BHowett,
I had my brother disable his McAfee and Super Spyware but when running Combo fix he said Windows security stop "EICAR TEST FILE".
He let the scans run anyways and sent me the logs
ComboFix 08-04-11.5 - Keith 2008-04-15 16:10:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.581 [GMT -4:00]
Running from: C:\Documents and Settings\Keith\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Keith\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\system32\lmfuhcbs.exe
C:\WINDOWS\system32\mpoxefap.exe
C:\WINDOWS\system32\yxmzovqf.exe
C:\WINDOWS\system32\zwhingdi.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-12 16:29 . 2008-04-12 16:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-12 16:29 . 2008-04-12 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 10:38 . 2008-04-15 16:00 9,017 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-12 10:37 . 2008-04-14 15:28 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-04-12 10:37 . 2008-04-14 07:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-12 10:37 . 2008-04-15 14:49 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\SiteAdvisor
2008-04-12 10:37 . 2008-04-12 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-12 10:37 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-04-12 10:36 . 2008-04-12 10:36 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-12 10:36 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-12 10:36 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-12 10:36 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-12 10:36 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-12 10:36 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-12 10:36 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-12 10:35 . 2008-04-12 10:37 <DIR> d-------- C:\Program Files\McAfee
2008-04-12 10:35 . 2008-04-12 10:36 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-12 10:00 . 2008-04-12 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-11 18:56 . 2008-04-11 18:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-11 18:50 . 2008-04-11 19:07 <DIR> d-------- C:\SDFix
2008-04-08 18:59 . 2008-04-08 18:59 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-07 20:34 . 2008-04-07 20:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 20:04 . 2008-04-07 20:04 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-06 19:18 . 2008-04-06 19:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-06 19:18 . 2008-04-06 19:44 4,642 --a------ C:\WINDOWS\unins000.dat
2008-04-06 17:55 . 2008-04-12 10:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 17:55 . 2008-04-12 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 16:12 . 2008-04-06 16:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 15:07 . 2008-04-06 18:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-06 13:36 . 2008-04-06 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-06 10:33 . 2008-04-08 08:01 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\TmpRecentIcons
2008-04-05 23:04 . 2008-04-08 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjobmnsx
2008-04-02 16:44 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\towers_pc
2008-03-30 11:39 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-03-30 11:38 . 2008-03-30 11:39 <DIR> d-------- C:\Program Files\Strawberry Shortcake
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 22:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 16:41 5,483 ----a-w C:\WINDOWS\java\Packages\SGR93XF7.ZIP
2008-04-13 16:41 3,113,844 ----a-w C:\WINDOWS\java\Packages\7RDBTZRX.ZIP
2008-04-12 14:19 --------- d-----w C:\Program Files\BFG
2008-04-12 13:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-12 13:56 --------- d-----w C:\Program Files\Symantec
2008-04-12 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-11 17:11 5,483 ----a-w C:\WINDOWS\java\Packages\5BN77H3T.ZIP
2008-04-11 17:11 2,998,092 ----a-w C:\WINDOWS\java\Packages\CC60Y7PZ.ZIP
2008-04-11 00:39 --------- d-----w C:\Program Files\Oberon Media
2008-04-11 00:38 5,483 ----a-w C:\WINDOWS\java\Packages\8HBDRBF3.ZIP
2008-04-11 00:38 2,679,460 ----a-w C:\WINDOWS\java\Packages\Z5ZZ9VB3.ZIP
2008-04-10 01:13 5,483 ----a-w C:\WINDOWS\java\Packages\JNFNLVPN.ZIP
2008-04-10 01:13 2,488,744 ----a-w C:\WINDOWS\java\Packages\6CK5VJPR.ZIP
2008-04-09 19:59 5,483 ----a-w C:\WINDOWS\java\Packages\W0BXNTZ7.ZIP
2008-04-09 19:59 1,946,947 ----a-w C:\WINDOWS\java\Packages\QAXZRJBF.ZIP
2008-04-09 19:35 2,018,968 ----a-w C:\WINDOWS\java\Packages\UT3DBV5B.ZIP
2008-04-09 19:35 14,138 ----a-w C:\WINDOWS\java\Packages\SW93HVPR.ZIP
2008-04-06 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-04-06 22:51 --------- d-----w C:\Program Files\Ahead
2008-04-06 22:35 --------- d-----w C:\Program Files\Google
2008-04-06 22:05 --------- d-----w C:\Program Files\Yahoo!
