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-27 13:19 . 2008-01-27 13:19 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-27 13:19 . 2008-01-27 13:19 86,144 --a------ C:\WINDOWS\system32\drivers\dmboott.sys
2008-01-27 12:12 . 2008-01-27 12:12 <DIR> d-------- C:\Documents and Settings\_1\Application Data\skypePM
2008-01-06 18:17 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-06 18:17 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-06 18:17 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-06 18:17 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-05 17:00 . 2008-01-05 17:04 <DIR> d-------- C:\Documents and Settings\_1\USM3
2007-12-31 18:29 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-31 18:29 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-31 18:28 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-31 18:28 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-31 18:27 . 2007-12-31 18:27 <DIR> d-------- C:\Program Files\Microsoft LifeChat
2007-12-31 18:27 . 2007-02-07 07:42 1,421,176 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2007-12-31 18:27 . 2007-02-07 07:42 61,944 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2007-12-31 18:27 . 2007-12-31 18:27 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-12-31 18:27 . 2007-12-31 18:27 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2007-12-31 02:08 . 2007-12-31 02:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-31 02:08 . 2004-08-04 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-31 02:07 . 2007-12-31 02:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-31 02:07 . 2008-01-01 00:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-30 22:22 . 2007-12-30 22:22 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-12-30 22:22 . 2007-12-30 22:22 <DIR> d-------- C:\WINDOWS\Profiles
2007-12-30 22:22 . 2008-01-05 23:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-30 22:22 . 2007-12-30 22:22 <DIR> d-------- C:\Documents and Settings\_1\Application Data\InterTrust
2007-12-30 22:19 . 1998-11-13 11:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-28 18:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-27 04:33 . 2007-12-27 04:47 <DIR> d-------- C:\Program Files\PartyPoker
2007-12-23 22:22 . 2007-12-23 22:22 <DIR> d-------- C:\Program Files\Java
2007-12-23 22:22 . 2007-12-23 22:22 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-23 22:22 . 2008-01-30 00:40 <DIR> d-------- C:\Documents and Settings\_1\Shared
2007-12-23 22:22 . 2008-01-30 00:41 <DIR> d-------- C:\Documents and Settings\_1\Incomplete
2007-12-23 22:22 . 2008-01-28 18:56 <DIR> d-------- C:\Documents and Settings\_1\Application Data\LimeWire
2007-12-23 22:22 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-23 22:21 . 2007-12-23 22:22 <DIR> d-------- C:\Program Files\LimeWire
2007-12-23 13:03 . 2008-01-24 12:07 <DIR> d-------- C:\Program Files\SopCast
2007-12-16 13:32 . 2007-12-16 13:32 <DIR> d-------- C:\Program Files\Real
2007-12-16 13:32 . 2007-12-16 13:32 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-16 13:32 . 2007-12-16 13:32 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-16 13:32 . 2007-12-16 13:32 <DIR> d-------- C:\Documents and Settings\_1\Application Data\Real
2007-12-16 13:32 . 2007-12-16 13:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-12-16 13:32 . 2007-12-16 13:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-12-15 23:40 . 2007-12-15 23:40 <DIR> d-------- C:\Documents and Settings\_1\Application Data\DivX
2007-12-15 18:21 . 2007-12-15 18:21 <DIR> d-------- C:\Program Files\DivX
2007-12-15 14:49 . 2007-12-15 14:49 <DIR> d-------- C:\WINDOWS\system32\athan
2007-12-15 14:49 . 2007-12-15 14:49 <DIR> d-------- C:\Program Files\Athan
2007-12-15 14:49 . 2007-12-15 14:49 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-15 14:38 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-15 14:38 . 2007-12-15 14:38 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-15 14:37 . 2007-12-15 14:37 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-15 14:37 . 2007-12-15 14:37 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-15 14:37 . 2007-12-15 14:37 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-11 17:35 . 2007-12-11 17:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 17:35 . 2007-12-11 17:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 17:34 . 2007-12-11 17:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 17:34 . 2007-12-11 17:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 17:34 . 2007-12-11 17:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 17:32 . 2007-12-11 17:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 17:32 . 2007-12-11 17:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 17:32 . 2007-12-11 17:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 01:13 . 2007-12-10 01:13 <DIR> d-------- C:\Documents and Settings\_1\Application Data\InterVideo
2007-12-10 01:08 . 2007-12-10 01:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-10 01:08 . 2007-12-10 01:08 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-12-10 01:08 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-12-10 01:08 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-12-10 01:08 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-12-10 01:08 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-12-10 01:08 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-12-10 01:08 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-12-10 01:07 . 2007-12-10 01:07 <DIR> d-------- C:\Program Files\InterVideo
2007-12-10 01:07 . 2003-01-27 16:32 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2007-12-10 01:07 . 2003-11-11 10:44 333,600 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2007-12-10 01:07 . 2003-11-11 10:43 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2007-12-09 19:23 . 2007-12-22 19:15 <DIR> d-------- C:\Documents and Settings\_1\Contacts
2007-12-09 19:01 . 2007-12-31 18:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-09 18:58 . 2007-12-09 19:01 <DIR> d-------- C:\Program Files\Windows Live
2007-12-09 18:58 . 2007-12-09 19:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 18:58 . 2007-12-09 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-09 18:55 . 2008-01-29 03:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-09 18:55 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-09 18:32 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-12-09 18:32 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-09 18:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-09 18:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-09 18:32 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 05:39 3,932,160 ---ha-w C:\Documents and Settings\_1\NTUSER.DAT
2008-01-27 19:56 --------- d-s---w C:\Documents and Settings\_1\Application Data\Microsoft
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-08 05:38 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-08 05:38 --------- d-----w C:\Documents and Settings\_1\Application Data\Identities
2007-12-08 05:30 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 06:13 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-08 01:32 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 14:25 1003520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-16 13:32 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
C:\Documents and Settings\_1\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53 147456]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-10 01:08:07 278528]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-12-08 01:48:16 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jfbouafc]
jfbouafc.dll
R1 dmboott;dmboott;C:\WINDOWS\system32\drivers\dmboott.sys [2008-01-27 13:19]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 19:55:33 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-27 19:55:32 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 00:41:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Athan\Athan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
.
