Tech Support Forum - View Single Post - Tried the 5 steps and still have an occasional pop up

gtjhill · 06-14-2008, 02:53 PM

Ok, I have ran combo fix and I wanted to post this log ASAP.

ComboFix 08-06-12.2 - Jonathan Hill 2008-06-14 16:34:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502 [GMT -4:00]
Running from: C:\Documents and Settings\Jonathan Hill\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\vtmp2
C:\WINDOWS\BM0c73e8d9.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drvspmqq.dll
C:\WINDOWS\system32\ekoiuepx.ini
C:\WINDOWS\system32\luygfees.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nahdjeex.dll
C:\WINDOWS\system32\vhdmkboe.dll
C:\WINDOWS\system32\ygoaoxuw.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-13 21:15 . 2008-06-13 21:16 <DIR> d-------- C:\Program Files\iTunes
2008-06-13 21:15 . 2008-06-13 21:15 <DIR> d-------- C:\Program Files\iPod
2008-06-13 19:31 . 2008-06-13 19:32 <DIR> d-------- C:\Program Files\QuickTime
2008-06-10 22:13 . 2008-06-10 22:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-10 22:03 . 2008-06-10 22:03 <DIR> d-------- C:\Deckard
2008-06-10 18:47 . 2008-06-10 18:47 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-10 18:47 . 2008-06-10 18:47 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-10 18:47 . 2008-06-10 18:47 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-10 18:47 . 2008-06-10 18:47 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-10 18:40 . 2008-06-10 18:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-10 17:09 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-06-10 17:09 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-06-10 17:09 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-06-10 17:09 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-06-10 17:07 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-10 17:06 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-06-10 17:06 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-06-10 17:06 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-06-10 17:06 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-06-10 17:05 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-06-10 17:05 . 2008-04-13 14:45 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-06-10 17:05 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-06-10 17:05 . 2008-04-13 20:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-06-10 17:05 . 2008-04-13 20:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-06-10 17:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-06-10 17:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-06-10 17:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-06-10 17:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-06-10 17:05 . 2007-06-21 01:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-06-10 17:03 . 2008-04-13 20:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-06-10 16:26 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 16:25 . 2008-04-14 08:30 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 15:55 . 2008-06-10 15:55 <DIR> d-------- C:\ie-spyad_zo
2008-06-10 15:46 . 2008-06-14 16:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 15:45 . 2008-06-14 15:26 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-09 22:52 . 2008-06-09 22:52 <DIR> d-------- C:\Program Files\Panda Security
2008-06-09 08:15 . 2008-06-09 08:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 08:15 . 2008-06-09 08:15 <DIR> d-------- C:\Documents and Settings\Jonathan Hill\Application Data\Malwarebytes
2008-06-09 08:15 . 2008-06-09 08:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 08:15 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-09 08:15 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 09:48 . 2008-06-14 16:40 10,163 --a------ C:\WINDOWS\system32\Config.MPF
2008-06-08 09:43 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-06-08 09:43 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-06-08 09:43 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-06-08 09:43 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-06-08 09:43 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-06-08 09:42 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-06-08 09:38 . 2008-06-08 19:23 <DIR> d-------- C:\Program Files\McAfee
2008-06-08 09:38 . 2008-06-08 09:43 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-08 09:29 . 2008-06-08 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-07 15:03 . 2008-06-07 15:03 <DIR> d-------- C:\WINDOWS\system32\vntiho05
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 23:26 --------- d-----w C:\Program Files\Apple Software Update
2008-06-10 02:42 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-09 22:11 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-08 13:51 --------- d-----w C:\Program Files\McAfee.com
2008-06-08 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-11 03:11 --------- d-----w C:\Program Files\Sun
2008-05-11 03:11 --------- d-----w C:\Program Files\Java
2008-05-11 03:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-11 03:03 --------- d-----w C:\Documents and Settings\Jonathan Hill\Application Data\AdobeUM
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 11:49 --------- d-----w C:\Documents and Settings\Jonathan Hill\Application Data\MP3Rocket
2008-04-16 23:40 --------- d-----w C:\Program Files\GlobeCom_Activation
2008-04-16 23:40 --------- d-----w C:\Program Files\Common Files\Motive
2008-04-16 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-04-14 12:30 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2006-08-17 19:01 0 ----a-w C:\Documents and Settings\Jonathan Hill\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 13:29 61440]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 12:40 188416]
"PSDiagnosticM"="C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 16:29 315392]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00

