I think I got "juduvokawi" resolved

[ramseyjack]

Inadvertently ran combofix while reading the instructions for adding the console to it and problem MAY be resolved. The "juduvokawi" entries are gone from the registry. Then ran the rest of the instructions.

Previous complaining text below:

Super anti spyware, Malwarebytes, Adaware, Hijackthis, spybot, tried them all, safe mode, renaming the infected dll's. Keeps adding the Juduvokawi to the HKLM\software\microsoft\windows\currentversion\run with the following variables. Got the MS updates working and has quit disabling it, but just plain not sure why or how the registry keeps adding the below entries.

juduvokawi
Rundll32.exe "C:\WINDOWS\system32\nayitazi.dll",s
rundll32.exe "C:\WINDOWS\system32\nuvutoki.dll",b
Rundll32.exe "c:\windows\system32\ganizoni.dll",a

redirects to the sites below also.
pro-scanner-online
precata.com
registrydefender.com

End of previous text:


DDS (Version 1.0) - NTFSx86
Run by jack at 12:59:06.54 on 2008-12-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1297 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jack\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {8704e416-1511-46f3-9c95-96eb732f922f} - c:\windows\system32\soyeviwa.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Nero PhotoShow Media Manager] c:\progra~1\nero\photos~1\data\xtras\mssysmgr.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [USRpdA]
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 ACPI;Microsoft ACPI Driver;c:\windows\system32\drivers\ACPI.sys [2004-8-3 187776]
R0 atapi;Standard IDE/ESDI Hard Disk Controller;c:\windows\system32\drivers\atapi.sys [2004-8-3 96512]
R0 Disk;Disk Driver;c:\windows\system32\drivers\disk.sys [2004-8-3 36352]
R0 dmio;Logical Disk Manager Driver;c:\windows\system32\drivers\dmio.sys [2004-8-3 153344]
R0 dmload;dmload;c:\windows\system32\drivers\dmload.sys [2001-8-23 5888]
R0 FltMgr;FltMgr;c:\windows\system32\drivers\fltmgr.sys [2007-5-6 129792]
R0 Ftdisk;Volume Manager Driver;c:\windows\system32\drivers\ftdisk.sys [2001-8-23 125056]
R0 isapnp;PnP ISA/EISA Bus Driver;c:\windows\system32\drivers\isapnp.sys [2001-8-23 37248]
R0 KSecDD;KSecDD;c:\windows\system32\drivers\KSecDD.sys [2004-8-3 92288]
R0 MountMgr;Mount Point Manager;c:\windows\system32\drivers\MountMgr.sys [2004-8-3 42368]
R0 Mup;Mup;c:\windows\system32\drivers\Mup.sys [2004-8-3 105344]
R0 NDIS;NDIS System Driver;c:\windows\system32\drivers\NDIS.sys [2004-8-3 182656]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller;c:\windows\system32\drivers\ohci1394.sys [2004-8-3 61696]
R0 PartMgr;Partition Manager;c:\windows\system32\drivers\PartMgr.sys [2001-8-23 19712]
R0 PCI;PCI Bus Driver;c:\windows\system32\drivers\pci.sys [2004-8-3 68224]
R0 PCIIde;PCIIde;c:\windows\system32\drivers\pciide.sys [2001-8-23 3328]
R0 sr;System Restore Filter Driver;c:\windows\system32\drivers\sr.sys [2007-5-6 73472]
R0 VolSnap;VolSnap;c:\windows\system32\drivers\VolSnap.sys [2004-8-3 52352]
R1 AFD;AFD;c:\windows\system32\drivers\afd.sys [2004-8-3 138496]
R1 AmdPPM;AMD HwPState Processor Driver;c:\windows\system32\drivers\AmdPPM.sys [2007-4-16 33792]
R1 Beep;Beep;c:\windows\system32\drivers\Beep.sys [2001-8-23 4224]
R1 Cdrom;CD-ROM Driver;c:\windows\system32\drivers\cdrom.sys [2004-8-3 62976]
R1 Fips;Fips;c:\windows\system32\drivers\Fips.sys [2001-8-23 44544]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;c:\windows\system32\drivers\i8042prt.sys [2004-8-3 52480]
R1 Imapi;CD-Burning Filter Driver;c:\windows\system32\drivers\imapi.sys [2004-8-3 42112]
R1 IPSec;IPSEC driver;c:\windows\system32\drivers\ipsec.sys [2004-8-3 75264]
R1 Kbdclass;Keyboard Class Driver;c:\windows\system32\drivers\kbdclass.sys [2004-8-3 24576]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
R1 mnmdd;mnmdd;c:\windows\system32\drivers\mnmdd.sys [2001-8-23 4224]
R1 Mouclass;Mouse Class Driver;c:\windows\system32\drivers\mouclass.sys [2004-8-3 23040]
R1 MPFP;MPFP;c:\windows\system32\drivers\Mpfp.sys [2008-11-29 120136]
R1 MRxSmb;MRXSMB;c:\windows\system32\drivers\mrxsmb.sys [2004-8-3 455296]
R1 Msfs;Msfs;c:\windows\system32\drivers\Msfs.sys [2004-8-3 19072]
R1 NetBIOS;NetBIOS Interface;c:\windows\system32\drivers\netbios.sys [2004-8-3 34688]
R1 NetBT;NetBios over Tcpip;c:\windows\system32\drivers\netbt.sys [2004-8-3 162816]
R1 Npfs;Npfs;c:\windows\system32\drivers\Npfs.sys [2004-8-3 30848]
R1 Null;Null;c:\windows\system32\drivers\Null.sys [2001-8-23 2944]
R1 RasAcd;Remote Access Auto Connection Driver;c:\windows\system32\drivers\rasacd.sys [2001-8-23 8832]
R1 Rdbss;Rdbss;c:\windows\system32\drivers\rdbss.sys [2004-8-3 175744]
R1 RDPCDD;RDPCDD;c:\windows\system32\drivers\RDPCDD.sys [2001-8-23 4224]
R1 redbook;Digital CD Audio Playback Filter Driver;c:\windows\system32\drivers\redbook.sys [2007-5-6 57600]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-11-17 55024]
