jasonz5213
2008-06-27, 00:52
ComboFix 08-06-20.4 - Jason 2008-06-26 17:17:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.115 [GMT -4:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ihapqxfa.ini
C:\WINDOWS\system32\nnnoPGwx.dll
C:\WINDOWS\system32\xwGPonnn.ini
C:\WINDOWS\system32\xwGPonnn.ini2
.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.
2008-06-26 17:15 . 2008-06-26 17:15 92,032 --a------ C:\WINDOWS\system32\afxqpahi.dll
2008-06-26 16:41 . 2008-06-26 16:41 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-26 16:07 . 2008-06-26 17:10 758 ---hs---- C:\WINDOWS\system32\chhlupti.ini
2008-06-26 01:09 . 2008-06-26 01:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 23:47 . 2008-06-25 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Ltd
2008-06-25 23:38 . 2008-06-26 01:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 23:37 . 2008-06-26 01:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-25 23:03 . 2008-06-26 17:21 2,193 --a------ C:\WINDOWS\system32\Config.MPF
2008-06-25 23:02 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-06-25 22:58 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-06-25 22:58 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-06-25 22:58 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-06-25 22:58 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-06-25 22:58 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-06-25 22:58 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-06-25 22:56 . 2008-06-25 22:57 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-25 22:56 . 2008-06-25 23:51 <DIR> d-------- C:\Program Files\McAfee
2008-06-25 22:56 . 2008-06-25 22:58 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-25 22:24 . 2008-06-21 11:35 32,256 --a------ C:\WINDOWS\Sys9.exe
2008-06-25 20:31 . 2008-06-26 02:03 385 --a------ C:\WINDOWS\wininit.ini
2008-06-25 17:40 . 2008-06-25 17:40 92,544 --a------ C:\WINDOWS\system32\xqbfvmku.dll
2008-06-24 20:09 . 2008-06-24 20:09 92,032 --a------ C:\WINDOWS\system32\dttmlwad.dll
2008-06-24 20:09 . 2008-06-21 11:35 32,256 --a------ C:\WINDOWS\Sys2.exe
2008-06-24 20:09 . 2008-06-25 17:38 474 --ahs---- C:\WINDOWS\system32\dawlmttd.ini
2008-06-24 20:04 . 2008-06-24 20:04 92,032 --a------ C:\WINDOWS\system32\gulefjfy.dll
2008-06-24 19:58 . 2008-06-24 19:58 28,288 --a------ C:\WINDOWS\system32\pmnNgFuv.dll
2008-06-24 19:55 . 2008-06-19 18:20 117,248 --a------ C:\WINDOWS\system32\vav.cpl
2008-06-24 19:54 . 2008-06-21 11:35 32,256 --a------ C:\WINDOWS\Sys12.exe
2008-06-24 19:54 . 2008-06-21 11:35 31,744 --a------ C:\WINDOWS\Sys13.exe
2008-06-24 19:54 . 2008-06-21 11:35 30,720 --a------ C:\WINDOWS\Sys15.exe
2008-06-24 19:54 . 2008-06-21 11:35 30,208 --a------ C:\WINDOWS\Sys14.exe
2008-06-21 19:02 . 2008-06-21 19:02 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\acccore
2008-06-21 01:00 . 2008-06-21 01:00 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-21 01:00 . 2008-06-21 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-21 00:59 . 2008-06-21 01:01 <DIR> d-------- C:\Program Files\AIM6
2008-06-10 17:47 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 17:47 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 20:55 --------- d-----w C:\Documents and Settings\Jason\Application Data\ComcastToolbar
2008-06-26 05:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-26 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-24 04:44 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2008-06-21 05:00 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-21 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-20 23:30 --------- d-----w C:\Documents and Settings\Jason\Application Data\Apple Computer
2008-05-20 21:54 --------- d-----w C:\Program Files\Java
2008-05-20 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-20 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-18 02:31 --------- d-----w C:\Program Files\Apple Software Update
2008-05-18 02:27 --------- d-----w C:\Program Files\iTunes
2008-05-18 02:26 --------- d-----w C:\Program Files\iPod
2008-05-18 02:24 --------- d-----w C:\Program Files\QuickTime
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-26_16.11.55.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 20:06:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 21:20:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-08-13 23:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2004-08-04 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-08-04 12:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2004-08-04 12:00:00 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-13 23:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2004-08-04 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2004-08-04 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-10-11 05:57:29 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2004-08-04 12:00:00 1,016,832 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-13 23:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 23:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2004-08-04 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-13 23:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-08-13 23:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00:00 249,344 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-13 23:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2004-08-04 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 23:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2004-08-04 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-13 23:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-08-13 23:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2004-08-04 12:00:00 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-13 23:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2007-08-13 23:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2004-08-04 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-04-24 02:16:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2004-08-04 12:00:00 3,003,392 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00:00 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 23:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2007-08-13 23:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2004-08-04 12:00:00 530,432 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-11 05:57:39 1,498,112 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-09-04 06:08:01 1,494,016 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-10-11 05:57:40 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2005-09-02 23:52:06 473,600 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2004-08-04 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00:00 601,088 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 23:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00:00 276,480 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2004-08-04 12:00:00 656,384 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2004-08-04 12:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2004-08-04 12:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2004-08-04 12:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2004-08-04 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2004-08-04 12:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2004-08-04 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2004-08-04 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 23:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2004-08-04 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
- 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2004-08-04 12:00:00 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2004-08-04 12:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 23:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2004-08-04 12:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2007-08-13 23:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2004-08-04 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2004-08-04 12:00:00 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2004-08-04 12:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2004-08-04 12:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-08-13 23:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2004-08-04 12:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2007-08-13 23:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2004-08-04 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2004-08-04 12:00:00 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2004-08-04 12:00:00 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 23:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2004-08-04 12:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2007-08-13 23:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2004-08-04 12:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2004-08-04 12:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2004-08-04 12:00:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2006-09-04 06:08:01 1,494,016 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2005-09-02 23:52:06 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2004-08-04 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2004-08-04 12:00:00 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-13 23:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2004-08-04 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2004-08-04 12:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2004-08-04 12:00:00 656,384 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E79BE1D-ECF8-4B07-AFDC-EE41727358A7}]
C:\WINDOWS\system32\nnnoPGwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F1854A-DB08-43E9-B6DC-ACBCF302EC21}]
C:\WINDOWS\system32\hgGwUnNd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84AA61C2-A977-4FD8-9E2F-C768F0387572}]
2008-06-24 19:58 28288 --a------ C:\WINDOWS\system32\pmnNgFuv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-12 16:47 50528]
"Sys4.exe"="C:\Windows\Sys4.exe" [ ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 13:32 111904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"4c80b58c"="C:\WINDOWS\system32\afxqpahi.dll" [2008-06-26 17:15 92032]
"combofix"="C:\WINDOWS\system32\CF20053.exe" [2004-08-04 08:00 388608]
C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{84AA61C2-A977-4FD8-9E2F-C768F0387572}"= C:\WINDOWS\system32\pmnNgFuv.dll [2008-06-24 19:58 28288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnNgFuv]
pmnNgFuv.dll 2008-06-24 19:58 28288 C:\WINDOWS\system32\pmnNgFuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b648e25d-b686-11dc-9a74-000ea695a2d5}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2DCA9D88-E20D-85B5-0007-020008080504}]
C:\WINDOWS\winlog.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 01:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-26 02:57:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-26 02:57:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 17:27:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\pmnNgFuv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-26 17:31:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 21:31:02
ComboFix2.txt 2008-06-26 20:12:36
Pre-Run: 114,207,522,816 bytes free
Post-Run: 114,206,339,072 bytes free
345 --- E O F --- 2008-06-20 00:01:35
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.115 [GMT -4:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ihapqxfa.ini
C:\WINDOWS\system32\nnnoPGwx.dll
C:\WINDOWS\system32\xwGPonnn.ini
C:\WINDOWS\system32\xwGPonnn.ini2
.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.
