Tech Support Forum - View Single Post - Pops ups, slowness, and the usual suspects

xtopherp · 06-13-2008, 10:13 PM

Thank you. Here they are. Whatever has been done so far by Combofix, my ability just to get to this forum went unimpeded by any intruding pop-up, which hasn't been the case in day:

HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:45 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Documents and Settings\Christopher\Local Settings\Application Data\VTShared\GCNotifier.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [gcNotifier] C:\Documents and Settings\Christopher\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B0C45AFD-2802-4285-BE1F-714C50FEE6D9} (HprmfPCFileCtrl1 Class) - file://D:\ALBUMS\ALBUM_A\PLUGIN\HPRMFFC.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 14187 bytes

COMBOFIX LOG
ComboFix 08-06-12.2 - Christopher 2008-06-13 22:22:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.478 [GMT -5:00]
Running from: C:\Documents and Settings\Christopher\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\IE Extensions
C:\Program Files\SysCleaner
C:\Program Files\wnsxs~1
C:\Program Files\wnsxs~1\userinit.exe
C:\Program Files\wnsxs~1\W?nSxS\
C:\WINDOWS\BMbbfce874.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aeeayphj.dll
C:\WINDOWS\system32\bwrbnblj.dll
C:\WINDOWS\system32\cbXOHYrO.dll
C:\WINDOWS\system32\dbghtsdv.dll
C:\WINDOWS\system32\mlJCsqRl.dll
C:\WINDOWS\system32\mlJYrqRh.dll
C:\WINDOWS\system32\noxrleda.dll
C:\WINDOWS\system32\pajtudhk.ini
C:\WINDOWS\system32\sfmdboup.ini
C:\WINDOWS\system32\uibhfxwy.dll
C:\WINDOWS\system32\urqRLbyx.dll
C:\WINDOWS\system32\xybLRqru.ini
C:\WINDOWS\system32\xybLRqru.ini2
C:\WINDOWS\system32\ywxfhbiu.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-13 22:35 . 2008-06-13 22:35 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-12 21:09 . 2008-06-12 21:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\XviD
2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\TorrentMan
2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\NetWaiting
2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\EarthLink Setup
2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\Digital Line Detect
2008-06-09 20:36 . 2008-06-09 20:36 <DIR> d-------- C:\ie-spyad_zo
2008-06-09 18:53 . 2008-06-09 18:53 <DIR> d-------- C:\Program Files\Panda Security
2008-06-07 17:57 . 2008-06-07 17:57 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\Nero
2008-06-07 17:53 . 2008-06-07 17:53 <DIR> d-------- C:\Program Files\Nero
2008-06-07 17:53 . 2008-06-12 20:33 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-07 17:53 . 2008-06-12 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-07 16:54 . 2008-06-08 19:32 <DIR> d-------- C:\Program Files\Conduit
2008-06-07 15:36 . 2008-06-07 15:36 <DIR> d-------- C:\Program Files\DVD Shrink
2008-06-07 15:36 . 2008-06-07 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-05 22:11 . 2008-06-05 22:11 <DIR> d-------- C:\TN Intl Pageant
2008-06-05 22:09 . 2008-06-05 22:09 641,021 --a------ C:\WINDOWS\unins000.exe
2008-06-05 22:09 . 2004-07-26 12:12 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2008-06-05 22:09 . 2004-07-26 12:12 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll
2008-06-05 22:09 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-06-05 22:09 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-05 22:09 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-06-05 22:09 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-06-05 21:55 . 2008-06-05 21:55 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\DivX
2008-06-05 21:43 . 2008-06-07 10:08 <DIR> d-------- C:\Program Files\DivX
2008-06-05 21:33 . 2008-06-05 21:36 <DIR> d-------- C:\DECCHECK
2008-06-02 18:05 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-31 16:10 . 2008-05-31 16:10 <DIR> d-------- C:\Program Files\Sony Online Entertainment
2008-05-22 17:19 . 2008-05-22 17:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-19 23:19 . 2008-05-19 23:19 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-17 22:47 . 2008-05-17 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 01:49 --------- d-----w C:\Program Files\Roxio
