Tech Support Forum - View Single Post

**coug1984** · 11-12-2008, 07:53 PM

Hello,
I got an error when it tried to put in the recovery console, but it ran the scan and here is the log. Also, when my computer started back up, it seems to already be running better. My McAfee was able to start now and is running. I'm also not getting the pop-up from the tray icons that says I need to download "special" malware software. You guys are great, and I await your next instruction.

ComboFix 08-11-10.01 - John 2008-11-11 20:16:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.525 [GMT -8:00]
Running from: c:\documents and settings\John\Desktop\ComboFxx.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\John\LOCALS~1\Temp\prun.exe
c:\docume~1\John\LOCALS~1\Temp\snapsnet.exe
c:\documents and settings\John\Application Data\FunWebProducts
c:\documents and settings\John\Application Data\FunWebProducts\Data\John\avatar.dat
c:\program files\Common\helper.sig
c:\windows\brastk.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\karna.dat
c:\windows\system32\brastk.exe
c:\windows\system32\DelSelf.bat
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\drivers\ati3fsxx.sys
c:\windows\system32\drivers\ati3isxx.sys
c:\windows\system32\drivers\ati6yhxx.sys
c:\windows\system32\drivers\ati8rmxx.sys
c:\windows\system32\Drivers\TDSSgfqw.sys
c:\windows\system32\karna.dat
c:\windows\system32\MSINET.oca
c:\windows\system32\pac.txt
c:\windows\system32\TDSSarju.dll
c:\windows\system32\TDSSklfy.dll
c:\windows\system32\TDSSnjvt.dll
c:\windows\system32\TDSSoiwg.dll
c:\windows\system32\TDSSrpnv.dat
c:\windows\system32\TDSSwrln.dll
c:\windows\system32\TDSSwwbr.log
c:\windows\system32\wini108023.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-10 21:10 . 2008-11-10 21:10 2 --a------ C:\-598491797
2008-11-10 21:09 . 2008-11-10 21:09 <DIR> d-------- c:\temp\PRE45
2008-10-23 18:22 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-14 16:48 . 2008-09-08 02:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-14 16:47 . 2008-08-14 02:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 16:47 . 2008-08-14 02:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 16:47 . 2008-08-14 01:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 16:47 . 2008-08-14 01:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 16:47 . 2008-09-15 04:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 04:23 --------- d-----w c:\program files\DNA
2008-11-12 04:23 --------- d-----w c:\documents and settings\John\Application Data\DNA
2008-11-12 04:16 --------- d-----w c:\program files\Common
2008-11-11 15:42 --------- d-----w c:\program files\FirstClass
2008-11-07 03:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-07 02:16 --------- d-----w c:\program files\Google
2008-10-04 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\FirstClass
2008-10-03 04:31 --------- d-----w c:\documents and settings\John\Application Data\ZoomBrowser EX
2008-10-03 04:30 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-09-15 12:24 94,624 ----a-w c:\documents and settings\John\Application Data\GDIPFONTCACHEV1.DAT
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-12 13:21 --------- d-----w c:\program files\McAfee
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2007-07-25 15:54 88 --sh--r c:\windows\system32\E5BA678971.sys
2007-07-25 15:54 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-11 342336]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-17 169984]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840]
"iRiver Updater"="\Updater.exe" [2004-07-01 212992]
"Auto EPSON Stylus CX5400 on VAIO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-07-17 26112]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MBMon"="CTMBHA.DLL" [2005-05-19 c:\windows\system32\CTMBHA.DLL]

c:\documents and settings\John\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-09-28 947544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-02 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\John\\Desktop\\Joe\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\wg11tnd5.sys [2004-10-14 285216]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2005-11-20 16512]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-14 43392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\uvdz09gw.default\
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 20:23:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\rundll32.exe
c:\docume~1\John\LOCALS~1\Temp\clclean.0001
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Updater.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopOE.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-11 20:35:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 04:34:52