2008-04-06 19:20 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-04-06 19:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 19:02 --------- d-----w C:\Documents and Settings\Keith\Application Data\Lavasoft
2008-04-06 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-02 17:15 1,474,504 ----a-w C:\WINDOWS\java\Packages\6BHNVDN5.ZIP
2008-04-02 16:32 2,662,551 ----a-w C:\WINDOWS\java\Packages\8LFT7Z57.ZIP
2008-04-01 16:54 2,521,594 ----a-w C:\WINDOWS\java\Packages\UXBZH33T.ZIP
2008-03-30 23:52 3,495,221 ----a-w C:\WINDOWS\java\Packages\DBFLVF53.ZIP
2008-03-30 23:42 3,026,983 ----a-w C:\WINDOWS\java\Packages\RZZBDB3N.ZIP
2008-03-28 22:15 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-03-27 17:39 2,416,174 ----a-w C:\WINDOWS\java\Packages\SMDBZX3D.ZIP
2008-03-25 16:59 --------- d-----w C:\Documents and Settings\Keith\Application Data\funkitron
2008-03-24 23:47 2,341,860 ----a-w C:\WINDOWS\java\Packages\NNBRFB37.ZIP
2008-03-24 01:30 --------- d-----w C:\Documents and Settings\Keith\Application Data\iWin
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 17:02 2,219,729 ----a-w C:\WINDOWS\java\Packages\XV1RT397.ZIP
2008-03-13 15:57 2,366,477 ----a-w C:\WINDOWS\java\Packages\HNJXN7TF.ZIP
2008-03-12 16:35 1,900,820 ----a-w C:\WINDOWS\java\Packages\6DBN1VVX.ZIP
2008-03-11 22:38 2,132,056 ----a-w C:\WINDOWS\java\Packages\75FDJXZZ.ZIP
2008-03-11 18:02 2,204,094 ----a-w C:\WINDOWS\java\Packages\T7F1RDJB.ZIP
2008-03-11 17:12 2,234,705 ----a-w C:\WINDOWS\java\Packages\8X7TBHZ5.ZIP
2008-03-08 18:25 109,733 ----a-w C:\WINDOWS\java\Packages\M0M8FRTV.ZIP
2008-03-08 18:25 1,893,949 ----a-w C:\WINDOWS\java\Packages\QW9B1FZ5.ZIP
2008-03-08 18:18 2,776,859 ----a-w C:\WINDOWS\java\Packages\2RD33PJZ.ZIP
2008-03-08 16:06 3,099,259 ----a-w C:\WINDOWS\java\Packages\5NVDZ3H7.ZIP
2008-03-08 16:02 1,958,664 ----a-w C:\WINDOWS\java\Packages\JLZVLJNV.ZIP
2008-03-07 18:54 1,718,493 ----a-w C:\WINDOWS\java\Packages\PVDVVTZ3.ZIP
2008-03-07 02:39 --------- d-----w C:\Documents and Settings\Keith\Application Data\PlayFirst
2008-03-06 18:34 --------- d-----w C:\Documents and Settings\Keith\Application Data\Gamelab
2008-03-06 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\DivoGames
2008-03-05 21:23 --------- d-----w C:\Program Files\iTunes
2008-03-05 21:23 --------- d-----w C:\Program Files\iPod
2008-03-05 21:21 --------- d-----w C:\Program Files\QuickTime
2008-03-05 17:55 2,066,500 ----a-w C:\WINDOWS\java\Packages\I3LR1VTB.ZIP
2008-03-05 17:20 109,738 ----a-w C:\WINDOWS\java\Packages\YG3LBJXN.ZIP
2008-03-05 17:20 1,979,390 ----a-w C:\WINDOWS\java\Packages\1V5N1RX7.ZIP
2008-03-05 01:49 3,607,248 ----a-w C:\WINDOWS\java\Packages\8MJ1FVX7.ZIP
2008-03-02 16:00 2,871,058 ----a-w C:\WINDOWS\java\Packages\KJ97TBPN.ZIP
2008-03-02 01:32 1,853,181 ----a-w C:\WINDOWS\java\Packages\CGT7PB35.ZIP
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 15:51 1,982,909 ----a-w C:\WINDOWS\java\Packages\HB9JLBLF.ZIP
2008-02-26 18:38 2,631,300 ----a-w C:\WINDOWS\java\Packages\L3D317NL.ZIP
2008-02-26 18:36 1,648,735 ----a-w C:\WINDOWS\java\Packages\L7VJBBFX.ZIP
2008-02-24 02:05 2,207,833 ----a-w C:\WINDOWS\java\Packages\FR5JP7L7.ZIP
2008-02-21 18:07 --------- d-----w C:\Documents and Settings\Keith\Application Data\Chasing Dogs Studios
2008-02-21 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 03:32 1,240,023 ----a-w C:\WINDOWS\java\Packages\C4Q9BTZZ.ZIP