36 53248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Harmony Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Harmony Monitor.lnk
backup=C:\WINDOWS\pss\Harmony Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote V5.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Harmony Remote V5.lnk
backup=C:\WINDOWS\pss\Logitech Harmony Remote V5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0f40db45]
C:\WINDOWS\system32\hnevaafu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-09-28 01:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0c73e8d9]
C:\WINDOWS\system32\ygoaoxuw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2005-08-01 18:26 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2005-10-11 20:17 409600 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\1138931970\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 03:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-02-02 21:00 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSA Shellu]
C:\Documents and Settings\Jonathan Hill\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 17:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2007-11-01 19:12 582992 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2007-12-06 15:10 419152 c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-16 09:56 236016 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1188.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-06-19 16:50 729178 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1138931970\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1138931970\\ee\\aim6.exe"=
"C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-02-21 14:36]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 05:06]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 18:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-02-21 14:36]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-02-21 14:36]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 11:24]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 23:26:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-08 13:41:22 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-08 13:41:21 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-14 20:50:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 16:42:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-06-14 16:50:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 20:50:33

Pre-Run: 37,355,839,488 bytes free
Post-Run: 37,326,364,672 bytes free

263 --- E O F --- 2008-05-19 07:07:38

06-14-2008, 02:53 PM	#6 (permalink)
gtjhill Registered User Join Date: Jun 2008 Posts: 7 OS: windows xp	Re: Tried the 5 steps and still have an occasional pop up Ok, I have ran combo fix and I wanted to post this log ASAP. ComboFix 08-06-12.2 - Jonathan Hill 2008-06-14 16:34:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502 [GMT -4:00] Running from: C:\Documents and Settings\Jonathan Hill\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\vtmp2 C:\WINDOWS\BM0c73e8d9.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\drvspmqq.dll C:\WINDOWS\system32\ekoiuepx.ini C:\WINDOWS\system32\luygfees.dll C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nahdjeex.dll C:\WINDOWS\system32\vhdmkboe.dll C:\WINDOWS\system32\ygoaoxuw.dll . ((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))) . 2008-06-13 21:15 . 2008-06-13 21:16 <DIR> d-------- C:\Program Files\iTunes 2008-06-13 21:15 . 2008-06-13 21:15 <DIR> d-------- C:\Program Files\iPod 2008-06-13 19:31 . 2008-06-13 19:32 <DIR> d-------- C:\Program Files\QuickTime 2008-06-10 22:13 . 2008-06-10 22:13 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-10 22:03 . 2008-06-10 22:03 <DIR> d-------- C:\Deckard 2008-06-10 18:47 . 2008-06-10 18:47 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-06-10 18:47 . 2008-06-10 18:47 <DIR> d-------- C:\WINDOWS\system32\en 2008-06-10 18:47 . 2008-06-10 18:47 <DIR> d-------- C:\WINDOWS\system32\bits 2008-06-10 18:47 . 2008-06-10 18:47 <DIR> d-------- C:\WINDOWS\l2schemas 2008-06-10 18:40 . 2008-06-10 18:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-06-10 17:09 . 2008-04-13 20:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll 2008-06-10 17:09 . 2008-04-13 20:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll 2008-06-10 17:09 . 2008-04-13 20:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-06-10 17:09 . 2008-04-13 20:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-06-10 17:07 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2008-06-10 17:06 . 2008-04-13 20:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll 2008-06-10 17:06 . 2008-04-13 20:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-06-10 17:06 . 2008-04-13 20:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll 2008-06-10 17:06 . 2008-04-13 20:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe 2008-06-10 17:05 . 2008-04-13 20:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll 2008-06-10 17:05 . 2008-04-13 14:45 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys 2008-06-10 17:05 . 2008-04-13 20:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll 2008-06-10 17:05 . 2008-04-13 20:12 10,752 --------- C:\WINDOWS\system32\smtpapi.dll 2008-06-10 17:05 . 2008-04-13 20:12 9,728 --------- C:\WINDOWS\system32\rwnh.dll 2008-06-10 17:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll 2008-06-10 17:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll 2008-06-10 17:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll 2008-06-10 17:05 . 2008-04-13 20:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll 2008-06-10 17:05 . 2007-06-21 01:52 974 --------- C:\WINDOWS\system32\pid.inf 2008-06-10 17:03 . 2008-04-13 20:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2008-06-10 16:26 . 2008-05-08 10:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-10 16:25 . 2008-04-14 08:30 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 15:55 . 2008-06-10 15:55 <DIR> d-------- C:\ie-spyad_zo 2008-06-10 15:46 . 