R1 Serial;Serial port driver;c:\windows\system32\drivers\serial.sys [2004-8-3 64512]
R1 Tcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\tcpip.sys [2004-8-3 361600]
R1 TermDD;Terminal Device Driver;c:\windows\system32\drivers\termdd.sys [2007-5-6 40840]
R1 VgaSave;VGA Display Controller.;c:\windows\system32\drivers\vga.sys [2004-8-3 20992]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;c:\windows\system32\drivers\ws2ifsl.sys [2001-8-23 12032]
R2 AudioSrv;Windows Audio;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 BITS;Background Intelligent Transfer Service;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 Browser;Computer Browser;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 CryptSvc;Cryptographic Services;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 DcomLaunch;DCOM Server Process Launcher;c:\windows\system32\svchost -k DcomLaunch []
R2 Dhcp;DHCP Client;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 dmserver;Logical Disk Manager;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 Dnscache;DNS Client;c:\windows\system32\svchost.exe -k NetworkService [2004-8-3 14336]
R2 ERSvc;Error Reporting Service;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 Eventlog;Event Log;c:\windows\system32\services.exe [2004-8-3 108544]
R2 gusvc;Google Updater Service;"c:\program files\google\common\google updater\GoogleUpdaterService.exe" [2008-4-19 168432]
R2 helpsvc;Help and Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 HidServ;HID Input Service;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 lanmanserver;Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 lanmanworkstation;Workstation;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 LmHosts;TCP/IP NetBIOS Helper;c:\windows\system32\svchost.exe -k LocalService [2004-8-3 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\McSACore.exe" [2008-11-29 203280]
R2 mcmscsvc;McAfee Services;c:\progra~1\mcafee\msc\mcmscsvc.exe [2008-11-29 792696]
R2 McNASvc;McAfee Network Agent;"c:\progra~1\common~1\mcafee\mna\mcnasvc.exe" [2008-11-29 2482848]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-29 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\McShield.exe [2008-11-29 144704]
R2 MDM;Machine Debug Manager;"c:\program files\common files\microsoft shared\vs7debug\MDM.EXE" [2003-6-19 322120]
R2 MpfService;McAfee Personal Firewall Service;"c:\program files\mcafee\mpf\MPFSrv.exe" [2008-11-29 884360]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;c:\program files\nero\nero8\nero backitup\NBService.exe [2007-9-20 853288]
R2 ParVdm;ParVdm;c:\windows\system32\drivers\ParVdm.sys [2001-8-23 6784]
R2 PlugPlay;Plug and Play;c:\windows\system32\services.exe [2004-8-3 108544]
R2 Pml Driver HPZ12;Pml Driver HPZ12;c:\windows\system32\HPZipm12.exe [2007-11-19 73728]
R2 PolicyAgent;IPSEC Services;c:\windows\system32\lsass.exe [2004-8-3 13312]
R2 ProtectedStorage;Protected Storage;c:\windows\system32\lsass.exe [2004-8-3 13312]
R2 RemoteRegistry;Remote Registry;c:\windows\system32\svchost.exe -k LocalService [2004-8-3 14336]
R2 RpcSs;Remote Procedure Call (RPC);c:\windows\system32\svchost -k rpcss []
R2 SamSs;Security Accounts Manager;c:\windows\system32\lsass.exe [2004-8-3 13312]
R2 Schedule;Task Scheduler;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 seclogon;Secondary Logon;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 SENS;System Event Notification;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 SharedAccess;Windows Firewall/Internet Connection Sharing (ICS);c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 ShellHWDetection;Shell Hardware Detection;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 Spooler;Print Spooler;c:\windows\system32\spoolsv.exe [2004-8-3 57856]
R2 srservice;System Restore Service;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 stisvc;Windows Image Acquisition (WIA);c:\windows\system32\svchost.exe -k imgsvc [2004-8-3 14336]
R2 Themes;Themes;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 TrkWks;Distributed Link Tracking Client;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 W32Time;Windows Time;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 WebClient;WebClient;c:\windows\system32\svchost.exe -k LocalService [2004-8-3 14336]
R2 winmgmt;Windows Management Instrumentation;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 wscsvc;Security Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 wuauserv;Automatic Updates;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 WZCSVC;Wireless Zero Configuration;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R3 ALG;Application Layer Gateway Service;c:\windows\system32\alg.exe [2004-8-3 44544]