2008-02-16 23:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-02-16 02:03 --------- d-----w C:\Documents and Settings\Keith\Application Data\Valusoft
2008-02-16 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Valusoft
2008-02-14 19:24 2,178,651 ----a-w C:\WINDOWS\java\Packages\B5FLJ571.ZIP
2008-02-07 02:40 2,193,315 ----a-w C:\WINDOWS\java\Packages\7XJ9BJLV.ZIP
2008-02-01 21:04 2,450,535 ----a-w C:\WINDOWS\java\Packages\VLFP7XBX.ZIP
2008-01-31 22:49 9,488 ----a-w C:\WINDOWS\java\Packages\APNHFN1B.ZIP
2008-01-31 22:49 2,170,449 ----a-w C:\WINDOWS\java\Packages\SQ9FRLRX.ZIP
2008-01-30 21:58 2,879,648 ----a-w C:\WINDOWS\java\Packages\N9BLJBN9.ZIP
2008-01-26 20:42 1,923,619 ----a-w C:\WINDOWS\java\Packages\N1397B57.ZIP
2008-01-23 21:41 1,749,502 ----a-w C:\WINDOWS\java\Packages\13P71JXV.ZIP
2008-01-23 20:11 11,003 ----a-w C:\WINDOWS\java\Packages\TF97TZ7B.ZIP
2008-01-21 22:08 2,105,514 ----a-w C:\WINDOWS\java\Packages\LZNHZZZT.ZIP
2008-01-20 22:17 1,274,619 ----a-w C:\WINDOWS\java\Packages\OKN3LRBH.ZIP
2008-01-17 13:28 2,672,108 ----a-w C:\WINDOWS\java\Packages\JFHJTBFJ.ZIP
2008-01-16 19:06 2,206,619 ----a-w C:\WINDOWS\java\Packages\QJ71BF5N.ZIP
2006-11-13 02:51 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-11-08 13:38 1,226,074 ----a-w C:\Program Files\aresregular193_installer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-11_19.19.49.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-15 20:05:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-15 20:05:39 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-15 20:05:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-09 17:56:56 196,960 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-13 00:20:54 196,160 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-04-15 11:38:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_d88.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-06 18:38 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 06:39 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49 7286784]
"nwiz"="nwiz.exe" [2005-10-10 21:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 21:49 86016]
"WUSB54Gv4"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 09:19 24576]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-07-12 12:44 20480]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 21:09 842584]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 08:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 23:15:54 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-06 18:38 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
S2 0143611208010974mcinstcleanup;McAfee Application Installer Cleanup (0143611208010974);C:\DOCUME~1\Keith\LOCALS~1\Temp\
014361~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 PNDIS5;PNDIS5 NDIS Protocol Driver;F:\PNDIS5.SYS []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-05-07 13:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e6fd84f-cc68-11da-94dd-806d6172696f}]
\Shell\AutoRun\command - D:\Autorun.exe root.ini
*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 14:36:10 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-12 14:36:09 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-15 16:13:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
Completion time: 2008-04-15 16:14:16
ComboFix-quarantined-files.txt 2008-04-15 20:14:03
ComboFix2.txt 2008-04-12 20:16:15
ComboFix3.txt 2008-04-11 23:20:06
Pre-Run: 36,426,145,792 bytes free
Post-Run: 36,413,628,416 bytes free
.