2008-06-13 01:32 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-06-11 02:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 01:45 --------- d-----w C:\Program Files\Comcast Play Games
2008-06-11 01:45 --------- d-----w C:\Program Files\Chill
2008-06-10 01:31 --------- d-----w C:\Program Files\DIGStream
2008-06-08 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-08 22:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 23:05 --------- d-----w C:\Program Files\Java
2008-05-25 15:33 --------- d-----w C:\Documents and Settings\Christopher\Application Data\Apple Computer
2008-05-22 22:22 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-20 04:20 --------- d-----w C:\Program Files\Safari
2008-05-20 03:15 --------- d-----w C:\Program Files\PokerStars
2008-05-14 03:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-02-25 16:52 31,744 ----a-w C:\Program Files\xloader30029.exe
2008-02-15 01:13 10,752 ----a-w C:\Program Files\11709078.exe
2008-02-15 01:12 10,752 ----a-w C:\Program Files\11647578.exe
2008-02-15 01:11 10,752 ----a-w C:\Program Files\11585468.exe
2008-02-15 01:10 10,752 ----a-w C:\Program Files\11523781.exe
2008-02-15 01:09 10,752 ----a-w C:\Program Files\11461562.exe
2008-02-15 01:08 10,752 ----a-w C:\Program Files\11399515.exe
2008-02-15 01:07 10,752 ----a-w C:\Program Files\11337718.exe
2008-02-15 01:06 10,752 ----a-w C:\Program Files\11275921.exe
2008-02-15 01:05 10,752 ----a-w C:\Program Files\11213828.exe
2008-02-15 01:04 10,752 ----a-w C:\Program Files\11151437.exe
2008-02-15 01:03 10,752 ----a-w C:\Program Files\11089062.exe
2008-02-15 01:02 10,752 ----a-w C:\Program Files\11027437.exe
2008-02-15 01:01 10,752 ----a-w C:\Program Files\10965500.exe
2008-02-15 01:00 10,752 ----a-w C:\Program Files\10903703.exe
2008-02-15 00:59 10,752 ----a-w C:\Program Files\10841828.exe
2008-02-15 00:58 10,752 ----a-w C:\Program Files\10779609.exe
2008-02-15 00:57 10,752 ----a-w C:\Program Files\10717625.exe
2008-02-15 00:56 10,752 ----a-w C:\Program Files\10655656.exe
2008-02-15 00:55 10,752 ----a-w C:\Program Files\10593906.exe
2008-02-15 00:54 10,752 ----a-w C:\Program Files\10532484.exe
2008-02-15 00:53 10,752 ----a-w C:\Program Files\10470218.exe
2008-02-15 00:52 10,752 ----a-w C:\Program Files\10408437.exe
2008-02-15 00:51 10,752 ----a-w C:\Program Files\10347187.exe
2008-02-15 00:50 10,752 ----a-w C:\Program Files\10285312.exe
2008-02-15 00:49 10,752 ----a-w C:\Program Files\10223453.exe
2008-02-15 00:48 10,752 ----a-w C:\Program Files\10161109.exe
2008-02-15 00:47 10,752 ----a-w C:\Program Files\10099031.exe
2008-02-15 00:46 10,752 ----a-w C:\Program Files\10037734.exe
2008-02-15 00:44 10,752 ----a-w C:\Program Files\9929968.exe
2008-02-15 00:43 10,752 ----a-w C:\Program Files\9864609.exe
2008-02-15 00:37 12,288 ----a-w C:\Program Files\9521234.exe
2008-02-15 00:37 10,240 ----a-w C:\Program Files\9508234.exe
2008-02-05 05:06 11,776 ----a-w C:\Program Files\21901437.exe
2008-02-05 05:06 10,752 ----a-w C:\Program Files\21919468.exe
2008-02-05 05:05 10,752 ----a-w C:\Program Files\21860625.exe
2008-02-05 05:04 10,752 ----a-w C:\Program Files\21796609.exe
2008-02-05 05:03 10,752 ----a-w C:\Program Files\21733734.exe
2008-02-05 05:02 10,752 ----a-w C:\Program Files\21671093.exe
2008-02-05 05:01 10,752 ----a-w C:\Program Files\21608953.exe
2008-02-05 05:00 10,752 ----a-w C:\Program Files\21546437.exe
2008-02-05 04:59 10,752 ----a-w C:\Program Files\21482875.exe
2008-02-05 04:58 10,752 ----a-w C:\Program Files\21418859.exe
2008-02-05 04:56 10,752 ----a-w C:\Program Files\21356031.exe
2008-02-05 04:55 10,752 ----a-w C:\Program Files\21293640.exe
2008-02-05 04:54 10,752 ----a-w C:\Program Files\21230765.exe
2008-02-05 04:53 10,752 ----a-w C:\Program Files\21167515.exe
2008-02-05 04:52 10,752 ----a-w C:\Program Files\21104359.exe
2008-02-05 04:50 10,752 ----a-w C:\Program Files\20977859.exe
2008-02-05 04:49 10,752 ----a-w C:\Program Files\20915421.exe
2008-02-05 04:48 10,752 ----a-w C:\Program Files\20852859.exe
2008-02-05 04:47 10,752 ----a-w C:\Program Files\20789625.exe
