Tech Support Forum - View Single Post - Possible Malware - Frequent Pop-Ups

clearwaterbeach · 08-06-2008, 03:21 PM

Newest ComboFix log below. Will proceed w/ instructions after reboot. Thanks.

ComboFix 08-08-04.07 - Alex 2008-08-06 16:58:36.2 - NTFSx86
Running from: C:\Documents and Settings\Alex\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alex\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\epr1
C:\VundoFix Backups
C:\WINDOWS\BMa3b56f89.txt
C:\WINDOWS\BMa3b56f89.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\ceihtsrx.dll
C:\WINDOWS\SYSTEM32\csxkvkhg.exe
C:\WINDOWS\SYSTEM32\dcsxkvkh.exe
C:\WINDOWS\SYSTEM32\dggqyb.dll
C:\WINDOWS\SYSTEM32\dgwdcycd.dll
C:\WINDOWS\SYSTEM32\efihcwoi.dll
C:\WINDOWS\SYSTEM32\fmgbocmm.dll
C:\WINDOWS\SYSTEM32\hbhqygce.dll
C:\WINDOWS\SYSTEM32\ifcanguk.dll
C:\WINDOWS\SYSTEM32\imqtqavp.dll
C:\WINDOWS\SYSTEM32\kBin19
C:\WINDOWS\system32\lfjsee.dll
C:\WINDOWS\SYSTEM32\mjejiywc.dll
C:\WINDOWS\SYSTEM32\mkxpgiki.dll
C:\WINDOWS\SYSTEM32\mtrfnt.dll
C:\WINDOWS\SYSTEM32\nxteedks.dll
C:\WINDOWS\SYSTEM32\tsrxxeqw.dll
C:\WINDOWS\SYSTEM32\warvqdls.dll
C:\WINDOWS\SYSTEM32\wvirpw.dll
C:\WINDOWS\SYSTEM32\ysyjfc.dll
C:\WINDOWS\SYSTEM32\zqotbb.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.

2008-08-05 16:23 . 2008-08-05 16:23 105,472 --a------ C:\WINDOWS\SYSTEM32\binxavmf.dll
2008-08-02 21:13 . 2008-08-02 21:13 <DIR> d-------- C:\Deckard
2008-08-02 10:13 . 2008-08-02 12:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-01 22:28 . 2008-08-01 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-05 21:25 --------- d-----w C:\Documents and Settings\Alex\Application Data\SiteAdvisor
2008-08-05 18:20 --------- d-----w C:\Program Files\McAfee
2008-07-20 17:40 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2008-06-26 23:24 --------- d-----w C:\Documents and Settings\Jeff\Application Data\McAfee
2008-06-23 16:17 --------- d-----w C:\Documents and Settings\Alex\Application Data\AdobeUM
2008-06-22 15:16 --------- d-----w C:\Documents and Settings\Jeff\Application Data\SiteAdvisor
2008-06-20 21:57 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Auslogics
2008-06-20 21:46 --------- d-----w C:\Program Files\Advanced System Optimizer
2008-06-20 21:44 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Systweak
2008-06-20 20:46 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Uniblue
2008-06-20 18:36 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AdobeUM
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 18:30 --------- d-----w C:\Documents and Settings\Hannah\Application Data\SiteAdvisor
2008-06-14 16:02 --------- d-----w C:\Documents and Settings\Hannah\Application Data\AdobeUM
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 04:05 --------- d-----w C:\Program Files\Apple Software Update
2008-06-13 03:57 --------- d-----w C:\Program Files\iTunes
2008-06-13 03:57 --------- d-----w C:\Program Files\iPod
2008-06-13 03:54 --------- d-----w C:\Program Files\QuickTime
2008-04-23 00:40 20,019 ----a-w C:\Program Files\unfreez.zip
2007-04-15 21:48 891,281 -c--a-w C:\Documents and Settings\Jeff\CIC.zip
.

((((((((((((((((((((((((((((( snapshot@2008-08-05_16.56.01.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-05 19:32:28 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2008-08-06 20:59:04 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2008-08-05 19:32:28 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-08-06 20:59:04 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2008-08-05 19:32:28 65,536 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2008-08-06 20:59:04 65,536 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00 200704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-03 19:20 185784]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 11:42 36904]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 14:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Cat Daddy Games\\Renegade Paintball\\PaintballGame.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ce62342-4c1d-11db-b594-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-06-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2006-10-07 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 17:04:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-08-06 17:16:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-06 21:16:22
ComboFix2.txt 2008-08-05 20:56:33