2008-04-08 23:00:19 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cox.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: 3 Point Showdown by pogo -
http://game1.pogo.co...point-en_US.cabO16 - DPF: Aces Up! by pogo -
http://game3.pogo.co.../aces-en_US.cabO16 - DPF: Addiction by pogo -
http://game3.pogo.co...ction-en_US.cabO16 - DPF: All Star Football by pogo -
http://game1.pogo.co...tarfb-en_US.cabO16 - DPF: All-In Texas Hold'em by pogo -
http://game1.pogo.co...allin-en_US.cabO16 - DPF: Backgammon by pogo -
http://game3.pogo.co...ammon-en_US.cabO16 - DPF: Bingo Luau by pogo -
http://game3.pogo.co...bingo-en_US.cabO16 - DPF: Blackjack by pogo -
http://game3.pogo.co...kjack-en_US.cabO16 - DPF: Blackjack Carnival by pogo -
http://game1.pogo.co...jack2-en_US.cabO16 - DPF: Blooop by pogo -
http://game3.pogo.co...scade-en_US.cabO16 - DPF: Bowling by pogo -
http://game3.pogo.co...wling-en_US.cabO16 - DPF: Canasta by pogo -
http://game1.pogo.co...nasta-en_US.cabO16 - DPF: Checkers by pogo -
http://game1.pogo.co...ckers-en_US.cabO16 - DPF: Chess by pogo -
http://game1.pogo.co...hess2-en_US.cabO16 - DPF: Cribbage by pogo -
http://game1.pogo.co...bbage-en_US.cabO16 - DPF: Dice City Roller by pogo -
http://game3.pogo.co...z/ytz-en_US.cabO16 - DPF: Dice Derby by pogo -
http://game1.pogo.co...dflag-en_US.cabO16 - DPF: Dominoes by pogo -
http://game1.pogo.co...omino-en_US.cabO16 - DPF: Dominoes v2 by pogo -
http://game3.pogo.co...mino2-en_US.cabO16 - DPF: Double Deuce Poker by pogo -
http://game1.pogo.co...deuce-en_US.cabO16 - DPF: Euchre by pogo -
http://game1.pogo.co...uchre-en_US.cabO16 - DPF: First Class Solitaire by pogo -
http://game3.pogo.co...lass2-en_US.cabO16 - DPF: Fortune Bingo by pogo -
http://game1.pogo.co...bingo-en_US.cabO16 - DPF: Greenback Bayou by pogo -
http://game1.pogo.co...nback-en_US.cabO16 - DPF: Hangman Hijinks by pogo -
http://game1.pogo.co...ngman-en_US.cabO16 - DPF: Harvest Mania by pogo -
http://game1.pogo.co...rvest-en_US.cabO16 - DPF: Hearts by pogo -
http://game1.pogo.co...earts-en_US.cabO16 - DPF: Heavy Cannon by pogo -
http://www.pogo.com/...annon-en_US.cabO16 - DPF: High Stakes Poker by pogo -
http://game1.pogo.co...poker-en_US.cabO16 - DPF: High Stakes Pool by pogo -
http://game1.pogo.co.../pool-en_US.cabO16 - DPF: Hog Heaven Slots by pogo -
http://game3.pogo.co...fancy-en_US.cabO16 - DPF: Its Outta Here 2 by pogo -
http://game1.pogo.co...fhere-en_US.cabO16 - DPF: Jokers Wild Poker by pogo -
http://game1.pogo.co...swild-en_US.cabO16 - DPF: Jungle Gin by pogo -
http://game1.pogo.co.../gin2-en_US.cabO16 - DPF: KenoPop! by pogo -
http://game3.pogo.co...dkeno-en_US.cabO16 - DPF: Lost Temple Poker by pogo -
http://game1.pogo.co...poker-en_US.cabO16 - DPF: Lottso by pogo -
http://game1.pogo.co...ottso-en_US.cabO16 - DPF: Mah Jong Garden by pogo -
http://game3.pogo.co...jong2-en_US.cabO16 - DPF: Mahjong Safari by Pogo -
http://game3.pogo.co...afari-en_US.cabO16 - DPF: Makeover Madness by pogo -
http://game1.pogo.co...shoes-en_US.cabO16 - DPF: NASCAR Web Racing by pogo -
http://game1.pogo.co...ascar-en_US.cabO16 - DPF: No-Limit Texas Hold'em by pogo -
