deb319
2008-03-09, 03:31
I cannot get rid of virtumonde or smithfraud. i am having multiple popups while on the internet. spybot finds them but cannot get rid of them please help.
ComboFix 08-03-08.1 - Owner 2008-03-08 20:40:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.556 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Owner\My Documents\DOBE~1
C:\Program Files\NetMeeting\xizejikor89104.dll
C:\Program Files\outerinfo
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\pskt.ini
C:\WINDOWS\setup.exe
C:\WINDOWS\sks~1
C:\WINDOWS\sks~1\??sks\
C:\WINDOWS\system32\aoyfqfms.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\c2
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\c4\np89104.exe
C:\WINDOWS\system32\drbvknlh.dll
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\nikedrvv.sys
C:\WINDOWS\system32\efcaxvu.dll
C:\WINDOWS\system32\flauplkk.dll
C:\WINDOWS\system32\haekjqmd.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\k8
C:\WINDOWS\system32\k8\ravecom3.exe
C:\WINDOWS\system32\ladklfur.dll
C:\WINDOWS\system32\lisiqtvy.dll
C:\WINDOWS\system32\lnfuiivb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljjjkh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\s7
C:\WINDOWS\system32\s7\gbsu011.exe
C:\WINDOWS\system32\smfqfyoa.ini
C:\WINDOWS\system32\txnvpjxd.dll
C:\WINDOWS\system32\ucqafure.dll
C:\WINDOWS\system32\x3
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NIKEDRVV
-------\nikedrvv
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.
2008-03-08 20:08 . 2008-03-08 20:08 <DIR> d-------- C:\ComboFix[1]
2008-03-08 06:34 . 2008-02-25 18:10 1,309,961 ---hs---- C:\WINDOWS\system32\ownshboy.ini
2008-03-07 22:55 . 2008-02-05 19:01 752 --a------ C:\WINDOWS\wininit.ini
2008-03-07 22:42 . 2008-03-07 22:42 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-07 22:11 . 2008-03-07 22:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-07 22:11 . 2008-03-07 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-07 20:38 . 2008-03-07 20:38 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-03-07 14:16 . 2008-03-07 21:47 <DIR> d-------- C:\sdat
2008-03-07 14:11 . 2008-03-07 21:44 40,365,931 --a------ C:\sdat5247.exe
2008-03-07 12:42 . 2008-03-07 12:43 27,082,752 --a------ C:\dat-5247.tar
2008-03-07 12:17 . 2008-03-07 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-03-07 10:26 . 2008-03-07 10:26 156 --ahs---- C:\WINDOWS\system32\drivers\f411D.DAT
2008-03-07 10:26 . 2008-03-07 10:26 156 --ahs---- C:\WINDOWS\system32\drivers\b261C.DAT
2008-03-07 10:26 . 2008-03-07 10:26 156 --ahs---- C:\WINDOWS\system32\drivers\0261B.DAT
2008-03-07 09:47 . 2008-03-07 09:47 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-03-07 06:34 . 2008-03-08 03:08 1,309,661 ---hs---- C:\WINDOWS\system32\amucleoa.ini
2008-03-06 20:11 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-03-06 19:09 . 2008-03-07 10:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-06 19:01 . 2008-03-08 20:45 13,065 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-06 19:00 . 2008-03-06 19:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-06 18:59 . 2008-03-07 20:31 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-03-06 18:59 . 2008-03-06 18:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-03-06 18:59 . 2008-03-06 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-06 18:56 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-06 18:52 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-06 18:52 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-06 18:52 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-06 18:52 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-06 18:52 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-06 18:52 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-06 18:50 . 2008-03-06 18:51 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-06 18:50 . 2008-03-08 16:21 <DIR> d-------- C:\Program Files\McAfee
2008-03-06 18:50 . 2008-03-06 18:52 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-06 18:43 . 2008-03-06 18:43 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-03-06 18:42 . 2008-03-07 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-06 17:54 . 2008-03-06 17:54 <DIR> d-------- C:\WINDOWS\Sun