R3 Arp1394;1394 ARP Client Protocol;c:\windows\system32\drivers\arp1394.sys [2004-8-3 60800]
R3 audstub;Audio Stub Driver;c:\windows\system32\drivers\audstub.sys [2007-5-6 3072]
R3 EventSystem;COM+ Event System;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R3 Fdc;Floppy Disk Controller Driver;c:\windows\system32\drivers\fdc.sys [2004-8-3 27392]
R3 Flpydisk;Floppy Disk Driver;c:\windows\system32\drivers\flpydisk.sys [2004-8-3 20480]
R3 gameenum;Game Port Enumerator;c:\windows\system32\drivers\gameenum.sys [2007-5-6 10624]
R3 Gpc;Generic Packet Classifier;c:\windows\system32\drivers\msgpc.sys [2004-8-3 35072]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;c:\windows\system32\drivers\HDAudBus.sys [2004-10-27 144384]
R3 HidUsb;Microsoft HID Class Driver;c:\windows\system32\drivers\hidusb.sys [2007-11-24 10368]
R3 HTTP;HTTP;c:\windows\system32\drivers\HTTP.sys [2004-8-3 264832]
R3 IpFilterDriver;IP Traffic Filter Driver;c:\windows\system32\drivers\ipfltdrv.sys [2001-8-23 32896]
R3 IpNat;IP Network Address Translator;c:\windows\system32\drivers\ipnat.sys [2004-8-3 152832]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-11-29 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-29 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-29 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-29 40488]
R3 Modem;Modem;c:\windows\system32\drivers\Modem.sys [2004-8-3 30080]
R3 mouhid;Mouse HID Driver;c:\windows\system32\drivers\mouhid.sys [2008-7-20 12160]
R3 MRxDAV;WebDav Client Redirector;c:\windows\system32\drivers\mrxdav.sys [2004-8-3 180608]
R3 mssmbios;Microsoft System Management BIOS Driver;c:\windows\system32\drivers\mssmbios.sys [2004-8-3 15488]
R3 NdisTapi;Remote Access NDIS TAPI Driver;c:\windows\system32\drivers\ndistapi.sys [2001-8-23 10112]
R3 Ndisuio;NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ndisuio.sys [2004-8-3 14592]
R3 NdisWan;Remote Access NDIS WAN Driver;c:\windows\system32\drivers\ndiswan.sys [2004-8-3 91520]
R3 NDProxy;NDIS Proxy;c:\windows\system32\drivers\NDProxy.sys [2001-8-23 40576]
R3 Netman;Network Connections;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R3 NIC1394;1394 Net Driver;c:\windows\system32\drivers\nic1394.sys [2004-8-3 61824]
R3 Nla;Network Location Awareness (NLA);c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R3 nv;nv;c:\windows\system32\drivers\nv4_mini.sys [2006-1-24 3535520]
R3 nvnetbus;NVIDIA Network Bus Enumerator;c:\windows\system32\drivers\nvnetbus.sys [2007-5-6 13056]
R3 Parport;Parallel port driver;c:\windows\system32\drivers\parport.sys [2004-8-3 80128]
R3 PptpMiniport;WAN Miniport (PPTP);c:\windows\system32\drivers\raspptp.sys [2004-8-3 48384]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
R3 Ptilink;Direct Parallel Link Driver;c:\windows\system32\drivers\ptilink.sys [2001-8-23 17792]
R3 Rasl2tp;WAN Miniport (L2TP);c:\windows\system32\drivers\rasl2tp.sys [2004-8-3 51328]
R3 RasMan;Remote Access Connection Manager;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R3 RasPppoe;Remote Access PPPOE Driver;c:\windows\system32\drivers\raspppoe.sys [2004-8-3 41472]
R3 Raspti;Direct Parallel;c:\windows\system32\drivers\raspti.sys [2001-8-23 16512]
R3 rdpdr;Terminal Server Device Redirector Driver;c:\windows\system32\drivers\rdpdr.sys [2007-5-6 196224]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\RTL8139.SYS [2007-5-6 20992]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
R3 serenum;Serenum Filter Driver;c:\windows\system32\drivers\serenum.sys [2004-8-3 15744]
R3 Srv;Srv;c:\windows\system32\drivers\srv.sys [2004-8-3 333824]
R3 SSDPSRV;SSDP Discovery Service;c:\windows\system32\svchost.exe -k LocalService [2004-8-3 14336]
R3 swenum;Software Bus Driver;c:\windows\system32\drivers\swenum.sys [2004-8-3 4352]
R3 sysaudio;Microsoft Kernel System Audio Device;c:\windows\system32\drivers\sysaudio.sys [2007-5-6 60800]
R3 TapiSrv;Telephony;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R3 TermService;Terminal Services;c:\windows\system32\svchost -k DComLaunch []
R3 Update;Microcode Update Driver;c:\windows\system32\drivers\update.sys [2004-8-3 384768]
R3 usbccgp;Microsoft USB Generic Parent Driver;c:\windows\system32\drivers\usbccgp.sys [2007-7-21 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;c:\windows\system32\drivers\usbehci.sys [2004-8-3 30208]
R3 usbhub;Microsoft USB Standard Hub Driver;c:\windows\system32\drivers\usbhub.sys [2004-8-3 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;c:\windows\system32\drivers\usbohci.sys [2004-8-3 17152]
R3 USBSTOR;USB Mass Storage Driver;c:\windows\system32\drivers\USBSTOR.SYS [2007-5-15 26368]
R3 Wanarp;Remote Access IP ARP Driver;c:\windows\system32\drivers\wanarp.sys [2004-8-3 34560]
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;c:\windows\system32\drivers\wdmaud.sys [2007-5-6 83072]