Pre-Run: 41,967,779,840 bytes free
Post-Run: 42,004,041,728 bytes free

172 --- E O F --- 2008-08-06 19:19:54

08-06-2008, 03:21 PM	#22 (permalink)
clearwaterbeach Registered User Join Date: Aug 2008 Posts: 28 OS: XP	Re: Possible Malware - Frequent Pop-Ups - winlogon.exe Newest ComboFix log below. Will proceed w/ instructions after reboot. Thanks. ComboFix 08-08-04.07 - Alex 2008-08-06 16:58:36.2 - NTFSx86 Running from: C:\Documents and Settings\Alex\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Alex\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\temp\epr1 C:\VundoFix Backups C:\WINDOWS\BMa3b56f89.txt C:\WINDOWS\BMa3b56f89.xml C:\WINDOWS\pskt.ini C:\WINDOWS\SYSTEM32\ceihtsrx.dll C:\WINDOWS\SYSTEM32\csxkvkhg.exe C:\WINDOWS\SYSTEM32\dcsxkvkh.exe C:\WINDOWS\SYSTEM32\dggqyb.dll C:\WINDOWS\SYSTEM32\dgwdcycd.dll C:\WINDOWS\SYSTEM32\efihcwoi.dll C:\WINDOWS\SYSTEM32\fmgbocmm.dll C:\WINDOWS\SYSTEM32\hbhqygce.dll C:\WINDOWS\SYSTEM32\ifcanguk.dll C:\WINDOWS\SYSTEM32\imqtqavp.dll C:\WINDOWS\SYSTEM32\kBin19 C:\WINDOWS\system32\lfjsee.dll C:\WINDOWS\SYSTEM32\mjejiywc.dll C:\WINDOWS\SYSTEM32\mkxpgiki.dll C:\WINDOWS\SYSTEM32\mtrfnt.dll C:\WINDOWS\SYSTEM32\nxteedks.dll C:\WINDOWS\SYSTEM32\tsrxxeqw.dll C:\WINDOWS\SYSTEM32\warvqdls.dll C:\WINDOWS\SYSTEM32\wvirpw.dll C:\WINDOWS\SYSTEM32\ysyjfc.dll C:\WINDOWS\SYSTEM32\zqotbb.dll . ((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))) . 2008-08-05 16:23 . 2008-08-05 16:23 105,472 --a------ C:\WINDOWS\SYSTEM32\binxavmf.dll 2008-08-02 21:13 . 2008-08-02 21:13 <DIR> d-------- C:\Deckard 2008-08-02 10:13 . 2008-08-02 12:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-01 22:28 . 2008-08-01 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-06 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-05 21:25 --------- d-----w C:\Documents and Settings\Alex\Application Data\SiteAdvisor 2008-08-05 18:20 --------- d-----w C:\Program Files\McAfee 2008-07-20 17:40 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor 2008-06-26 23:24 --------- d-----w C:\Documents and Settings\Jeff\Application Data\McAfee 2008-06-23 16:17 --------- d-----w C:\Documents and Settings\Alex\Application Data\AdobeUM 2008-06-22 15:16 --------- d-----w C:\Documents and Settings\Jeff\Application Data\SiteAdvisor 2008-06-20 21:57 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Auslogics 2008-06-20 21:46 --------- d-----w C:\Program Files\Advanced System Optimizer 2008-06-20 21:44 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Systweak 2008-06-20 20:46 --------- d-----w C:\Documents and Settings\Jeff\Application Data\Uniblue 2008-06-20 18:36 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AdobeUM 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-15 18:30 --------- d-----w C:\Documents and Settings\Hannah\Application Data\SiteAdvisor 2008-06-14 16:02 --------- d-----w C:\Documents and Settings\Hannah\Application Data\AdobeUM 2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-13 04:05 --------- d-----w C:\Program Files\Apple Software Update 2008-06-13 03:57 --------- d-----w C:\Program Files\iTunes 2008-06-13 03:57 --------- d-----w C:\Program Files\iPod 2008-06-13 03:54 --------- d-----w C:\Program Files\QuickTime 2008-04-23 00:40 20,019 ----a-w C:\Program Files\unfreez.zip 2007-04-15 21:48 891,281 -c--a-w C:\Documents and Settings\Jeff\CIC.zip . ((((((((((((((((((((((((((((( snapshot@2008-08-05_16.56.01.01 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-05 19:32:28 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT + 2008-08-06 20:59:04 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT - 2008-08-05 19:32:28 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT + 2008-08-06 20:59:04 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2008-08-05 19:32:28 65,536 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT + 2008-08-06 20:59:04 65,536 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 13:00 200704] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43 53248] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04 122933] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-03 19:20 185784] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 11:42 36904] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 14:59 4838952] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [BU] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "C:\\Program Files\\Cat Daddy Games\\Renegade Paintball\\PaintballGame.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ce62342-4c1d-11db-b594-00038a000015}] \Shell\AutoRun\command - E:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder 2008-06-13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2006-10-07 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-06 17:04:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll -> ?:\WINDOWS\System32\CSCDLL.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\WINDOWS\SYSTEM32\nvsvc32.exe C:\WINDOWS\SYSTEM32\HPZipm12.exe C:\WINDOWS\SYSTEM32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe . ************************************************************************ . Completion time: 2008-08-06 17:16:27 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-06 21:16:22 ComboFix2.txt 2008-08-05 20:56:33 Pre-Run: 41,967,779,840 bytes free Post-Run: 42,004,041,728 bytes free 172 --- E O F --- 2008-08-06 19:19:54