2008-02-05 04:46 10,752 ----a-w C:\Program Files\20726734.exe
2008-02-05 04:45 10,752 ----a-w C:\Program Files\20663640.exe
2008-02-05 04:44 10,752 ----a-w C:\Program Files\20600703.exe
2008-02-05 04:43 10,752 ----a-w C:\Program Files\20538234.exe
2008-02-05 04:42 10,752 ----a-w C:\Program Files\20476484.exe
2008-02-05 04:41 10,752 ----a-w C:\Program Files\20414390.exe
2008-02-05 04:40 10,752 ----a-w C:\Program Files\20351390.exe
2008-02-05 04:39 10,752 ----a-w C:\Program Files\20289656.exe
2008-02-05 04:38 10,752 ----a-w C:\Program Files\20227515.exe
2008-02-05 04:37 10,752 ----a-w C:\Program Files\20165546.exe
2008-02-05 04:36 10,752 ----a-w C:\Program Files\20102531.exe
2008-02-05 04:35 10,752 ----a-w C:\Program Files\20040687.exe
2008-02-05 04:34 10,752 ----a-w C:\Program Files\19978265.exe
2008-02-05 04:32 10,752 ----a-w C:\Program Files\19916984.exe
2008-02-05 04:31 10,752 ----a-w C:\Program Files\19854546.exe
2008-02-05 04:30 10,752 ----a-w C:\Program Files\19791953.exe
2008-02-05 04:29 10,752 ----a-w C:\Program Files\19729546.exe
2008-02-05 04:28 10,752 ----a-w C:\Program Files\19667375.exe
2008-02-05 04:27 10,752 ----a-w C:\Program Files\19604250.exe
2008-02-05 04:26 10,752 ----a-w C:\Program Files\19541796.exe
2008-02-05 04:25 10,752 ----a-w C:\Program Files\19479921.exe
2008-02-05 04:24 10,752 ----a-w C:\Program Files\19417234.exe
2008-02-05 04:23 10,752 ----a-w C:\Program Files\19355125.exe
2008-02-05 04:22 10,752 ----a-w C:\Program Files\19292515.exe
2008-02-05 04:21 10,752 ----a-w C:\Program Files\19230031.exe
2008-02-05 04:20 10,752 ----a-w C:\Program Files\19167531.exe
2008-02-05 04:19 10,752 ----a-w C:\Program Files\19105203.exe
2008-02-05 04:18 10,752 ----a-w C:\Program Files\19042578.exe
2008-02-05 04:17 10,752 ----a-w C:\Program Files\18979281.exe
2008-02-05 04:16 10,752 ----a-w C:\Program Files\18916968.exe
2008-02-05 04:15 10,752 ----a-w C:\Program Files\18855218.exe
2008-02-05 04:14 10,752 ----a-w C:\Program Files\18792484.exe
2008-02-05 04:13 10,752 ----a-w C:\Program Files\18730218.exe
2008-02-05 04:12 10,752 ----a-w C:\Program Files\18668031.exe
2008-02-05 05:07 39,462 --sh--r C:\WINDOWS\Installer\{5e6fe06e-8ec3-472c-b364-227326a89f0d}\zip.dll
2008-02-05 05:07 14,374 --sh--r C:\WINDOWS\Installer\{9c6cc8ca-c6cd-404c-a987-d0e5124aad8c}\AvpRunOnce.dll
2006-10-08 21:54 56 --sh--r C:\WINDOWS\system32\24927FC793.sys
2006-09-27 02:37 88 --sh--r C:\WINDOWS\system32\93C77F9224.sys
2006-10-08 21:54 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-05-02 14:12 1193472]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2007-05-02 14:13 373760]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2007-05-02 14:14 1463296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:51 7323648]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12 98304]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49 1121280]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-05 23:15 169984]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00 1005096]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 02:14 188416]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 03:09 488984]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 03:12 244512]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"gcNotifier"="C:\Documents and Settings\Christopher\Local Settings\Application Data\VTShared\GCNotifier.exe" [2008-01-25 11:06 176128]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-05 23:05:07 24576]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-07-30 18:22:00 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-30 18:20:16 692224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 20:15:54 65588]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-10-03 13:56:10 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 17:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-14 03:43:42 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (KREBSTAR-Christopher).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 22:44:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\fb36.tmp 1536 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
.