**************************************************************************
.
Completion time: 2008-01-30 0:42:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 05:41:47
ComboFix2.txt 2008-01-30 05:13:17
ComboFix3.txt 2008-01-30 03:37:37
.
2008-01-29 08:01:41 --- E O F ---
CCleaner:
µTorrent
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Archiveur WinRAR
Athan Basic 3.3
CCleaner (remove only)
Cisco Systems VPN Client 5.0.00.0340
DivX Codec
DivX Web Player
Google Toolbar for Internet Explorer
HijackThis 2.0.0
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD 7
Java(TM) 6 Update 2
LimeWire 4.14.12
Magic ISO Maker v5.4 (build 0245)
McAfee SecurityCenter
Microsoft .NET Framework 2.0
Microsoft LifeChat
Microsoft Office Professional Edition 2003
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Updates Downloader
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ComboFix
ComboFix 08-01-30.1 - _1 2008-01-30 0:38:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.661 [GMT -5:00]
Running from: \\AZKAB\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-30 00:39 . 2008-01-30 00:39 11,207 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-30 00:37 . 2008-01-30 00:37 <DIR> dr-h----- C:\Documents and Settings\_1\Recent
2008-01-30 00:03 . 2008-01-30 00:03 <DIR> d-------- C:\Program Files\CCleaner
2008-01-29 23:30 . 2008-01-29 23:31 270 --a------ C:\WINDOWS\wininit.ini
2008-01-29 22:43 . 2008-01-29 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-29 12:37 . 2008-01-29 12:37 16,596 --a------ C:\WINDOWS\BM07c076d5.xml
2008-01-27 15:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-27 15:06 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-27 14:56 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip312.dll
2008-01-27 14:55 . 2008-01-27 14:55 <DIR> d-------- C:\Program Files\McAfee.com
2008-01-27 14:55 . 2008-01-29 21:22 <DIR> d-------- C:\Program Files\McAfee
2008-01-27 14:55 . 2008-01-27 14:55 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-27 14:55 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-01-27 14:50 . 2008-01-27 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-27 13:50 . 2008-01-27 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-27 13:19 . 2008-01-27 13:19 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-27 13:19 . 2008-01-27 13:19 86,144 --a------ C:\WINDOWS\system32\drivers\dmboott.sys
2008-01-27 12:12 . 2008-01-27 12:12 <DIR> d-------- C:\Documents and Settings\_1\Application Data\skypePM
2008-01-06 18:17 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-06 18:17 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-06 18:17 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-06 18:17 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-05 17:00 . 2008-01-05 17:04 <DIR> d-------- C:\Documents and Settings\_1\USM3
2007-12-31 18:29 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-31 18:29 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-31 18:28 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-12-31 18:28 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-12-31 18:27 . 2007-12-31 18:27 <DIR> d-------- C:\Program Files\Microsoft LifeChat
2007-12-31 18:27 . 2007-02-07 07:42 1,421,176 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2007-12-31 18:27 . 2007-02-07 07:42 61,944 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2007-12-31 18:27 . 2007-12-31 18:27 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-12-31 18:27 . 2007-12-31 18:27 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2007-12-31 02:08 . 2007-12-31 02:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-31 02:08 . 2004-08-04 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-31 02:07 . 2007-12-31 02:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-31 02:07 . 2008-01-01 00:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-30 22:22 . 2007-12-30 22:22 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-12-30 22:22 . 2007-12-30 22:22 <DIR> d-------- C:\WINDOWS\Profiles
2007-12-30 22:22 . 2008-01-05 23:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-30 22:22 . 2007-12-30 22:22 <DIR> d-------- C:\Documents and Settings\_1\Application Data\InterTrust
2007-12-30 22:19 . 1998-11-13 11:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-28 18:46 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-27 04:33 . 2007-12-27 04:47 <DIR> d-------- C:\Program Files\PartyPoker
2007-12-23 22:22 . 2007-12-23 22:22 <DIR> d-------- C:\Program Files\Java
2007-12-23 22:22 . 2007-12-23 22:22 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-23 22:22 . 2008-01-30 00:40 <DIR> d-------- C:\Documents and Settings\_1\Shared
2007-12-23 22:22 . 2008-01-30 00:41 <DIR> d-------- C:\Documents and Settings\_1\Incomplete
2007-12-23 22:22 . 2008-01-28 18:56 <DIR> d-------- C:\Documents and Settings\_1\Application Data\LimeWire
2007-12-23 22:22 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-23 22:21 . 2007-12-23 22:22 <DIR> d-------- C:\Program Files\LimeWire
2007-12-23 13:03 . 2008-01-24 12:07 <DIR> d-------- C:\Program Files\SopCast
2007-12-16 13:32 . 2007-12-16 13:32 <DIR> d-------- C:\Program Files\Real
2007-12-16 13:32 . 2007-12-16 13:32 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-16 13:32 . 2007-12-16 13:32 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-16 13:32 . 2007-12-16 13:32 <DIR> d-------- C:\Documents and Settings\_1\Application Data\Real
