Thread: Clogged Computer
View Single Post
Old 06-13-2008, 08:31 PM   #6 (permalink)
roblyerd
Registered User
 
Join Date: Jun 2008
Posts: 10
OS: XP SP2


Re: Clogged Computer
Ran script you provided.

ComboFix log is attached.

Reinstalled McAfee. My friend has a year subscription so will install freeware before that runs out. Which one do you recommend?

HijackThis log is pasted below.

There are also weird symbols on the boot screen when first starting the computer. Any ideas about that? Was already planning to check for BIOS updates once the viruses were gone. And add the RAM.

Greatly appreciate your help with all of this.

Dwight

***************

ComboFix 08-06-11.7 - fam 2008-06-13 21:03:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.194 [GMT -5:00]
Running from: C:\Documents and Settings\fam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\fam\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\3036a
C:\WINDOWS\system32\3036a\dBparsdll.exe
C:\WINDOWS\system32\binR
C:\WINDOWS\system32\binR\Wvram13.exe
C:\WINDOWS\system32\dFrnx18
C:\WINDOWS\system32\GUI2
C:\WINDOWS\system32\polX
C:\WINDOWS\system32\polX\roEbdll2.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\Z2xlbiBydXRoZXJmb3Jk
C:\WINDOWS\Z2xlbiBydXRoZXJmb3Jk\command.exe
C:\WINDOWS\Z2xlbiBydXRoZXJmb3Jk\tZU5v21VxrlCtrLAvaL4.vbs

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-13 20:44 . 2008-06-13 20:44 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-13 12:43 . 2008-06-13 12:43 <DIR> d--h----- C:\BJPrinter
2008-06-13 12:43 . 2002-09-05 14:00 87,552 --a------ C:\WINDOWS\system32\CNMLM3m.DLL
2008-06-13 12:43 . 2002-07-30 02:59 73,728 --a------ C:\WINDOWS\system32\CNMCP3m.exe
2008-06-13 12:43 . 2002-09-05 14:00 5,632 --a------ C:\WINDOWS\system32\CNMVS3m.DLL
2008-06-11 01:34 . 2008-06-11 01:35 <DIR> d-------- C:\Documents and Settings\fam\Application Data\Move Networks
2008-06-09 18:58 . 2008-06-09 18:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\Deckard
2008-06-09 18:39 . 2008-06-09 18:42 <DIR> d-------- C:\ie-spyad_zo
2008-06-09 18:20 . 2008-06-09 18:20 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-09 10:46 . 2008-06-09 10:50 <DIR> d-------- C:\Program Files\Panda Security
2008-06-08 12:48 . 2008-06-08 12:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-05 15:00 . 2008-06-05 15:05 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Move Networks
2008-05-31 12:46 . 2008-05-31 12:46 <DIR> d-------- C:\Documents and Settings\fam\Application Data\Leadertech
2008-05-29 22:33 . 2008-05-29 22:33 <DIR> d-------- C:\Documents and Settings\fam\Application Data\Yahoo!
2008-05-22 12:03 . 2008-05-22 12:03 <DIR> d-------- C:\Documents and Settings\fam\Application Data\MSNInstaller
2008-05-19 13:05 . 2008-06-08 12:40 <DIR> d-------- C:\Documents and Settings\fam
2008-05-17 10:34 . 2008-05-17 10:34 83,664 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-05-16 15:57 . 2008-06-02 15:01 637 --a------ C:\WINDOWS\wininit.ini
2008-05-16 12:44 . 2008-05-16 12:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-16 12:44 . 2008-05-16 19:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-05-15 16:32 . 2008-06-13 11:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-05-15 16:22 . 2008-06-13 11:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-05-15 15:19 . 2008-06-13 11:14 <DIR> d-------- C:\Temp
2008-05-15 14:04 . 2008-05-15 14:04 <DIR> d-------- C:\Program Files\PCPitstop
2008-05-15 14:04 . 2008-05-15 15:14 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-14 15:15 . 2008-05-14 15:15 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-14 15:07 . 2008-05-14 15:21 <DIR> d-------- C:\WINDOWS\SHELLNEW