**************************************************************************
.
Completion time: 2008-06-13 23:01:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 04:00:34

Pre-Run: 261,747,294,208 bytes free
Post-Run: 262,196,162,560 bytes free

327 --- E O F --- 2008-05-28 08:01:09

06-13-2008, 10:13 PM	#4 (permalink)
xtopherp Registered User Join Date: Jun 2008 Location: Nashville Posts: 21 OS: XP	Re: Pops ups, slowness, and the usual suspects Thank you. Here they are. Whatever has been done so far by Combofix, my ability just to get to this forum went unimpeded by any intruding pop-up, which hasn't been the case in day: HJT LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:08:45 PM, on 6/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Documents and Settings\Christopher\Local Settings\Application Data\VTShared\GCNotifier.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe C:\Program Files\TiVo\Desktop\TiVoNotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\TiVo\Desktop\TiVoServer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [gcNotifier] C:\Documents and Settings\Christopher\Local Settings\Application Data\VTShared\GCNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {B0C45AFD-2802-4285-BE1F-714C50FEE6D9} (HprmfPCFileCtrl1 Class) - file://D:\ALBUMS\ALBUM_A\PLUGIN\HPRMFFC.CAB O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpf...qdiagh.cab?326 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- End of file - 14187 bytes COMBOFIX LOG ComboFix 08-06-12.2 - Christopher 2008-06-13 22:22:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.478 [GMT -5:00] Running from: C:\Documents and Settings\Christopher\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\IE Extensions C:\Program Files\SysCleaner C:\Program Files\wnsxs~1 C:\Program Files\wnsxs~1\userinit.exe C:\Program Files\wnsxs~1\W?nSxS\ C:\WINDOWS\BMbbfce874.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\aeeayphj.dll C:\WINDOWS\system32\bwrbnblj.dll C:\WINDOWS\system32\cbXOHYrO.dll C:\WINDOWS\system32\dbghtsdv.dll C:\WINDOWS\system32\mlJCsqRl.dll C:\WINDOWS\system32\mlJYrqRh.dll C:\WINDOWS\system32\noxrleda.dll C:\WINDOWS\system32\pajtudhk.ini C:\WINDOWS\system32\sfmdboup.ini C:\WINDOWS\system32\uibhfxwy.dll C:\WINDOWS\system32\urqRLbyx.dll C:\WINDOWS\system32\xybLRqru.ini C:\WINDOWS\system32\xybLRqru.ini2 C:\WINDOWS\system32\ywxfhbiu.ini . ((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))) . 2008-06-13 22:35 . 2008-06-13 22:35 <DIR> d-------- C:\WINDOWS\LastGood 2008-06-12 21:09 . 2008-06-12 21:09 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\XviD 2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\Viewpoint 2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\TorrentMan 2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\NetWaiting 2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\EarthLink Setup 2008-06-12 20:32 . 2008-06-12 20:32 <DIR> d-------- C:\Program Files\Digital Line Detect 2008-06-09 20:36 . 2008-06-09 20:36 <DIR> d-------- C:\ie-spyad_zo 2008-06-09 18:53 . 2008-06-09 18:53 <DIR> d-------- C:\Program Files\Panda Security 2008-06-07 17:57 . 2008-06-07 17:57 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\Nero 2008-06-07 17:53 . 2008-06-07 17:53 <DIR> d-------- C:\Program Files\Nero 2008-06-07 17:53 . 2008-06-12 20:33 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-06-07 17:53 . 2008-06-12 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-06-07 16:54 . 2008-06-08 19:32 <DIR> d-------- C:\Program Files\Conduit 2008-06-07 15:36 . 2008-06-07 15:36 <DIR> d-------- C:\Program Files\DVD Shrink 2008-06-07 15:36 . 