Pre-Run: 13,990,674,432 bytes free
Post-Run: 13,918,834,688 bytes free

209 --- E O F --- 2008-10-24 10:01:03

11-12-2008, 07:53 PM	#3 (permalink)
coug1984 I helped the forums. Join Date: Jul 2008 Posts: 59 OS: XP sp3	Re: Spyware Infection Hello, I got an error when it tried to put in the recovery console, but it ran the scan and here is the log. Also, when my computer started back up, it seems to already be running better. My McAfee was able to start now and is running. I'm also not getting the pop-up from the tray icons that says I need to download "special" malware software. You guys are great, and I await your next instruction. ComboFix 08-11-10.01 - John 2008-11-11 20:16:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.525 [GMT -8:00] Running from: c:\documents and settings\John\Desktop\ComboFxx.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\John\LOCALS~1\Temp\prun.exe c:\docume~1\John\LOCALS~1\Temp\snapsnet.exe c:\documents and settings\John\Application Data\FunWebProducts c:\documents and settings\John\Application Data\FunWebProducts\Data\John\avatar.dat c:\program files\Common\helper.sig c:\windows\brastk.exe c:\windows\Downloaded Program Files\setup.inf c:\windows\IE4 Error Log.txt c:\windows\karna.dat c:\windows\system32\brastk.exe c:\windows\system32\DelSelf.bat c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\ati3fsxx.sys c:\windows\system32\drivers\ati3isxx.sys c:\windows\system32\drivers\ati6yhxx.sys c:\windows\system32\drivers\ati8rmxx.sys c:\windows\system32\Drivers\TDSSgfqw.sys c:\windows\system32\karna.dat c:\windows\system32\MSINET.oca c:\windows\system32\pac.txt c:\windows\system32\TDSSarju.dll c:\windows\system32\TDSSklfy.dll c:\windows\system32\TDSSnjvt.dll c:\windows\system32\TDSSoiwg.dll c:\windows\system32\TDSSrpnv.dat c:\windows\system32\TDSSwrln.dll c:\windows\system32\TDSSwwbr.log c:\windows\system32\wini108023.exe . ((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 ))))))))))))))))))))))))))))))) . 2008-11-10 21:10 . 2008-11-10 21:10 2 --a------ C:\-598491797 2008-11-10 21:09 . 2008-11-10 21:09 <DIR> d-------- c:\temp\PRE45 2008-10-23 18:22 . 2008-10-15 08:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll 2008-10-14 16:48 . 2008-09-08 02:41 333,824 --------- c:\windows\system32\dllcache\srv.sys 2008-10-14 16:47 . 2008-08-14 02:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-14 16:47 . 2008-08-14 02:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-14 16:47 . 2008-08-14 01:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-14 16:47 . 2008-08-14 01:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-14 16:47 . 2008-09-15 04:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-12 04:23 --------- d-----w c:\program files\DNA 2008-11-12 04:23 --------- d-----w c:\documents and settings\John\Application Data\DNA 2008-11-12 04:16 --------- d-----w c:\program files\Common 2008-11-11 15:42 --------- d-----w c:\program files\FirstClass 2008-11-07 03:43 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-07 02:16 --------- d-----w c:\program files\Google 2008-10-04 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\FirstClass 2008-10-03 04:31 --------- d-----w c:\documents and settings\John\Application Data\ZoomBrowser EX 2008-10-03 04:30 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser 2008-09-15 12:24 94,624 ----a-w c:\documents and settings\John\Application Data\GDIPFONTCACHEV1.DAT 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-12 13:21 --------- d-----w c:\program files\McAfee 2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe 2007-07-25 15:54 88 --sh--r c:\windows\system32\E5BA678971.sys 2007-07-25 15:54 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-11 342336] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 c:\windows\MIDIDEF.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-07-17 169984] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184] "EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840] "iRiver Updater"="\Updater.exe" [2004-07-01 212992] "Auto EPSON Stylus CX5400 on VAIO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-26 99840] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-07-17 26112] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "MBMon"="CTMBHA.DLL" [2005-05-19 c:\windows\system32\CTMBHA.DLL] c:\documents and settings\John\Start Menu\Programs\Startup\ MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-09-28 947544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-02 25214] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Documents and Settings\\John\\Desktop\\Joe\\BitTorrent\\bittorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\wg11tnd5.sys [2004-10-14 285216] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2005-11-20 16512] S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-14 43392] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder 2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2008-10-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\uvdz09gw.default\ FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-11 20:23:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:\windows\explorer.exe -> c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\rundll32.exe c:\docume~1\John\LOCALS~1\Temp\clclean.0001 c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Updater.exe c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe c:\program files\Google\Google Desktop Search\GoogleDesktopCrawl.exe c:\program files\Google\Google Desktop Search\GoogleDesktopOE.exe c:\windows\system32\dllhost.exe c:\windows\ehome\ehmsas.exe c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\windows\system32\imapi.exe . ************************************************************************ . Completion time: 2008-11-11 20:35:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-12 04:34:52 Pre-Run: 13,990,674,432 bytes free Post-Run: 13,918,834,688 bytes free 209 --- E O F --- 2008-10-24 10:01:03