here is part 2
----a-w 513,024 2008-02-06 19:17:45 C:\Program Files\McAfee.com\Agent\MCF024~1 .EXE
----a-w 513,024 2008-02-06 23:25:08 C:\Program Files\McAfee.com\Agent\MCF024~2 .EXE
----a-w 513,024 2008-02-07 01:51:50 C:\Program Files\McAfee.com\Agent\MCF024~3 .EXE
----a-w 513,024 2008-02-07 01:55:28 C:\Program Files\McAfee.com\Agent\MCF024~4 .EXE
----a-w 513,024 2008-02-11 23:04:19 C:\Program Files\McAfee.com\Agent\MCF71D~1 .EXE
----a-w 513,024 2008-02-12 00:10:58 C:\Program Files\McAfee.com\Agent\MCF71D~2 .EXE
----a-w 513,024 2008-02-07 23:28:55 C:\Program Files\McAfee.com\Agent\MCF814~1 .EXE
----a-w 513,024 2008-02-07 23:50:05 C:\Program Files\McAfee.com\Agent\MCF814~2 .EXE
----a-w 513,024 2008-02-08 00:28:04 C:\Program Files\McAfee.com\Agent\MCF814~3 .EXE
----a-w 513,024 2008-02-08 00:51:02 C:\Program Files\McAfee.com\Agent\MCF814~4 .EXE
----a-w 513,024 2008-01-29 03:06:03 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 513,024 2008-01-30 00:13:44 C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
----a-w 513,024 2008-01-30 02:17:05 C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w 513,024 2008-01-30 06:15:36 C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w 513,024 2008-01-30 21:23:54 C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
----a-w 139,264 2008-01-29 02:50:39 C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w 1,670,144 2008-02-11 23:06:02 C:\Program Files\Messenger\msmsgs .exe
----a-w 241,714 2008-01-29 02:50:15 C:\Program Files\Microsoft Money\System\Activation .exe
----a-w 652,288 2008-02-12 00:10:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 23:04:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 06:54:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 04:16:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-11 03:07:48 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 23:57:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 17:19:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 16:14:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-10 06:41:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 18:09:24 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 06:04:53 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 04:55:32 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-09 03:51:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 15:32:20 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:51:03 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-08 00:28:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:50:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 23:28:56 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 06:13:35 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 05:42:26 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:58:23 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 02:01:12 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:55:30 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-07 01:51:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 23:25:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-06 19:17:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 23:05:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-05 01:54:22 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 23:06:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:38:36 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 22:23:44 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-03 20:40:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 19:42:42 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 05:41:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:48:15 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:40:50 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:34:49 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:33:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 04:31:06 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-02 02:57:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-01 22:50:43 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-02-01 03:44:54 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-31 16:25:37 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-31 00:30:16 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-31 00:22:16 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 21:23:57 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 06:15:38 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 02:17:08 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-30 00:13:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 03:06:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 02:49:59 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 01:39:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-29 01:31:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-28 02:15:31 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-28 00:53:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-28 00:02:46 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-27 18:02:11 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 18:45:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 17:53:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 05:50:14 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 04:32:19 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-26 04:07:25 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-25 05:42:05 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-25 04:42:06 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 05:22:52 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 05:13:32 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 04:45:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 03:23:01 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 03:02:31 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-24 02:19:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-23 01:54:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 16:58:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 15:22:09 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-22 06:50:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 22:40:00 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 22:19:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 21:59:20 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 21:44:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 17:31:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-21 03:27:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 23:32:53 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 22:11:00 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 22:03:16 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:57:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:19:39 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:14:06 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 21:00:07 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 18:40:11 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-20 04:54:17 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 20:58:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 20:04:27 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 18:51:30 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 18:07:45 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 05:57:22 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 05:45:55 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 04:06:27 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 03:45:51 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 03:27:13 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 02:37:43 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-19 01:09:34 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 15:15:23 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 04:58:21 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 01:33:18 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 01:25:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-18 01:00:56 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 14:50:27 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 05:02:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 03:57:14 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 03:02:58 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-17 01:35:13 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 15:55:40 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 15:18:04 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 05:50:33 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-16 04:48:10 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-15 15:23:48 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-15 07:11:44 C:\Program Files\QuickTime\qttask .exe
----a-w 652,288 2008-01-15 07:03:16 C:\Program Files\QuickTime\qttask .exe
----a-w 26,112 2008-01-29 02:50:23 C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w 679,936 2008-01-29 02:50:35 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
----a-w 380,928 2008-01-29 02:50:50 C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
----a-w 57,344 2008-01-29 02:50:48 C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w 90,112 2008-01-29 02:50:10 C:\WINDOWS\UpdReg .EXE
----a-w 145,408 2008-02-07 23:39:06 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 28,672 2008-01-29 02:50:12 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 174,592 2008-01-29 02:49:18 C:\WINDOWS\SYSTEM32\lexpps .exe
----a-w 406,016 2008-01-29 02:50:40 C:\WINDOWS\SYSTEM32\PSDrvCheck .exe
</pre>[/code]
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{785CED62-39E7-412E-900B-671549848F75}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
R3 BENDER;Pinnacle DV/AV Capture;C:\WINDOWS\System32\drivers\bender.sys [2003-09-25 11:19]
R3 HPFXBULK;HPFXBULK;C:\WINDOWS\System32\drivers\hpfxbulk.sys [2005-09-20 02:22]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 09:30]
S3 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 09:29]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-28 18:30:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-09-28 03:10:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1064718538.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
"2003-02-28 04:50:33 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-02-16 20:23:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Alex).job"
- C:\PROGRA~1\McAfee.com\Agent\MCF814~4 .EX
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:25:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Olivia).job"
- C:\PROGRA~1\McAfee.com\Agent\MC9890~2 .EX
- C:\PROGRA~1\McAfee.com\Agent.OliviaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-02-16 20:24:00 C:\WINDOWS\Tasks\McAfee.com Update Check (BOWNFAMILY-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\MCF71D~2 .EX
- C:\PROGRA~1\McAfee.com\Agen
"2008-02-16 20:25:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DD6RTF21-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:27:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONY-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agen
"2008-02-16 20:23:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Alex).job"
- C:\PROGRA~1\McAfee.com\Agent\MCUPDA~1 .EX
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:25:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-bla).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:26:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Brennan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:27:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Garrett).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-02-16 20:25:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Olivia).job"
- C:\PROGRA~1\McAfee.com\Agent\McUpdate .ex
- C:\PROGRA~1\McAfee.com\Agent.OliviaXMcAfee.com SecurityCenter periodically checks for updates for your McAfee.com Services.
"2008-02-16 20:24:00 C:\WINDOWS\Tasks\McAfee.com Update Check (TONYHOME-Tony Bown).job"
- C:\PROGRA~1\McAfee.com\Agent\McUpdate .ex
- C:\PROGRA~1\McAfee.com\Agen
"2007-03-07 17:56:26 C:\WINDOWS\Tasks\WebReg ENU.job"
- c:\program files\hewlett-packard\digital imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-16 12:26:55
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-16 12:27:48
ComboFix-quarantined-files.txt 2008-02-16 20:27:26
ComboFix2.txt 2008-02-16 16:21:34
.
2008-02-02 04:44:03 --- E O F ---