R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-3-23 30032]
R4 Cdfs;Cdfs;c:\windows\system32\drivers\Cdfs.sys [2004-8-3 63744]
R4 Ntfs;Ntfs;c:\windows\system32\drivers\Ntfs.sys [2004-8-3 574976]
S1 Cdaudio;Cdaudio;c:\windows\system32\drivers\Cdaudio.sys [2001-8-17 18688]
S1 Changer;Changer; []
S1 i2omgmt;i2omgmt; []
S1 kbdhid;Keyboard HID Driver;c:\windows\system32\drivers\kbdhid.sys [2007-11-24 14592]
S1 lbrtfdc;lbrtfdc; []
S1 PCIDump;PCIDump; []
S1 Processor;Processor Driver;c:\windows\system32\drivers\processr.sys [2004-8-3 35840]
S1 Sfloppy;Sfloppy;c:\windows\system32\drivers\Sfloppy.sys [2004-8-3 11392]
S2 0086891228138165mcinstcleanup;McAfee Application Installer Cleanup (0086891228138165);c:\windows\temp\008689~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service []
S2 McAfeeFramework;McAfee Framework Service;"c:\program files\network associates\common framework\FrameworkService.exe" /ServiceStart [2007-5-6 104000]
S3 aec;Microsoft Kernel Acoustic Echo Canceller;c:\windows\system32\drivers\aec.sys [2007-5-6 142592]
S3 AppMgmt;Application Management;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 aspnet_state;ASP.NET State Service;c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 AsyncMac;RAS Asynchronous Media Driver;c:\windows\system32\drivers\asyncmac.sys [2004-8-3 14336]
S3 Atmarpc;ATM ARP Client Protocol;c:\windows\system32\drivers\atmarpc.sys [2004-8-3 59904]
S3 catchme;catchme;\??\c:\combofix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder;c:\windows\system32\drivers\CCDECODE.sys [2007-7-21 17024]
S3 CiSvc;Indexing Service;c:\windows\system32\cisvc.exe [2004-8-3 5632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 COMSysApp;COM+ System Application;c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [2004-8-3 5120]
S3 dmadmin;Logical Disk Manager Administrative Service;c:\windows\system32\dmadmin.exe /com [2004-8-3 224768]
S3 DMusic;Microsoft Kernel DLS Syntheiszer;c:\windows\system32\drivers\DMusic.sys [2007-5-6 52864]
S3 Dot3svc;Wired AutoConfig;c:\windows\system32\svchost.exe -k dot3svc [2004-8-3 14336]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler;c:\windows\system32\drivers\drmkaud.sys [2007-5-6 2944]
S3 EapHost;Extensible Authentication Protocol Service;c:\windows\system32\svchost.exe -k eapsvcs [2004-8-3 14336]
S3 FastUserSwitchingCompatibility;Fast User Switching Compatibility;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;c:\windows\microsoft.net\framework\v3.0\wpf\PresentationFontCache.exe [2007-10-9 36864]
S3 hkmsvc;Health Key and Certificate Management Service;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 HTTPFilter;HTTP SSL;c:\windows\system32\svchost.exe -k HTTPFilter [2004-8-3 14336]
S3 idsvc;Windows CardSpace;"c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe" [2007-10-11 864256]
S3 ImapiService;IMAPI CD-Burning COM Service;c:\windows\system32\imapi.exe [2004-8-3 150528]
S3 Ip6Fw;IPv6 Windows Firewall Driver;c:\windows\system32\drivers\ip6fw.sys [2004-8-3 36608]
S3 IpInIp;IP in IP Tunnel Driver;c:\windows\system32\drivers\ipinip.sys [2004-8-3 20864]
S3 IRENUM;IR Enumerator Service;c:\windows\system32\drivers\irenum.sys [2007-5-6 11264]
S3 kmixer;Microsoft Kernel Wave Audio Mixer;c:\windows\system32\drivers\kmixer.sys [2007-5-6 172416]
S3 McODS;McAfee Scanner;c:\progra~1\mcafee\viruss~1\mcods.exe [2008-11-29 361800]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-29 34152]
S3 mnmsrvc;NetMeeting Remote Desktop Sharing;c:\windows\system32\mnmsrvc.exe [2007-5-6 32768]
S3 MSDTC;Distributed Transaction Coordinator;c:\windows\system32\msdtc.exe [2007-5-6 6144]
S3 MSIServer;Windows Installer;c:\windows\system32\msiexec.exe /V [2004-8-3 78848]
S3 MSKSSRV;Microsoft Streaming Service Proxy;c:\windows\system32\drivers\MSKSSRV.sys [2007-5-6 7552]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;c:\windows\system32\drivers\MSPCLOCK.sys [2007-5-6 5376]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;c:\windows\system32\drivers\MSPQM.sys [2007-5-6 4992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;c:\windows\system32\drivers\MSTEE.sys [2007-7-21 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec;c:\windows\system32\drivers\NABTSFEC.sys [2007-7-21 85248]
S3 napagent;Network Access Protection Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 Netlogon;Net Logon;c:\windows\system32\lsass.exe [2004-8-3 13312]
S3 NtLmSsp;NT LM Security Support Provider;c:\windows\system32\lsass.exe [2004-8-3 13312]
S3 NtmsSvc;Removable Storage;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver;c:\windows\system32\drivers\NVENETFD.sys [2007-5-6 34176]
S3 NwlnkFlt;IPX Traffic Filter Driver;c:\windows\system32\drivers\nwlnkflt.sys [2001-8-23 12416]
S3 NwlnkFwd;IPX Traffic Forwarder Driver;c:\windows\system32\drivers\nwlnkfwd.sys [2001-8-23 32512]