2008-03-05 18:27 . 2008-03-05 18:28 <DIR> d-------- C:\Program Files\Haunted Hotel
2008-03-03 21:17 . 2008-03-03 21:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FaxCtr
2008-03-03 20:11 . 2008-03-03 20:11 <DIR> d-------- C:\Program Files\Got Game
2008-03-03 13:19 . 2008-03-03 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-03-02 20:45 . 2008-03-02 20:45 <DIR> d-------- C:\Program Files\The Count of Monte Cristo
2008-02-26 20:54 . 2008-02-26 20:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-02-26 17:44 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys
2008-02-26 17:44 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2008-02-26 17:44 . 2003-08-05 11:41 53,248 --a------ C:\WINDOWS\ap561.exe
2008-02-26 17:44 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini
2008-02-26 17:44 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax
2008-02-26 17:44 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src
2008-02-26 17:44 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini
2008-02-26 17:40 . 2008-02-26 17:47 73 --a------ C:\WINDOWS\APOapp.INI
2008-02-26 17:39 . 2008-02-26 17:45 <DIR> d-------- C:\Photo2Album
2008-02-26 17:38 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-02-26 17:38 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-02-26 17:38 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-02-26 17:38 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-02-26 17:38 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-02-26 17:38 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-02-26 17:38 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-02-26 17:38 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-02-26 17:38 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-02-26 17:38 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-02-26 17:35 . 2008-02-26 17:35 <DIR> d-------- C:\Program Files\AvailaSoft
2008-02-25 19:15 . 2008-03-07 09:50 125 --a------ C:\ioSpecial.ini
2008-02-25 18:11 . 2008-02-05 18:11 1,310,021 ---hs---- C:\WINDOWS\system32\vusouklg.ini
2008-02-25 17:51 . 2008-02-25 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-25 17:50 . 2008-02-25 18:52 <DIR> d-------- C:\Program Files\Games
2008-02-24 19:40 . 2008-02-24 19:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Boomzap
2008-02-19 20:31 . 2008-02-19 20:31 <DIR> d-------- C:\Program Files\Mystery Solitaire - Secret Island
2008-02-19 20:30 . 2008-02-19 20:31 <DIR> d-------- C:\Program Files\Agatha Christie - Death on the Nile
2008-02-19 20:30 . 2008-02-19 20:30 <DIR> d-------- C:\Documents and Settings\Owner\Saved Games
2008-02-19 20:30 . 2008-02-19 20:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FloodLightGames
2008-02-19 20:30 . 2008-02-19 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-02-19 20:28 . 2008-02-19 20:30 <DIR> d-------- C:\Program Files\Sherlock Holmes - The Mystery of the Mummy
2008-02-19 19:59 . 2008-02-19 20:03 <DIR> d-------- C:\Program Files\Return to Mysterious Island
2008-02-19 19:06 . 2008-02-19 19:09 <DIR> d-------- C:\Program Files\Journey to the Center of the Earth
2008-02-19 06:50 . 2008-02-19 06:52 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-02-19 06:49 . 2008-02-19 06:49 <DIR> d-------- C:\Program Files\Lexmark_6200 Series
2008-02-19 06:49 . 2003-03-11 18:26 339,968 -ra------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-02-19 06:49 . 2003-03-11 18:26 98,345 -ra------ C:\WINDOWS\system32\IMHOST32.DLL
2008-02-19 06:49 . 2003-03-11 18:26 98,304 -ra------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-02-19 06:49 . 2003-03-11 18:26 69,632 -ra------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-02-19 06:49 . 2003-03-11 18:26 49,152 -ra------ C:\WINDOWS\system32\IM31IMG.DIL
2008-02-19 06:49 . 2004-09-22 11:14 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-02-19 06:49 . 2004-09-22 11:12 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-02-19 06:49 . 2004-09-22 11:18 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-02-19 06:48 . 2008-02-19 06:48 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-02-19 06:48 . 2008-02-19 06:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-02-19 06:48 . 2008-02-19 06:52 17,076 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-02-19 06:47 . 2008-03-07 12:48 <DIR> d-------- C:\Program Files\Lx_cats