2008-06-14 16:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-10 15:45 . 2008-06-14 15:26 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-06-09 22:52 . 2008-06-09 22:52 <DIR> d-------- C:\Program Files\Panda Security 2008-06-09 08:15 . 2008-06-09 08:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-09 08:15 . 2008-06-09 08:15 <DIR> d-------- C:\Documents and Settings\Jonathan Hill\Application Data\Malwarebytes 2008-06-09 08:15 . 2008-06-09 08:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-09 08:15 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-09 08:15 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-08 09:48 . 2008-06-14 16:40 10,163 --a------ C:\WINDOWS\system32\Config.MPF 2008-06-08 09:43 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2008-06-08 09:43 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-06-08 09:43 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2008-06-08 09:43 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2008-06-08 09:43 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2008-06-08 09:42 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2008-06-08 09:38 . 2008-06-08 19:23 <DIR> d-------- C:\Program Files\McAfee 2008-06-08 09:38 . 2008-06-08 09:43 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-06-08 09:29 . 2008-06-08 09:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-06-07 15:03 . 2008-06-07 15:03 <DIR> d-------- C:\WINDOWS\system32\vntiho05 2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-13 23:26 --------- d-----w C:\Program Files\Apple Software Update 2008-06-10 02:42 --------- d-----w C:\Program Files\Easy Internet signup 2008-06-09 22:11 --------- d-----w C:\Program Files\Common Files\AOL 2008-06-08 13:51 --------- d-----w C:\Program Files\McAfee.com 2008-06-08 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-05-11 03:11 --------- d-----w C:\Program Files\Sun 2008-05-11 03:11 --------- d-----w C:\Program Files\Java 2008-05-11 03:05 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-11 03:03 --------- d-----w C:\Documents and Settings\Jonathan Hill\Application Data\AdobeUM 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-02 11:49 --------- d-----w C:\Documents and Settings\Jonathan Hill\Application Data\MP3Rocket 2008-04-16 23:40 --------- d-----w C:\Program Files\GlobeCom_Activation 2008-04-16 23:40 --------- d-----w C:\Program Files\Common Files\Motive 2008-04-16 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive 2008-04-14 12:30 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll 2006-08-17 19:01 0 ----a-w C:\Documents and Settings\Jonathan Hill\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 13:29 61440] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 12:40 188416] "PSDiagnosticM"="C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 16:29 315392] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664] HP Image Zone Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-05-29 0036 53248] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Harmony Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Harmony Monitor.lnk backup=C:\WINDOWS\pss\Harmony Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Harmony Remote V5.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Harmony Remote V5.lnk backup=C:\WINDOWS\pss\Logitech Harmony Remote V5.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0f40db45] C:\WINDOWS\system32\hnevaafu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-09-28 01:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0c73e8d9] C:\WINDOWS\system32\ygoaoxuw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] --a------ 2005-08-01 18:26 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] --a------ 2005-10-11 20:17 409600 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2005-11-02 23:01 50792 C:\Program Files\Common Files\AOL\1138931970\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-02-17 03:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2006-02-02 21:00 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSA Shellu] C:\Documents and Settings\Jonathan Hill\lsass.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] --a------ 2004-10-14 17:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] --a------ 2007-11-01 19:12 582992 c:\PROGRA~1\mcafee.com\agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] --a------ 2007-12-06 15:10 419152 c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] --a------ 2007-08-16 09:56 236016 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\mrofinu1188.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2005-06-19 16:50 729178 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Common Files\\AOL\\1138931970\\ee\\aolsoftware.exe"= "C:\\Program Files\\Common Files\\AOL\\1138931970\\ee\\aim6.exe"= "C:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"= "C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2008-02-21 14:36] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 05:06] R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 18:32] R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-02-21 14:36] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-02-21 14:36] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [] S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 11:24] . Contents of the 'Scheduled Tasks' folder "2008-06-13 23:26:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-08 13:41:22 C:\WINDOWS\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-06-08 13:41:21 C:\WINDOWS\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe "2008-06-14 20:50:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-14 16:42:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\Hp\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe . ************************************************************************ . Completion time: 2008-06-14 16:50:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-14 20:50:33 Pre-Run: 37,355,839,488 bytes free Post-Run: 37,326,364,672 bytes free 263 --- E O F --- 2008-05-19 07:07:38