S3 ose;Office Source Engine;"c:\program files\common files\microsoft shared\source engine\OSE.EXE" [2006-10-26 145184]
S3 PDCOMP;PDCOMP; []
S3 PDFRAME;PDFRAME; []
S3 PDRELI;PDRELI; []
S3 PDRFRAME;PDRFRAME; []
S3 RasAuto;Remote Access Auto Connection Manager;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 RDPWD;RDPWD;c:\windows\system32\drivers\RDPWD.sys [2007-5-6 139656]
S3 RDSessMgr;Remote Desktop Help Session Manager;c:\windows\system32\sessmgr.exe [2007-5-6 141312]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;c:\windows\system32\locator.exe [2004-8-3 75264]
S3 RSVP;QoS RSVP;c:\windows\system32\rsvp.exe [2001-8-23 132608]
S3 SCardSvr;Smart Card;c:\windows\system32\SCardSvr.exe [2004-8-3 95744]
S3 Secdrv;Secdrv;c:\windows\system32\drivers\secdrv.sys [2004-7-17 20480]
S3 splitter;Microsoft Kernel Audio Splitter;c:\windows\system32\drivers\splitter.sys [2007-5-6 6272]
S3 streamip;BDA IPSink;c:\windows\system32\drivers\StreamIP.sys [2007-7-21 15232]
S3 swmidi;Microsoft Kernel GS Wavetable Synthesizer;c:\windows\system32\drivers\swmidi.sys [2007-5-6 56576]
S3 SwPrv;MS Software Shadow Copy Provider;c:\windows\system32\dllhost.exe /Processid:{EF69095C-3E80-4B5E-86CF-EA6FD7C399FF} [2004-8-3 5120]
S3 SysmonLog;Performance Logs and Alerts;c:\windows\system32\smlogsvc.exe [2004-8-3 89600]
S3 TDPIPE;TDPIPE;c:\windows\system32\drivers\TDPIPE.sys [2007-5-6 12040]
S3 TDTCP;TDTCP;c:\windows\system32\drivers\TDTCP.sys [2007-5-6 21896]
S3 upnphost;Universal Plug and Play Device Host;c:\windows\system32\svchost.exe -k LocalService [2004-8-3 14336]
S3 UPS;Uninterruptible Power Supply;c:\windows\system32\ups.exe [2004-8-3 18432]
S3 usbscan;USB Scanner Driver;c:\windows\system32\drivers\usbscan.sys [2007-7-21 15104]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 VSS;Volume Shadow Copy;c:\windows\system32\vssvc.exe [2004-8-3 289792]
S3 WDICA;WDICA; []
S3 WmdmPmSN;Portable Media Serial Number Service;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 Wmi;Windows Management Instrumentation Driver Extensions;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 WmiApSrv;WMI Performance Adapter;c:\windows\system32\wbem\wmiapsrv.exe [2007-5-6 126464]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service;"c:\program files\windows media player\WMPNetwk.exe" [2006-10-18 913408]
S3 WSTCODEC;World Standard Teletext Codec;c:\windows\system32\drivers\WSTCODEC.SYS [2007-7-21 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;c:\windows\system32\drivers\WudfPf.sys [2006-9-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;c:\windows\system32\drivers\wudfrd.sys [2006-9-28 82944]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;c:\windows\system32\svchost.exe -k WudfServiceGroup [2004-8-3 14336]
S3 xmlprov;Network Provisioning Service;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S4 Abiosdsk;Abiosdsk; []
S4 abp480n5;abp480n5; []
S4 ACPIEC;ACPIEC;c:\windows\system32\drivers\ACPIEC.sys [2001-8-23 11648]
S4 adpu160m;adpu160m; []
S4 Aha154x;Aha154x; []
S4 aic78u2;aic78u2; []
S4 aic78xx;aic78xx; []
S4 Alerter;Alerter;c:\windows\system32\svchost.exe -k LocalService [2004-8-3 14336]
S4 AliIde;AliIde; []
S4 amsint;amsint; []
S4 asc;asc; []
S4 asc3350p;asc3350p; []
S4 asc3550;asc3550; []
S4 Atdisk;Atdisk; []
S4 cbidf2k;cbidf2k;c:\windows\system32\drivers\cbidf2k.sys [2001-8-23 13952]
S4 cd20xrnt;cd20xrnt; []
S4 ClipSrv;ClipBook;c:\windows\system32\clipsrv.exe [2004-8-3 33280]
S4 CmdIde;CmdIde; []
S4 Cpqarray;Cpqarray; []
S4 dac960nt;dac960nt; []
S4 dmboot;dmboot;c:\windows\system32\drivers\dmboot.sys [2004-8-3 799744]
S4 dpti2o;dpti2o; []
S4 Fastfat;Fastfat;c:\windows\system32\drivers\Fastfat.sys [2004-8-3 143744]
S4 hpn;hpn; []
S4 i2omp;i2omp; []
S4 ini910u;ini910u; []
S4 IntelIde;IntelIde; []
S4 Messenger;Messenger;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S4 mraid35x;mraid35x; []
S4 NetDDE;Network DDE;c:\windows\system32\netdde.exe [2004-8-3 111104]
S4 NetDDEdsdm;Network DDE DSDM;c:\windows\system32\netdde.exe [2004-8-3 111104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"c:\windows\microsoft.net\framework\v3.0\windows communication foundation\SMSvcHost.exe" [2007-10-11 122880]
S4 Pcmcia;Pcmcia;c:\windows\system32\drivers\Pcmcia.sys [2004-8-3 120192]
S4 perc2;perc2; []
S4 perc2hib;perc2hib; []
S4 ql1080;ql1080; []
S4 Ql10wnt;Ql10wnt; []
S4 ql12160;ql12160; []
S4 ql1240;ql1240; []
S4 ql1280;ql1280; []
S4 RemoteAccess;Routing and Remote Access;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S4 Simbad;Simbad; []
S4 Sparrow;Sparrow; []
S4 sym_hi;sym_hi; []
S4 sym_u3;sym_u3; []
S4 symc810;symc810; []
S4 symc8xx;symc8xx; []
S4 TlntSvr;Telnet;c:\windows\system32\tlntsvr.exe [2004-8-3 73216]
S4 TosIde;TosIde; []
S4 Udfs;Udfs;c:\windows\system32\drivers\Udfs.sys [2004-8-3 66048]
S4 ultra;ultra; []
S4 ViaIde;ViaIde; []