2008-06-07 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-06-05 22:11 . 2008-06-05 22:11 <DIR> d-------- C:\TN Intl Pageant 2008-06-05 22:09 . 2008-06-05 22:09 641,021 --a------ C:\WINDOWS\unins000.exe 2008-06-05 22:09 . 2004-07-26 12:12 187,904 --a------ C:\WINDOWS\system32\Lame.exe 2008-06-05 22:09 . 2004-07-26 12:12 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll 2008-06-05 22:09 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-06-05 22:09 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-06-05 22:09 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2008-06-05 22:09 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2008-06-05 21:55 . 2008-06-05 21:55 <DIR> d-------- C:\Documents and Settings\Christopher\Application Data\DivX 2008-06-05 21:43 . 2008-06-07 10:08 <DIR> d-------- C:\Program Files\DivX 2008-06-05 21:33 . 2008-06-05 21:36 <DIR> d-------- C:\DECCHECK 2008-06-02 18:05 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-31 16:10 . 2008-05-31 16:10 <DIR> d-------- C:\Program Files\Sony Online Entertainment 2008-05-22 17:19 . 2008-05-22 17:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-05-19 23:19 . 2008-05-19 23:19 <DIR> d-------- C:\Program Files\Apple Software Update 2008-05-17 22:47 . 2008-05-17 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-13 01:49 --------- d-----w C:\Program Files\Roxio 2008-06-13 01:32 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-06-11 02:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-11 01:45 --------- d-----w C:\Program Files\Comcast Play Games 2008-06-11 01:45 --------- d-----w C:\Program Files\Chill 2008-06-10 01:31 --------- d-----w C:\Program Files\DIGStream 2008-06-08 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-06-08 22:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-02 23:05 --------- d-----w C:\Program Files\Java 2008-05-25 15:33 --------- d-----w C:\Documents and Settings\Christopher\Application Data\Apple Computer 2008-05-22 22:22 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-05-20 04:20 --------- d-----w C:\Program Files\Safari 2008-05-20 03:15 --------- d-----w C:\Program Files\PokerStars 2008-05-14 03:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\MonteCristo 2008-02-25 16:52 31,744 ----a-w C:\Program Files\xloader30029.exe 2008-02-15 01:13 10,752 ----a-w C:\Program Files\11709078.exe 2008-02-15 01:12 10,752 ----a-w C:\Program Files\11647578.exe 2008-02-15 01:11 10,752 ----a-w C:\Program Files\11585468.exe 2008-02-15 01:10 10,752 ----a-w C:\Program Files\11523781.exe 2008-02-15 01:09 10,752 ----a-w C:\Program Files\11461562.exe 2008-02-15 01:08 10,752 ----a-w C:\Program Files\11399515.exe 2008-02-15 01:07 10,752 ----a-w C:\Program Files\11337718.exe 2008-02-15 01:06 10,752 ----a-w C:\Program Files\11275921.exe 2008-02-15 01:05 10,752 ----a-w C:\Program Files\11213828.exe 2008-02-15 01:04 10,752 ----a-w C:\Program Files\11151437.exe 2008-02-15 01:03 10,752 ----a-w C:\Program Files\11089062.exe 2008-02-15 01:02 10,752 ----a-w C:\Program Files\11027437.exe 2008-02-15 01:01 10,752 ----a-w C:\Program Files\10965500.exe 2008-02-15 01:00 10,752 ----a-w C:\Program Files\10903703.exe 2008-02-15 00:59 10,752 ----a-w C:\Program Files\10841828.exe 2008-02-15 00:58 10,752 ----a-w C:\Program Files\10779609.exe 2008-02-15 00:57 10,752 ----a-w C:\Program Files\10717625.exe 2008-02-15 00:56 10,752 ----a-w C:\Program Files\10655656.exe 2008-02-15 00:55 10,752 ----a-w C:\Program Files\10593906.exe 2008-02-15 00:54 10,752 ----a-w C:\Program Files\10532484.exe 2008-02-15 00:53 10,752 ----a-w C:\Program Files\10470218.exe 2008-02-15 