ComboFix 08-02-25.3 - Owner 2008-03-01 15:03:35.4 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\ASEMBL~1
C:\Documents and Settings\Owner\Application Data\ASEMBL~1\a?sembly\
C:\Documents and Settings\Owner\Application Data\ASEMBL~1\logonui.exe
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\nGpxx18
.
((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.
2008-02-24 19:45 . 2008-03-01 09:41 212 --a------ C:\WINDOWS\ssqnmmnm
2008-02-24 12:47 . 2008-02-24 12:47 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-24 12:41 . 2008-02-24 13:18 <DIR> d-------- C:\SDFix
2008-02-21 23:14 . 2008-02-21 23:15 369 --a------ C:\WINDOWS\wininit.ini
2008-02-21 21:51 . 2008-02-21 21:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-21 21:51 . 2008-02-21 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 22:24 . 2008-02-20 22:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-20 22:10 . 2008-02-20 22:10 <DIR> d-------- C:\Program Files\CCleaner
2008-02-20 22:06 . 2008-02-20 22:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-19 18:20 . 2008-02-19 18:20 <DIR> d-------- C:\Program Files\WinZip Self-Extractor
2008-02-19 18:20 . 2008-02-19 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZipSE
2008-02-19 17:05 . 2008-02-19 17:05 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-19 17:03 . 2008-02-26 15:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AppDate
2008-02-19 17:03 . 2008-02-19 17:03 34,304 --a------ C:\WINDOWS\system32\ddayxwtu.dll
2008-02-19 17:03 . 2008-02-19 17:03 34,304 --a------ C:\WINDOWS\jkhfedab.dll
2008-02-19 17:03 . 2008-02-19 17:03 34,304 --a------ C:\Documents and Settings\Owner\Application Data\awtqqpmn.dll
2008-02-19 17:03 . 2008-03-01 16:04 342 --a------ C:\WINDOWS\system32\ssqnmmnm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 08:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-02-29 03:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-27 00:02 --------- d-----w C:\Program Files\uTorrent
2008-02-21 21:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-21 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-20 03:23 --------- d-----w C:\Program Files\LimeWire
2008-01-30 21:02 --------- d-----w C:\Program Files\piPOol
2008-01-30 20:11 --------- d-----w C:\Program Files\illiminable
2008-01-27 00:50 --------- d-----w C:\Program Files\NovaLogic
2008-01-27 00:46 --------- d-----w C:\Program Files\Mpath
2008-01-13 18:15 --------- d-----w C:\Program Files\NCH Swift Sound
2008-01-13 18:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-01-13 18:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-01-13 18:13 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-01-13 18:13 --------- d-----w C:\Program Files\Winamp
2007-12-05 22:53 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4862C7B6-5906-5FA9-511A-5F00B7CC8DC8}]
C:\WINDOWS\system32\lggetcsm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9485F885-9C7C-4EF8-83F6-FE154E3873E9}]
2008-02-19 17:03 34304 --a------ C:\WINDOWS\jkhfedab.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"Cpue"="C:\DOCUME~1\Owner\APPLIC~1\ASEMBL~1\logonui.exe" [ ]
"Grgkhox"="C:\WINDOWS\?icrosoft\j?vaw.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 15:42 212992]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 16:17 58488]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 17:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 16:17 78960]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 18:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 18:51 118784]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-10-18 16:05 135168]
"SoundMan"="SOUNDMAN.EXE" [2004-09-23 22:27 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-24 21:06 2559488 C:\WINDOWS\ALCWZRD.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36 256576]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 17:22 35328]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 06:32 50688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"mljigdbbxu"="C:\WINDOWS\system32\ddayxwtu.dll" [2008-02-19 17:03 34304]
"pmkhghijgd"="C:\WINDOWS\jkhfedab.dll" [2008-02-19 17:03 34304]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli C:\Documents and Settings\Owner\Application Data\awtqqpmn.dll C:\Documents and Settings\Owner\Application Data\awtqqpmn.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 19:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 02:00:10 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-01 16:03:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Documents and Settings\Owner\Application Data\awtqqpmn.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\ddayxwtu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-03-01 16:06:36 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-03-01 21:06:32
.
2008-02-13 06:05:44 --- E O F ---