=============== Created Last 30 ================

2008-12-01 12:31 250 a------- c:\windows\gmer.ini
2008-12-01 12:03 <DIR> a-dshr-- C:\cmdcons
2008-12-01 05:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-30 12:36 <DIR> --d----- c:\docume~1\jack\applic~1\Malwarebytes
2008-11-30 12:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-30 12:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 12:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-30 12:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 07:46 <DIR> --d----- c:\docume~1\jack\applic~1\McAfee
2008-11-29 22:39 9,977 a------- c:\windows\system32\Config.MPF
2008-11-29 22:35 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-11-29 22:35 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-11-29 22:35 79,240 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-11-29 22:35 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2008-11-29 22:34 <DIR> --d----- c:\program files\common files\McAfee
2008-11-29 22:34 <DIR> --d----- c:\program files\McAfee.com
2008-11-29 22:34 <DIR> --d----- c:\program files\McAfee
2008-11-29 22:29 34,152 a------- c:\windows\system32\drivers\mferkdk.sys
2008-11-29 10:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-11-29 10:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-29 10:34 <DIR> --d----- c:\docume~1\jack\applic~1\SUPERAntiSpyware.com
2008-11-29 08:29 <DIR> --d----- c:\windows\pss
2008-11-28 09:30 326 a------- c:\windows\wininit.ini
2008-11-16 16:34 <DIR> --d----- C:\pemicro
2008-11-13 18:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 18:23 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-11 05:31 0 a------- C:\LOG22.tmp
2008-11-05 06:56 0 a------- C:\LOG4A.tmp
2008-11-04 20:13 0 a------- C:\LOG6E.tmp
2008-11-03 09:28 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2008-11-03 09:28 21,504 a------- c:\windows\system32\hidserv.dll

==================== Find3M ====================

2008-12-01 12:01 389,120 a------- c:\windows\system32\CF20064.exe
2008-11-30 11:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-30 11:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-29 09:14 <DIR> --d----- c:\program files\Lavasoft
2008-11-29 08:57 44,544 a------- c:\windows\system32\alg.exe
2008-11-10 10:10 <DIR> --d----- c:\program files\MSECACHE
2008-10-27 16:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SQL Anywhere 10
2008-10-27 12:12 <DIR> --d----- c:\program files\common files\Intuit
2008-10-27 12:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2008-10-27 11:40 <DIR> --d----- c:\docume~1\jack\applic~1\Download Manager
2008-10-27 09:31 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2008-10-27 09:31 <DIR> --d----- c:\program files\Quicken
2008-10-27 08:54 <DIR> --d----- c:\program files\common files\Palo Alto Software
2008-10-24 13:57 <DIR> --d----- c:\program files\Trend Micro
2008-10-23 17:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-10-19 13:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\YesVideo
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-10 16:16 <DIR> --d----- c:\program files\Windows Installer Clean Up
2008-10-05 13:54 <DIR> --d----- c:\program files\Akamai
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-07-13 16:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-07-13 16:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simple Star
2008-07-13 16:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simple Star Shared
2008-07-13 16:13 <DIR> --d----- c:\docume~1\jack\applic~1\Simple Star
2008-04-22 07:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Diskeeper Corporation
2008-04-13 09:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ipswitch
2008-04-13 09:29 <DIR> --d----- c:\docume~1\jack\applic~1\AceBIT
2008-04-13 09:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AceBIT
2008-02-20 09:28 <DIR> --d----- c:\docume~1\jack\applic~1\webex
2007-12-12 18:44 <DIR> --d----- c:\docume~1\jack\applic~1\Stamps.com Internet Postage
2007-12-12 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{D9AA4D17-9292-410D-9AA5-84526D062900}
2007-12-12 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2007-12-12 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2007-12-12 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{876C6265-922D-4EF3-A784-71D72FF033C0}
2007-10-28 05:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\1Click DVD Copy Pro
2007-10-26 20:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2007-10-26 20:22 <DIR> --d----- c:\docume~1\jack\applic~1\Vso
2007-10-21 10:41 <DIR> --d----- c:\docume~1\jack\applic~1\Intuit
2007-10-01 17:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\COMMON FILES
2007-08-22 19:40 <DIR> --d----- c:\docume~1\jack\applic~1\Solmetric
2007-08-14 19:38 <DIR> --d----- c:\docume~1\jack\applic~1\Netscape
2007-07-26 15:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WinZipSE
2007-07-21 17:11 <DIR> --d----- c:\docume~1\jack\applic~1\Windows Desktop Search
2007-05-06 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Network Associates
2008-08-31 15:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 12:59:25.35 ===============

[sUBs]

Do another run with ComboFix & show me the log that's produced

[ramseyjack]