2008-02-19 06:47 . 2008-02-19 06:49 <DIR> d-------- C:\Program Files\Lexmark 6200 Series
2008-02-19 06:47 . 2004-09-22 08:52 65,536 -ra------ C:\WINDOWS\system32\lxbucfg.dll
2008-02-19 06:47 . 2004-10-01 12:26 1,519 -ra------ C:\WINDOWS\system32\lxbu.loc
2008-02-18 20:28 . 2008-02-18 20:28 <DIR> d-------- C:\Program Files\Mystery Case Files - Madame Fate
2008-02-18 20:22 . 2008-02-18 20:22 <DIR> d-------- C:\Program Files\Dirty Dancing
2008-02-18 20:19 . 2008-02-18 20:19 <DIR> d-------- C:\Program Files\Mystery in London
2008-02-18 20:12 . 2008-02-18 20:19 <DIR> d-------- C:\Program Files\Voyage
2008-02-18 19:04 . 2008-02-18 19:05 <DIR> d-------- C:\Program Files\Blackwell Unbound
2008-02-18 18:52 . 2008-03-02 20:37 <DIR> d-------- C:\Program Files\bfgclient
2008-02-18 18:52 . 2008-03-02 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-02-18 18:41 . 2008-02-18 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 15:47 61,480 ----a-w C:\WINDOWS\java\GoToAssistDownloadHelper.exe
2008-03-07 10:20 849,589 ----a-w C:\names.dat
2008-03-07 10:20 303,589 ----a-w C:\avvclean.dat
2008-03-07 10:20 24,637,579 ----a-w C:\scan.dat
2008-03-07 10:20 231,973 ----a-w C:\avvnames.dat
2008-03-07 10:20 18,006,981 ----a-w C:\avvscan.dat
2008-03-07 10:20 1,524,371 ----a-w C:\clean.dat
2008-03-07 07:20 163,907 ----a-w C:\GSDSuper.dll
2008-03-03 01:37 0 ----a-w C:\Program Files\temp01
2008-02-17 23:10 155,995 ----a-w C:\WINDOWS\java\Packages\CQO1BPNR.ZIP
2008-02-17 20:47 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-02-17 20:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-05 23:16 92,224 ----a-w C:\WINDOWS\system32\uutfghhu.dll
2003-08-05 16:41 53,248 ----a-w C:\WINDOWS\inf\ap561.exe
2002-11-26 21:24 32,768 ----a-w C:\WINDOWS\inf\Remove561.exe
2002-11-22 20:56 118,784 ----a-w C:\WINDOWS\inf\ShowBmp.exe
2002-10-29 23:07 36,864 ----a-w C:\WINDOWS\inf\Setup8a.exe
2002-10-01 19:43 119,798 ----a-w C:\WINDOWS\inf\spca561.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
2007-12-21 17:27 78848 --a------ C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-17 14:26 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 18:04 135168]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 18:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 18:51 118784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24 32768]
"CHotkey"="zHotkey.exe" [2005-05-03 17:02 543232 C:\WINDOWS\zHotkey.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AlcFDMonitor"="C:\WINDOWS\ALCFDRTM.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-05-12 14:00 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 14:00 2805248 C:\WINDOWS\ALCWZRD.EXE]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-09-10 06:55 69632]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-09-22 05:43 188416]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-09-22 11:18 299008]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 08:24 61440]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-02-17 17:45:07 101888]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 07:44:06 29696]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2008-02-17 15:42:57 1742384]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2008-02-17 15:46:04 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjjkh]
mljjjkh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\WINDOWS\\system32\\lxbucoms.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
S0 0261B;0261B;C:\WINDOWS\system32\drivers\0261B.SYS []
S1 b261C;b261C;C:\WINDOWS\system32\drivers\b261C.SYS []
S2 f411D;f411D;C:\WINDOWS\system32\drivers\f411D.SYS []
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\SSNDIS5.SYS [2008-02-17 16:37]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 23:51:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-06 23:51:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-09 01:46:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-08 16:39:33 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 20:46:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\lxbucoms.exe
.
**************************************************************************
.
Completion time: 2008-03-08 20:48:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 01:48:48
.
