ComboFix 07-11-08.1 - dad 2007-11-15 14:36:49.3 - NTFSx86
Running from: C:\Documents and Settings\dad\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dad\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\81F.tmp
C:\820.tmp
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
C:\WINDOWS\cpbrkpie.ocx
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\81F.tmp
C:\820.tmp
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
C:\WINDOWS\cpbrkpie.ocx
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.
2007-11-11 19:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-11-11 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-10 19:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 18:53 --------- d-----w C:\Program Files\WildTangent
2007-11-10 23:38 --------- d-----w C:\Program Files\AIM6
2007-11-10 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-26 13:38 --------- d-----w C:\Documents and Settings\dad\Application Data\Viewpoint
2007-10-26 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-18 05:10 --------- d-----w C:\Documents and Settings\dad\Application Data\LimeWire
2007-10-10 23:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 23:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-10 23:04 --------- d-----w C:\Documents and Settings\dad\Application Data\InterTrust
2007-01-04 23:42 91,720 ----a-w C:\Documents and Settings\dad\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2007-11-10_19.58.47.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\SYSTEM32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\shell32.dll
- 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-24 23:00]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 19:22]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 11:00]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 18:10]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 10:25]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 12:42]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 08:21]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50]
"HostManager"="C:\Program Files\Common Files\AOL\1109124511\ee\AOLSoftware.exe" [2006-09-25 19:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 13:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-02-22 21:12]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-07-06 20:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 01:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (GEORGE-dad).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-11-15 19:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-beth).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:52:01 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-caitlyn).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:52:30 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-dad).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:55:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-dan).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:56:01 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-mom).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:52:01 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-samantha).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:56:05 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-tgd).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:52:02 C:\WINDOWS\Tasks\McAfee.com Update Check (DESOMMA-tom).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:16:07 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-beth).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:52:02 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-caitlyn).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-11-15 19:56:08 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-dad).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-15 19:52:02 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-dan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-15 19:54:01 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-mom).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-15 19:56:09 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-samantha).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-11-15 19:55:00 C:\WINDOWS\Tasks\McAfee.com Update Check (GEORGE-tom).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-15 14:45:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 14:57:35 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-11 18:00
C:\ComboFix3.txt ... 2007-11-10 19:59
.
--- E O F ---