ComboFix 08-12-01.01 - jack 2008-12-02 6:10:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1350 [GMT -8:00]
Running from: c:\documents and settings\jack\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jack\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jack\Application Data\inst.exe
c:\windows\system32\awukaguw.ini
c:\windows\system32\etinemur.ini
c:\windows\system32\mumenawo.dll
c:\windows\system32\owanemum.ini
c:\windows\system32\vobuturi.dll
c:\windows\system32\wipotazi.dll
c:\windows\system32\wugakuwa.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-01 12:31 . 2008-12-01 12:31 250 --a------ c:\windows\gmer.ini
2008-12-01 05:51 . 2008-12-01 05:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-30 12:36 . 2008-11-30 12:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 12:36 . 2008-11-30 12:36 <DIR> d-------- c:\documents and settings\jack\Application Data\Malwarebytes
2008-11-30 12:36 . 2008-11-30 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 12:36 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 12:36 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-30 07:46 . 2008-11-30 07:46 <DIR> d-------- c:\documents and settings\jack\Application Data\McAfee
2008-11-29 22:50 . 2008-11-30 20:41 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-11-29 22:39 . 2008-11-29 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-29 22:39 . 2008-12-02 05:49 10,347 --a------ c:\windows\system32\Config.MPF
2008-11-29 22:35 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-29 22:35 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-29 22:35 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-29 22:35 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-29 22:34 . 2008-11-29 22:34 <DIR> d-------- c:\program files\McAfee.com
2008-11-29 22:34 . 2008-12-01 05:28 <DIR> d-------- c:\program files\McAfee
2008-11-29 22:34 . 2008-11-29 22:35 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-29 22:29 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-29 10:34 . 2008-12-01 05:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-29 10:34 . 2008-12-01 05:51 <DIR> d-------- c:\documents and settings\jack\Application Data\SUPERAntiSpyware.com
2008-11-29 10:34 . 2008-11-29 10:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-28 09:30 . 2008-11-29 10:03 326 --a------ c:\windows\wininit.ini
2008-11-16 16:34 . 2008-11-16 16:34 <DIR> d-------- C:\pemicro
2008-11-13 18:24 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 18:23 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 05:31 . 2008-11-11 05:31 0 --a------ C:\LOG22.tmp
2008-11-05 06:56 . 2008-11-05 06:56 0 --a------ C:\LOG4A.tmp
2008-11-04 20:13 . 2008-11-04 20:13 0 --a------ C:\LOG6E.tmp
2008-11-03 09:28 . 2008-04-13 17:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-03 09:28 . 2008-04-13 17:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 18:20 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-30 19:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-30 19:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-29 17:14 --------- d-----w c:\program files\Lavasoft
2008-11-29 16:57 44,544 ----a-w c:\windows\system32\alg.exe
2008-11-11 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-11 13:37 --------- d-----w c:\documents and settings\jack\Application Data\U3
2008-11-10 18:10 --------- d-----w c:\program files\MSECACHE
2008-10-28 00:22 --------- d-----w c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2008-10-27 20:12 --------- d-----w c:\program files\Common Files\Intuit
2008-10-27 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2008-10-27 19:40 --------- d-----w c:\documents and settings\jack\Application Data\Download Manager
2008-10-27 17:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 17:31 --------- d-----w c:\program files\Quicken
2008-10-27 17:31 --------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2008-10-27 16:54 --------- d-----w c:\program files\Common Files\Palo Alto Software
2008-10-24 21:57 --------- d-----w c:\program files\Trend Micro
2008-10-24 12:11 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 01:33 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-19 21:17 --------- d-----w c:\documents and settings\All Users\Application Data\YesVideo
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-11 00:16 --------- d-----w c:\program files\Windows Installer Clean Up
2008-10-10 17:27 60,744 ----a-w c:\documents and settings\jack\g2mdlhlpx.exe
2008-10-05 21:54 --------- d-----w c:\program files\Akamai
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-03-05 03:57 3,902,784 ----a-w c:\documents and settings\jack\gosetup.exe
2007-10-27 04:22 47,360 ----a-w c:\documents and settings\jack\Application Data\pcouffin.sys
2008-08-31 23:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8704e416-1511-46f3-9c95-96eb732f922f}]
c:\windows\system32\soyeviwa.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-26 160592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143360]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-09 925696]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"USRpdA"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-26 160592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-20 984352]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-02-09 6144]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-28 415072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\download\\FatSpaniel\\cgConfig_MSW-lite\\cgConfig-lite.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Professional\\ftpsync.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcIp.exe"=
"c:\\WINDOWS\\system32\\cisvc.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\services.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-29 203280]
R3 xpvcom;XPVCOM Port;c:\windows\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032]
S2 0086891228138165mcinstcleanup;McAfee Application Installer Cleanup (0086891228138165);c:\windows\TEMP\008689~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0066b7a-8668-11dd-98ae-000d88240d79}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{A5AFDE3E-AD7B-4679-92D6-BD41DEDD0126}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\jack\Application Data\Mozilla\Firefox\Profiles\5iwzbocg.default\
FF -: plugin - c:\documents and settings\jack\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.2.1202.1501\npCIDetect11.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 06:12:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\sxs.dll

- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2008-12-02 6:15:06
ComboFix-quarantined-files.txt 2008-12-02 14:13:48

Pre-Run: 22,474,219,520 bytes free
Post-Run: 22,483,578,880 bytes free

222 --- E O F --- 2008-11-14 02:30:03

Thanks,

Jack

[sUBs]

Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:

File::
C:\LOG22.tmp
C:\LOG4A.tmp
C:\LOG6E.tmp
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8704e416-1511-46f3-9c95-96eb732f922f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USRpdA"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\cisvc.exe"=-
"c:\\WINDOWS\\system32\\services.exe"=-

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------


In your next post, please include fresh logs from:

1. Online scan
2. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[ramseyjack]

I ran Kaspersky for 3 hours (was finished with the c: drive) and got a single file in quarantine "trojan.win32.monder.aamw". Noticed there was a popup from the kaspersky site and when I enabled it, the scan stopped and logs gone. I have restarted but probably will take overnight to rescan.

combofix log below:

Computer appears MUCH better, and popups have disappeared. Thank you, Will donate for your invaluable service.