2008-06-26 17:15 . 2008-06-26 17:15 92,032 --a------ C:\WINDOWS\system32\afxqpahi.dll
2008-06-26 16:41 . 2008-06-26 16:41 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-26 16:07 . 2008-06-26 17:10 758 ---hs---- C:\WINDOWS\system32\chhlupti.ini
2008-06-26 01:09 . 2008-06-26 01:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-25 23:47 . 2008-06-25 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Ltd
2008-06-25 23:38 . 2008-06-26 01:08 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 23:37 . 2008-06-26 01:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-25 23:03 . 2008-06-26 17:21 2,193 --a------ C:\WINDOWS\system32\Config.MPF
2008-06-25 23:02 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-06-25 22:58 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-06-25 22:58 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-06-25 22:58 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-06-25 22:58 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-06-25 22:58 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-06-25 22:58 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-06-25 22:56 . 2008-06-25 22:57 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-25 22:56 . 2008-06-25 23:51 <DIR> d-------- C:\Program Files\McAfee
2008-06-25 22:56 . 2008-06-25 22:58 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-25 22:24 . 2008-06-21 11:35 32,256 --a------ C:\WINDOWS\Sys9.exe
2008-06-25 20:31 . 2008-06-26 02:03 385 --a------ C:\WINDOWS\wininit.ini
2008-06-25 17:40 . 2008-06-25 17:40 92,544 --a------ C:\WINDOWS\system32\xqbfvmku.dll
2008-06-24 20:09 . 2008-06-24 20:09 92,032 --a------ C:\WINDOWS\system32\dttmlwad.dll
2008-06-24 20:09 . 2008-06-21 11:35 32,256 --a------ C:\WINDOWS\Sys2.exe
2008-06-24 20:09 . 2008-06-25 17:38 474 --ahs---- C:\WINDOWS\system32\dawlmttd.ini
2008-06-24 20:04 . 2008-06-24 20:04 92,032 --a------ C:\WINDOWS\system32\gulefjfy.dll
2008-06-24 19:58 . 2008-06-24 19:58 28,288 --a------ C:\WINDOWS\system32\pmnNgFuv.dll
2008-06-24 19:55 . 2008-06-19 18:20 117,248 --a------ C:\WINDOWS\system32\vav.cpl
2008-06-24 19:54 . 2008-06-21 11:35 32,256 --a------ C:\WINDOWS\Sys12.exe
2008-06-24 19:54 . 2008-06-21 11:35 31,744 --a------ C:\WINDOWS\Sys13.exe
2008-06-24 19:54 . 2008-06-21 11:35 30,720 --a------ C:\WINDOWS\Sys15.exe
2008-06-24 19:54 . 2008-06-21 11:35 30,208 --a------ C:\WINDOWS\Sys14.exe
2008-06-21 19:02 . 2008-06-21 19:02 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\acccore
2008-06-21 01:00 . 2008-06-21 01:00 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-21 01:00 . 2008-06-21 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-21 00:59 . 2008-06-21 01:01 <DIR> d-------- C:\Program Files\AIM6
2008-06-10 17:47 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 17:47 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 20:55 --------- d-----w C:\Documents and Settings\Jason\Application Data\ComcastToolbar
2008-06-26 05:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-26 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-24 04:44 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2008-06-21 05:00 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-21 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-20 23:30 --------- d-----w C:\Documents and Settings\Jason\Application Data\Apple Computer
2008-05-20 21:54 --------- d-----w C:\Program Files\Java
2008-05-20 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-20 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-18 02:31 --------- d-----w C:\Program Files\Apple Software Update
2008-05-18 02:27 --------- d-----w C:\Program Files\iTunes
2008-05-18 02:26 --------- d-----w C:\Program Files\iPod
2008-05-18 02:24 --------- d-----w C:\Program Files\QuickTime
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-26_16.11.55.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 20:06:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 21:20:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-08-13 23:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2004-08-04 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-08-04 12:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2004-08-04 12:00:00 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-13 23:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2004-08-04 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2004-08-04 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-10-11 05:57:29 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2004-08-04 12:00:00 1,016,832 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-13 23:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 23:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2004-08-04 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-13 23:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-08-13 23:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00:00 249,344 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-13 23:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2004-08-04 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 23:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2004-08-04 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-13 23:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-08-13 23:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2004-08-04 12:00:00 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-13 23:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2007-08-13 23:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2004-08-04 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-04-24 02:16:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2004-08-04 12:00:00 3,003,392 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00:00 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 23:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2007-08-13 23:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2004-08-04 12:00:00 530,432 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-11 05:57:39 1,498,112 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-09-04 06:08:01 1,494,016 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-10-11 05:57:40 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2005-09-02 23:52:06 473,600 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2004-08-04 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00:00 601,088 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 23:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00:00 276,480 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2004-08-04 12:00:00 656,384 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2004-08-04 12:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2004-08-04 12:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2004-08-04 12:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2004-08-04 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2004-08-04 12:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2004-08-04 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2004-08-04 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 23:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2004-08-04 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
- 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2004-08-04 12:00:00 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2004-08-04 12:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 23:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2004-08-04 12:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2007-08-13 23:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2004-08-04 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2004-08-04 12:00:00 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2004-08-04 12:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2004-08-04 12:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-08-13 23:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2004-08-04 12:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2007-08-13 23:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2004-08-04 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2004-08-04 12:00:00 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2004-08-04 12:00:00 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 23:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2004-08-04 12:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2007-08-13 23:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2004-08-04 12:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2004-08-04 12:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2004-08-04 12:00:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2006-09-04 06:08:01 1,494,016 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2005-09-02 23:52:06 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2004-08-04 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2004-08-04 12:00:00 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-13 23:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2004-08-04 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2004-08-04 12:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2004-08-04 12:00:00 656,384 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E79BE1D-ECF8-4B07-AFDC-EE41727358A7}]
C:\WINDOWS\system32\nnnoPGwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F1854A-DB08-43E9-B6DC-ACBCF302EC21}]
C:\WINDOWS\system32\hgGwUnNd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84AA61C2-A977-4FD8-9E2F-C768F0387572}]
2008-06-24 19:58 28288 --a------ C:\WINDOWS\system32\pmnNgFuv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-12 16:47 50528]
"Sys4.exe"="C:\Windows\Sys4.exe" [ ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 13:32 111904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"4c80b58c"="C:\WINDOWS\system32\afxqpahi.dll" [2008-06-26 17:15 92032]
"combofix"="C:\WINDOWS\system32\CF20053.exe" [2004-08-04 08:00 388608]
C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{84AA61C2-A977-4FD8-9E2F-C768F0387572}"= C:\WINDOWS\system32\pmnNgFuv.dll [2008-06-24 19:58 28288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnNgFuv]
pmnNgFuv.dll 2008-06-24 19:58 28288 C:\WINDOWS\system32\pmnNgFuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b648e25d-b686-11dc-9a74-000ea695a2d5}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2DCA9D88-E20D-85B5-0007-020008080504}]
C:\WINDOWS\winlog.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 01:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-26 02:57:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-26 02:57:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 17:27:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\pmnNgFuv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-26 17:31:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 21:31:02
ComboFix2.txt 2008-06-26 20:12:36
Pre-Run: 114,207,522,816 bytes free
Post-Run: 114,206,339,072 bytes free
345 --- E O F --- 2008-06-20 00:01:35