2008-03-08 08:01:12 --- E O F ---
ComboFix 08-03-08.1 - Owner 2008-03-08 20:40:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.556 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Owner\My Documents\DOBE~1
C:\Program Files\NetMeeting\xizejikor89104.dll
C:\Program Files\outerinfo
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\pskt.ini
C:\WINDOWS\setup.exe
C:\WINDOWS\sks~1
C:\WINDOWS\sks~1\??sks\
C:\WINDOWS\system32\aoyfqfms.dll
C:\WINDOWS\system32\awvtr.dll
C:\WINDOWS\system32\c2
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\c4\np89104.exe
C:\WINDOWS\system32\drbvknlh.dll
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\nikedrvv.sys
C:\WINDOWS\system32\efcaxvu.dll
C:\WINDOWS\system32\flauplkk.dll
C:\WINDOWS\system32\haekjqmd.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\k8
C:\WINDOWS\system32\k8\ravecom3.exe
C:\WINDOWS\system32\ladklfur.dll
C:\WINDOWS\system32\lisiqtvy.dll
C:\WINDOWS\system32\lnfuiivb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljjjkh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rtvwa.ini
C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\s7
C:\WINDOWS\system32\s7\gbsu011.exe
C:\WINDOWS\system32\smfqfyoa.ini
C:\WINDOWS\system32\txnvpjxd.dll
C:\WINDOWS\system32\ucqafure.dll
C:\WINDOWS\system32\x3
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NIKEDRVV
-------\nikedrvv
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.
2008-03-08 20:08 . 2008-03-08 20:08 <DIR> d-------- C:\ComboFix[1]
2008-03-08 06:34 . 2008-02-25 18:10 1,309,961 ---hs---- C:\WINDOWS\system32\ownshboy.ini
2008-03-07 22:55 . 2008-02-05 19:01 752 --a------ C:\WINDOWS\wininit.ini
2008-03-07 22:42 . 2008-03-07 22:42 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-07 22:11 . 2008-03-07 22:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-07 22:11 . 2008-03-07 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-07 20:38 . 2008-03-07 20:38 <DIR> d---s---- C:\Documents and Settings\Owner\UserData
2008-03-07 14:16 . 2008-03-07 21:47 <DIR> d-------- C:\sdat
2008-03-07 14:11 . 2008-03-07 21:44 40,365,931 --a------ C:\sdat5247.exe
2008-03-07 12:42 . 2008-03-07 12:43 27,082,752 --a------ C:\dat-5247.tar
2008-03-07 12:17 . 2008-03-07 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-03-07 10:26 . 2008-03-07 10:26 156 --ahs---- C:\WINDOWS\system32\drivers\f411D.DAT
2008-03-07 10:26 . 2008-03-07 10:26 156 --ahs---- C:\WINDOWS\system32\drivers\b261C.DAT
2008-03-07 10:26 . 2008-03-07 10:26 156 --ahs---- C:\WINDOWS\system32\drivers\0261B.DAT
2008-03-07 09:47 . 2008-03-07 09:47 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-03-07 06:34 . 2008-03-08 03:08 1,309,661 ---hs---- C:\WINDOWS\system32\amucleoa.ini
2008-03-06 20:11 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-03-06 19:09 . 2008-03-07 10:39 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-03-06 19:01 . 2008-03-08 20:45 13,065 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-06 19:00 . 2008-03-06 19:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-06 18:59 . 2008-03-07 20:31 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-03-06 18:59 . 2008-03-06 18:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-03-06 18:59 . 2008-03-06 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-06 18:56 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-06 18:52 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-06 18:52 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-06 18:52 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-06 18:52 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-06 18:52 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-06 18:52 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-06 18:50 . 2008-03-06 18:51 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-06 18:50 . 2008-03-08 16:21 <DIR> d-------- C:\Program Files\McAfee
2008-03-06 18:50 . 2008-03-06 18:52 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-06 18:43 . 2008-03-06 18:43 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-03-06 18:42 . 2008-03-07 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-06 17:54 . 2008-03-06 17:54 <DIR> d-------- C:\WINDOWS\Sun
2008-03-05 18:27 . 2008-03-05 18:28 <DIR> d-------- C:\Program Files\Haunted Hotel