2007-12-16 13:32 . 2007-12-16 13:32 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-12-16 13:32 . 2007-12-16 13:32 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-12-15 23:40 . 2007-12-15 23:40 <DIR> d-------- C:\Documents and Settings\_1\Application Data\DivX
2007-12-15 18:21 . 2007-12-15 18:21 <DIR> d-------- C:\Program Files\DivX
2007-12-15 14:49 . 2007-12-15 14:49 <DIR> d-------- C:\WINDOWS\system32\athan
2007-12-15 14:49 . 2007-12-15 14:49 <DIR> d-------- C:\Program Files\Athan
2007-12-15 14:49 . 2007-12-15 14:49 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-15 14:38 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-15 14:38 . 2007-12-15 14:38 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-15 14:37 . 2007-12-15 14:37 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-15 14:37 . 2007-12-15 14:37 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-15 14:37 . 2007-12-15 14:37 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-11 17:35 . 2007-12-11 17:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 17:35 . 2007-12-11 17:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 17:34 . 2007-12-11 17:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 17:34 . 2007-12-11 17:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 17:34 . 2007-12-11 17:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 17:32 . 2007-12-11 17:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 17:32 . 2007-12-11 17:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 17:32 . 2007-12-11 17:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 01:13 . 2007-12-10 01:13 <DIR> d-------- C:\Documents and Settings\_1\Application Data\InterVideo
2007-12-10 01:08 . 2007-12-10 01:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-10 01:08 . 2007-12-10 01:08 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-12-10 01:08 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-12-10 01:08 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-12-10 01:08 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-12-10 01:08 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-12-10 01:08 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-12-10 01:08 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-12-10 01:07 . 2007-12-10 01:07 <DIR> d-------- C:\Program Files\InterVideo
2007-12-10 01:07 . 2003-01-27 16:32 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2007-12-10 01:07 . 2003-11-11 10:44 333,600 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2007-12-10 01:07 . 2003-11-11 10:43 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2007-12-09 19:23 . 2007-12-22 19:15 <DIR> d-------- C:\Documents and Settings\_1\Contacts
2007-12-09 19:01 . 2007-12-31 18:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-09 18:58 . 2007-12-09 19:01 <DIR> d-------- C:\Program Files\Windows Live
2007-12-09 18:58 . 2007-12-09 19:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 18:58 . 2007-12-09 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-09 18:55 . 2008-01-29 03:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-09 18:55 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-09 18:32 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-12-09 18:32 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-09 18:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-09 18:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-09 18:32 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 05:39 3,932,160 ---ha-w C:\Documents and Settings\_1\NTUSER.DAT
2008-01-27 19:56 --------- d-s---w C:\Documents and Settings\_1\Application Data\Microsoft
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-08 05:38 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-08 05:38 --------- d-----w C:\Documents and Settings\_1\Application Data\Identities
2007-12-08 05:30 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 06:13 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-08 01:32 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-09-06 14:25 1003520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-16 13:32 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31 259440]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
C:\Documents and Settings\_1\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-12-03 16:35:53 147456]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-10 01:08:07 278528]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-12-08 01:48:16 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jfbouafc]
jfbouafc.dll
R1 dmboott;dmboott;C:\WINDOWS\system32\drivers\dmboott.sys [2008-01-27 13:19]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 19:55:33 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-27 19:55:32 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 00:41:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Athan\Athan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
.
**************************************************************************
.
Completion time: 2008-01-30 0:42:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 05:41:47
ComboFix2.txt 2008-01-30 05:13:17
ComboFix3.txt 2008-01-30 03:37:37
.
2008-01-29 08:01:41 --- E O F ---