Thanks again,

Jack


ComboFix 08-12-01.01 - jack 2008-12-02 7:38:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1364 [GMT -8:00]
Running from: c:\documents and settings\jack\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jack\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\LOG22.tmp
C:\LOG4A.tmp
C:\LOG6E.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG22.tmp
C:\LOG4A.tmp
C:\LOG6E.tmp

.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-01 12:31 . 2008-12-01 12:31 250 --a------ c:\windows\gmer.ini
2008-12-01 05:51 . 2008-12-01 05:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-30 12:36 . 2008-11-30 12:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 12:36 . 2008-11-30 12:36 <DIR> d-------- c:\documents and settings\jack\Application Data\Malwarebytes
2008-11-30 12:36 . 2008-11-30 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 12:36 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 12:36 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-30 07:46 . 2008-11-30 07:46 <DIR> d-------- c:\documents and settings\jack\Application Data\McAfee
2008-11-29 22:50 . 2008-11-30 20:41 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-11-29 22:39 . 2008-11-29 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-29 22:39 . 2008-12-02 07:02 10,347 --a------ c:\windows\system32\Config.MPF
2008-11-29 22:35 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-29 22:35 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-29 22:35 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-29 22:35 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-29 22:34 . 2008-11-29 22:34 <DIR> d-------- c:\program files\McAfee.com
2008-11-29 22:34 . 2008-12-01 05:28 <DIR> d-------- c:\program files\McAfee
2008-11-29 22:34 . 2008-11-29 22:35 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-29 22:29 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-29 10:34 . 2008-12-01 05:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-29 10:34 . 2008-12-01 05:51 <DIR> d-------- c:\documents and settings\jack\Application Data\SUPERAntiSpyware.com
2008-11-29 10:34 . 2008-11-29 10:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-28 09:30 . 2008-11-29 10:03 326 --a------ c:\windows\wininit.ini
2008-11-16 16:34 . 2008-11-16 16:34 <DIR> d-------- C:\pemicro
2008-11-13 18:24 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 18:23 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-03 09:28 . 2008-04-13 17:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-03 09:28 . 2008-04-13 17:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 18:20 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-30 19:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-30 19:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-30 15:46 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-29 17:14 --------- d-----w c:\program files\Lavasoft
2008-11-29 16:57 44,544 ----a-w c:\windows\system32\alg.exe
2008-11-11 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-11 13:37 --------- d-----w c:\documents and settings\jack\Application Data\U3
2008-11-10 18:10 --------- d-----w c:\program files\MSECACHE
2008-10-28 00:22 --------- d-----w c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2008-10-27 20:12 --------- d-----w c:\program files\Common Files\Intuit
2008-10-27 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2008-10-27 19:40 --------- d-----w c:\documents and settings\jack\Application Data\Download Manager
2008-10-27 17:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 17:31 --------- d-----w c:\program files\Quicken
2008-10-27 17:31 --------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2008-10-27 16:54 --------- d-----w c:\program files\Common Files\Palo Alto Software
2008-10-24 21:57 --------- d-----w c:\program files\Trend Micro
2008-10-24 12:11 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 01:33 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-19 21:17 --------- d-----w c:\documents and settings\All Users\Application Data\YesVideo
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-11 00:16 --------- d-----w c:\program files\Windows Installer Clean Up
2008-10-10 17:27 60,744 ----a-w c:\documents and settings\jack\g2mdlhlpx.exe
2008-10-05 21:54 --------- d-----w c:\program files\Akamai
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-03-05 03:57 3,902,784 ----a-w c:\documents and settings\jack\gosetup.exe
2007-10-27 04:22 47,360 ----a-w c:\documents and settings\jack\Application Data\pcouffin.sys
2008-08-31 23:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-02_ 6.13.25.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-02 15:01:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 312848]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-26 160592]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143360]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-09 925696]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-26 160592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-20 984352]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-02-09 6144]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-28 415072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\download\\FatSpaniel\\cgConfig_MSW-lite\\cgConfig-lite.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Professional\\ftpsync.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcIp.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-11-29 203280]
R3 xpvcom;XPVCOM Port;c:\windows\system32\DRIVERS\XPVCOM.sys [2007-03-23 30032]
S2 0086891228138165mcinstcleanup;McAfee Application Installer Cleanup (0086891228138165);c:\windows\TEMP\008689~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0066b7a-8668-11dd-98ae-000d88240d79}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-11-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{A5AFDE3E-AD7B-4679-92D6-BD41DEDD0126}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 07:40:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2008-12-02 7:41:47
ComboFix-quarantined-files.txt 2008-12-02 15:41:41
ComboFix2.txt 2008-12-02 14:15:09

Pre-Run: 22,490,034,176 bytes free
Post-Run: 22,471,544,832 bytes free

203 --- E O F --- 2008-11-14 02:30:03

[sUBs]

I shall wait for the Kaspersky scan results. We should be near the end now. Just need to see if there's any stragglers

[ramseyjack]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 02, 2008 20:35:17
Records in database: 1432531
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Z:\

Scan statistics:
Files scanned: 119040
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:53:13


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\wugakuwa.dll.vir Infected: Trojan.Win32.Monder.aamw 1


The selected area was scanned.

[sUBs]

C:\QooBox\ is ComboFix's quarantine folder. We'll take care of it when we uninstall ComboFix


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

1. Uninstall ComboFix ... do not skip this step
   This process will perform some post cleanup measures.
   Do this by going to to Start > Run & typing in ComboFix /u
   
   
   
2. ANTIVIRUS SOFTWARE
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
3. Microsoft Windows Update → http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
4. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

[ramseyjack]

Done and Thank you!! Have posted donation.
Thanks again,

Jack