00:52 10,752 ----a-w C:\Program Files\10408437.exe 2008-02-15 00:51 10,752 ----a-w C:\Program Files\10347187.exe 2008-02-15 00:50 10,752 ----a-w C:\Program Files\10285312.exe 2008-02-15 00:49 10,752 ----a-w C:\Program Files\10223453.exe 2008-02-15 00:48 10,752 ----a-w C:\Program Files\10161109.exe 2008-02-15 00:47 10,752 ----a-w C:\Program Files\10099031.exe 2008-02-15 00:46 10,752 ----a-w C:\Program Files\10037734.exe 2008-02-15 00:44 10,752 ----a-w C:\Program Files\9929968.exe 2008-02-15 00:43 10,752 ----a-w C:\Program Files\9864609.exe 2008-02-15 00:37 12,288 ----a-w C:\Program Files\9521234.exe 2008-02-15 00:37 10,240 ----a-w C:\Program Files\9508234.exe 2008-02-05 05:06 11,776 ----a-w C:\Program Files\21901437.exe 2008-02-05 05:06 10,752 ----a-w C:\Program Files\21919468.exe 2008-02-05 05:05 10,752 ----a-w C:\Program Files\21860625.exe 2008-02-05 05:04 10,752 ----a-w C:\Program Files\21796609.exe 2008-02-05 05:03 10,752 ----a-w C:\Program Files\21733734.exe 2008-02-05 05:02 10,752 ----a-w C:\Program Files\21671093.exe 2008-02-05 05:01 10,752 ----a-w C:\Program Files\21608953.exe 2008-02-05 05:00 10,752 ----a-w C:\Program Files\21546437.exe 2008-02-05 04:59 10,752 ----a-w C:\Program Files\21482875.exe 2008-02-05 04:58 10,752 ----a-w C:\Program Files\21418859.exe 2008-02-05 04:56 10,752 ----a-w C:\Program Files\21356031.exe 2008-02-05 04:55 10,752 ----a-w C:\Program Files\21293640.exe 2008-02-05 04:54 10,752 ----a-w C:\Program Files\21230765.exe 2008-02-05 04:53 10,752 ----a-w C:\Program Files\21167515.exe 2008-02-05 04:52 10,752 ----a-w C:\Program Files\21104359.exe 2008-02-05 04:50 10,752 ----a-w C:\Program Files\20977859.exe 2008-02-05 04:49 10,752 ----a-w C:\Program Files\20915421.exe 2008-02-05 04:48 10,752 ----a-w C:\Program Files\20852859.exe 2008-02-05 04:47 10,752 ----a-w C:\Program Files\20789625.exe 2008-02-05 04:46 10,752 ----a-w C:\Program Files\20726734.exe 2008-02-05 04:45 10,752 ----a-w C:\Program Files\20663640.exe 2008-02-05 04:44 10,752 ----a-w C:\Program Files\20600703.exe 2008-02-05 04:43 10,752 ----a-w C:\Program Files\20538234.exe 2008-02-05 04:42 10,752 ----a-w C:\Program Files\20476484.exe 2008-02-05 04:41 10,752 ----a-w C:\Program Files\20414390.exe 2008-02-05 04:40 10,752 ----a-w C:\Program Files\20351390.exe 2008-02-05 04:39 10,752 ----a-w C:\Program Files\20289656.exe 2008-02-05 04:38 10,752 ----a-w C:\Program Files\20227515.exe 2008-02-05 04:37 10,752 ----a-w C:\Program Files\20165546.exe 2008-02-05 04:36 10,752 ----a-w C:\Program Files\20102531.exe 2008-02-05 04:35 10,752 ----a-w C:\Program Files\20040687.exe 2008-02-05 04:34 10,752 ----a-w C:\Program Files\19978265.exe 2008-02-05 04:32 10,752 ----a-w C:\Program Files\19916984.exe 2008-02-05 04:31 10,752 ----a-w C:\Program Files\19854546.exe 2008-02-05 04:30 10,752 ----a-w C:\Program Files\19791953.exe 2008-02-05 04:29 10,752 ----a-w C:\Program Files\19729546.exe 2008-02-05 04:28 10,752 ----a-w C:\Program Files\19667375.exe 2008-02-05 04:27 10,752 ----a-w C:\Program Files\19604250.exe 2008-02-05 04:26 10,752 ----a-w C:\Program Files\19541796.exe 2008-02-05 04:25 10,752 ----a-w C:\Program Files\19479921.exe 2008-02-05 04:24 10,752 ----a-w C:\Program Files\19417234.exe 2008-02-05 04:23 10,752 ----a-w C:\Program Files\19355125.exe 2008-02-05 04:22 10,752 ----a-w C:\Program Files\19292515.exe 2008-02-05 04:21 10,752 ----a-w C:\Program Files\19230031.exe 2008-02-05 04:20 10,752 ----a-w C:\Program Files\19167531.exe 2008-02-05 04:19 10,752 ----a-w C:\Program Files\19105203.exe 2008-02-05 04:18 10,752 ----a-w C:\Program Files\19042578.exe 2008-02-05 04:17 10,752 ----a-w