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 16:43 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-13 15:51 --------- d-----w C:\Program Files\Yahoo!
2008-05-22 17:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-05-22 17:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 16:58 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-22 16:57 --------- d-----w C:\Program Files\Microsoft Small Business
2008-05-18 06:13 --------- d-----w C:\Program Files\Hunting Unlimited
2008-05-15 22:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-05-15 20:21 --------- d-----w C:\Program Files\LimeWire
2008-05-15 20:21 --------- d-----w C:\Program Files\Google
2008-05-13 20:00 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot_2008-06-13_11.18.29.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-13 16:15:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 01:42:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-04 10:00:00 2,804,224 ----a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 19:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-04 10:00:00 77,312 ----a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 19:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-04 10:00:00 331,264 ----a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 19:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-04 10:00:00 884,736 ----a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 19:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-04 10:00:00 44,032 ----a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 19:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-04 10:00:00 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 19:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 10:00:00 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 19:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-04 10:00:00 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 19:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 10:00:00 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 19:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 10:00:00 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 19:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2002-09-05 19:00:00 51,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNBMC130.DLL
+ 2002-09-05 19:00:00 50,176 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMCP3m.DLL
+ 2002-09-05 19:00:00 208,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMD43m.DLL
+ 2002-09-05 19:00:00 400,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMDR3m.DLL
+ 2002-09-05 19:00:00 17,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMFU3m.DLL
+ 2002-09-05 19:00:00 13,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMOP3m.DLL
+ 2002-09-05 19:00:00 23,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP03m.DAT
+ 2002-09-05 19:00:00 27,140 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP13m.DAT
+ 2002-09-05 19:00:00 30,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMP23m.DAT
+ 2002-09-05 19:00:00 6,144 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPI3m.DLL
+ 2002-09-05 19:00:00 57,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMPV3m.EXE
+ 2002-09-05 19:00:00 876,544 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSB3m.DLL
+ 2002-09-05 19:00:00 9,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSD3m.EXE
+ 2002-09-05 19:00:00 109,568 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSM3m.EXE
+ 2002-09-05 19:00:00 6,144 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSQ3m.EXE
+ 2002-09-05 19:00:00 47,104 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSR3m.DLL
+ 2002-09-05 19:00:00 110,080 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUB3m.DLL
+ 2002-09-05 19:00:00 1,406,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUI3m.DLL
+ 2002-09-05 19:00:00 146,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMUR3m.DLL
+ 2002-09-05 19:00:00 13,824 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD3m.DLL
+ 2002-09-05 19:00:00 46,080 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP3m.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 17:29]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 21:05:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 2131
ComboFix-quarantined-files.txt 2008-06-14 0228
ComboFix2.txt 2008-06-13 16:18:53
ComboFix3.txt 2008-06-13 15:56:47

Pre-Run: 139,098,345,472 bytes free
Post-Run: 139,164,205,056 bytes free

159 --- E O F --- 2008-06-13 22:54:43


\Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:37 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-1006.bak\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-1006.bak\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-1006.bak\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-1006.bak\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-1006.bak\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User '?')
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-1007.bak\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Guest')
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-501\..\Run: [9485cd11] rundll32.exe "C:\WINDOWS\system32\avwurjdd.dll",b (User 'Guest')
O4 - HKUS\S-1-5-21-790525478-1532298954-682003330-501\..\Run: [BM97b6fe8d] Rundll32.exe "C:\WINDOWS\system32\jrdcefaw.dll",s (User 'Guest')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: McAfee Application Installer Cleanup (0154771213409802) (0154771213409802mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\fam\LOCALS~1\Temp\015477~1.EXE
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 7117 bytes
Attached Files
File Type: txt ComboFix_3.txt (10.4 KB, 1 views)
Last edited by tetonbob; 06-13-2008 at 08:42 PM.
roblyerd is offline