2008-03-03 21:17 . 2008-03-03 21:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FaxCtr
2008-03-03 20:11 . 2008-03-03 20:11 <DIR> d-------- C:\Program Files\Got Game
2008-03-03 13:19 . 2008-03-03 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-03-02 20:45 . 2008-03-02 20:45 <DIR> d-------- C:\Program Files\The Count of Monte Cristo
2008-02-26 20:54 . 2008-02-26 20:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-02-26 17:44 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys
2008-02-26 17:44 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2008-02-26 17:44 . 2003-08-05 11:41 53,248 --a------ C:\WINDOWS\ap561.exe
2008-02-26 17:44 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini
2008-02-26 17:44 . 2002-09-20 19:44 14,336 --a------ C:\WINDOWS\system32\dshow508.ax
2008-02-26 17:44 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src
2008-02-26 17:44 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini
2008-02-26 17:40 . 2008-02-26 17:47 73 --a------ C:\WINDOWS\APOapp.INI
2008-02-26 17:39 . 2008-02-26 17:45 <DIR> d-------- C:\Photo2Album
2008-02-26 17:38 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-02-26 17:38 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-02-26 17:38 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-02-26 17:38 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-02-26 17:38 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-02-26 17:38 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-02-26 17:38 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-02-26 17:38 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-02-26 17:38 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-02-26 17:38 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-02-26 17:35 . 2008-02-26 17:35 <DIR> d-------- C:\Program Files\AvailaSoft
2008-02-25 19:15 . 2008-03-07 09:50 125 --a------ C:\ioSpecial.ini
2008-02-25 18:11 . 2008-02-05 18:11 1,310,021 ---hs---- C:\WINDOWS\system32\vusouklg.ini
2008-02-25 17:51 . 2008-02-25 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-25 17:50 . 2008-02-25 18:52 <DIR> d-------- C:\Program Files\Games
2008-02-24 19:40 . 2008-02-24 19:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Boomzap
2008-02-19 20:31 . 2008-02-19 20:31 <DIR> d-------- C:\Program Files\Mystery Solitaire - Secret Island
2008-02-19 20:30 . 2008-02-19 20:31 <DIR> d-------- C:\Program Files\Agatha Christie - Death on the Nile
2008-02-19 20:30 . 2008-02-19 20:30 <DIR> d-------- C:\Documents and Settings\Owner\Saved Games
2008-02-19 20:30 . 2008-02-19 20:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FloodLightGames
2008-02-19 20:30 . 2008-02-19 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2008-02-19 20:28 . 2008-02-19 20:30 <DIR> d-------- C:\Program Files\Sherlock Holmes - The Mystery of the Mummy
2008-02-19 19:59 . 2008-02-19 20:03 <DIR> d-------- C:\Program Files\Return to Mysterious Island
2008-02-19 19:06 . 2008-02-19 19:09 <DIR> d-------- C:\Program Files\Journey to the Center of the Earth
2008-02-19 06:50 . 2008-02-19 06:52 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-02-19 06:49 . 2008-02-19 06:49 <DIR> d-------- C:\Program Files\Lexmark_6200 Series
2008-02-19 06:49 . 2003-03-11 18:26 339,968 -ra------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-02-19 06:49 . 2003-03-11 18:26 98,345 -ra------ C:\WINDOWS\system32\IMHOST32.DLL
2008-02-19 06:49 . 2003-03-11 18:26 98,304 -ra------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-02-19 06:49 . 2003-03-11 18:26 69,632 -ra------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-02-19 06:49 . 2003-03-11 18:26 49,152 -ra------ C:\WINDOWS\system32\IM31IMG.DIL
2008-02-19 06:49 . 2004-09-22 11:14 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-02-19 06:49 . 2004-09-22 11:12 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-02-19 06:49 . 2004-09-22 11:18 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-02-19 06:48 . 2008-02-19 06:48 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-02-19 06:48 . 2008-02-19 06:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-02-19 06:48 . 2008-02-19 06:52 17,076 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-02-19 06:47 . 2008-03-07 12:48 <DIR> d-------- C:\Program Files\Lx_cats
2008-02-19 06:47 . 2008-02-19 06:49 <DIR> d-------- C:\Program Files\Lexmark 6200 Series