C:\Program Files\18979281.exe 2008-02-05 04:16 10,752 ----a-w C:\Program Files\18916968.exe 2008-02-05 04:15 10,752 ----a-w C:\Program Files\18855218.exe 2008-02-05 04:14 10,752 ----a-w C:\Program Files\18792484.exe 2008-02-05 04:13 10,752 ----a-w C:\Program Files\18730218.exe 2008-02-05 04:12 10,752 ----a-w C:\Program Files\18668031.exe 2008-02-05 05:07 39,462 --sh--r C:\WINDOWS\Installer\{5e6fe06e-8ec3-472c-b364-227326a89f0d}\zip.dll 2008-02-05 05:07 14,374 --sh--r C:\WINDOWS\Installer\{9c6cc8ca-c6cd-404c-a987-d0e5124aad8c}\AvpRunOnce.dll 2006-10-08 21:54 56 --sh--r C:\WINDOWS\system32\24927FC793.sys 2006-09-27 02:37 88 --sh--r C:\WINDOWS\system32\93C77F9224.sys 2006-10-08 21:54 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784] "TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-05-02 14:12 1193472] "TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2007-05-02 14:13 373760] "TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2007-05-02 14:14 1463296] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 20:51 7323648] "CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12 98304] "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056] "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49 1121280] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-05 23:15 169984] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00 1005096] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 02:14 188416] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe] "Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 03:09 488984] "LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 03:12 244512] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384] "gcNotifier"="C:\Documents and Settings\Christopher\Local Settings\Application Data\VTShared\GCNotifier.exe" [2008-01-25 11:06 176128] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-05 23:05:07 24576] Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-07-30 18:22:00 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-30 18:20:16 692224] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 20:15:54 65588] ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-10-03 13:56:10 54512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Media Center Extender Service "3390:TCP"= 3390:TCP:Remote Media Center Experience R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23] R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service [] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36] S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 05:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-06-07 17:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-14 03:43:42 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (KREBSTAR-Christopher).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-13 22:44:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\fb36.tmp 1536 bytes scan completed successfully hidden files: 1 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\McAfee.com\Agent\Mcdetect.exe C:\PROGRA~1\McAfee.com\VSO\McShield.exe C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\McrdSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\CTxfispi.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\McAfee\SpamKiller\MSKAgent.exe C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe . ************************************************************************ . Completion time: 2008-06-13 23:01:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-14 04:00:34 Pre-Run: 261,747,294,208 bytes free Post-Run: 262,196,162,560 bytes free 327 --- E O F --- 2008-05-28 08:01:09