2008-02-19 06:47 . 2004-09-22 08:52 65,536 -ra------ C:\WINDOWS\system32\lxbucfg.dll
2008-02-19 06:47 . 2004-10-01 12:26 1,519 -ra------ C:\WINDOWS\system32\lxbu.loc
2008-02-18 20:28 . 2008-02-18 20:28 <DIR> d-------- C:\Program Files\Mystery Case Files - Madame Fate
2008-02-18 20:22 . 2008-02-18 20:22 <DIR> d-------- C:\Program Files\Dirty Dancing
2008-02-18 20:19 . 2008-02-18 20:19 <DIR> d-------- C:\Program Files\Mystery in London
2008-02-18 20:12 . 2008-02-18 20:19 <DIR> d-------- C:\Program Files\Voyage
2008-02-18 19:04 . 2008-02-18 19:05 <DIR> d-------- C:\Program Files\Blackwell Unbound
2008-02-18 18:52 . 2008-03-02 20:37 <DIR> d-------- C:\Program Files\bfgclient
2008-02-18 18:52 . 2008-03-02 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-02-18 18:41 . 2008-02-18 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 15:47 61,480 ----a-w C:\WINDOWS\java\GoToAssistDownloadHelper.exe
2008-03-07 10:20 849,589 ----a-w C:\names.dat
2008-03-07 10:20 303,589 ----a-w C:\avvclean.dat
2008-03-07 10:20 24,637,579 ----a-w C:\scan.dat
2008-03-07 10:20 231,973 ----a-w C:\avvnames.dat
2008-03-07 10:20 18,006,981 ----a-w C:\avvscan.dat
2008-03-07 10:20 1,524,371 ----a-w C:\clean.dat
2008-03-07 07:20 163,907 ----a-w C:\GSDSuper.dll
2008-03-03 01:37 0 ----a-w C:\Program Files\temp01
2008-02-17 23:10 155,995 ----a-w C:\WINDOWS\java\Packages\CQO1BPNR.ZIP
2008-02-17 20:47 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-02-17 20:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-05 23:16 92,224 ----a-w C:\WINDOWS\system32\uutfghhu.dll
2003-08-05 16:41 53,248 ----a-w C:\WINDOWS\inf\ap561.exe
2002-11-26 21:24 32,768 ----a-w C:\WINDOWS\inf\Remove561.exe
2002-11-22 20:56 118,784 ----a-w C:\WINDOWS\inf\ShowBmp.exe
2002-10-29 23:07 36,864 ----a-w C:\WINDOWS\inf\Setup8a.exe
2002-10-01 19:43 119,798 ----a-w C:\WINDOWS\inf\spca561.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
2007-12-21 17:27 78848 --a------ C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-17 14:26 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 18:04 135168]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 18:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 18:51 118784]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 23:24 32768]
"CHotkey"="zHotkey.exe" [2005-05-03 17:02 543232 C:\WINDOWS\zHotkey.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AlcFDMonitor"="C:\WINDOWS\ALCFDRTM.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-05-12 14:00 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 14:00 2805248 C:\WINDOWS\ALCWZRD.EXE]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-09-10 06:55 69632]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2004-09-22 05:43 188416]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-09-22 11:18 299008]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 08:24 61440]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 16:57 36640]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-02-17 17:45:07 101888]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 07:44:06 29696]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2008-02-17 15:42:57 1742384]
Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2008-02-17 15:46:04 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjjkh]
mljjjkh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\WINDOWS\\system32\\lxbucoms.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
S0 0261B;0261B;C:\WINDOWS\system32\drivers\0261B.SYS []
S1 b261C;b261C;C:\WINDOWS\system32\drivers\b261C.SYS []
S2 f411D;f411D;C:\WINDOWS\system32\drivers\f411D.SYS []
S3 SSNDIS5;SSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\SSNDIS5.SYS [2008-02-17 16:37]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 23:51:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-06 23:51:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-09 01:46:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-08 16:39:33 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 20:46:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\lxbucoms.exe
.
**************************************************************************
.
Completion time: 2008-03-08 20:48:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 01:48:48
.
2008-03-08 08:01:12 --- E O F ---