http://game1.pogo.co...allin-en_US.cabO16 - DPF: Pai Gow by pogo -
http://game1.pogo.co...aigow-en_US.cabO16 - DPF: Payday Freecell Solitaire by pogo -
http://game1.pogo.co...cell2-en_US.cabO16 - DPF: Penguin Blocks by pogo -
http://game1.pogo.co...guins-en_US.cabO16 - DPF: Perfect Pair Solitaire by pogo -
http://game1.pogo.co...wheel-en_US.cabO16 - DPF: Phlinx by pogo -
http://game3.pogo.co...inger-en_US.cabO16 - DPF: Pinochle by pogo -
http://game1.pogo.co...ochle-en_US.cabO16 - DPF: Pop Fu by pogo -
http://game1.pogo.co...popfu-en_US.cabO16 - DPF: Poppit by pogo -
http://game3.pogo.co...ppit2-en_US.cabO16 - DPF: Pseudoku by pogo -
http://game3.pogo.co...udoku-en_US.cabO16 - DPF: Quick Quack by pogo -
http://game1.pogo.co...treak-en_US.cabO16 - DPF: QWERTY by pogo -
http://game1.pogo.co...uares-en_US.cabO16 - DPF: Ricochet by pogo -
http://game1.pogo.co...ochet-en_US.cabO16 - DPF: Ride The Tide by pogo -
http://game3.pogo.co.../ride-en_US.cabO16 - DPF: Shuffle Bump by pogo -
http://game3.pogo.co.../puck-en_US.cabO16 - DPF: Spades 2 by pogo -
http://game3.pogo.co...ades2-en_US.cabO16 - DPF: Spider Solitaire by pogo -
http://game1.pogo.co...pider-en_US.cabO16 - DPF: Spooky Slots -
http://game1.pogo.co...pooky-en_US.cabO16 - DPF: Squelchies by pogo -
http://game1.pogo.co...chies-en_US.cabO16 - DPF: Stax by pogo -
http://game3.pogo.co.../stax-en_US.cabO16 - DPF: Stellar Sweeper by pogo -
http://game1.pogo.co...eeper-en_US.cabO16 - DPF: Super Dominoes by pogo -
http://game3.pogo.co...omino-en_US.cabO16 - DPF: Sweet Tooth 2 by Pogo -
http://game3.pogo.co...ooth2-en_US.cabO16 - DPF: Sweet Tooth TM by pogo -
http://game1.pogo.co...tooth-en_US.cabO16 - DPF: Tank Hunter by pogo -
http://www.pogo.com/.../tank-en_US.cabO16 - DPF: Texas Hold'em Poker by pogo -
http://game3.pogo.co...oldem-en_US.cabO16 - DPF: The Sims Pinball by pogo -
http://game1.pogo.co...mball-en_US.cabO16 - DPF: Thousand Island Solitaire by pogo -
http://game3.pogo.co...lbrae-en_US.cabO16 - DPF: Top Down Baseball Challenge by pogo -
http://game1.pogo.co...down2-en_US.cabO16 - DPF: Tri-Peaks by pogo -
http://game3.pogo.co...peaks-en_US.cabO16 - DPF: Tumble Bees by pogo -
http://game3.pogo.co...mbee2-en_US.cabO16 - DPF: Turbo 21 v2 by pogo -
http://game1.pogo.co...rbo22-en_US.cabO16 - DPF: Vaults of Atlantis Slots by pogo -
http://game1.pogo.co...slots-en_US.cabO16 - DPF: Vert Skater by pogo -
http://game1.pogo.co...kater-en_US.cabO16 - DPF: Wonderland Memories by pogo -
http://game1.pogo.co...ories-en_US.cabO16 - DPF: Word Craft by pogo -
http://game1.pogo.co...abble-en_US.cabO16 - DPF: Word Search Daily by pogo -
http://game3.pogo.co...earch-en_US.cabO16 - DPF: Word Whomp by pogo -
http://game3.pogo.co...homp2-en_US.cabO16 - DPF: Word Whomp Whackdown by pogo -
http://game1.pogo.co...kdown-en_US.cabO16 - DPF: WordJong by pogo -
http://game1.pogo.co...djong-en_US.cabO16 - DPF: World Class Solitaire by pogo -
http://game1.pogo.co...class-en_US.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://a532.g.akamai...l/installer.exeO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Application Installer Cleanup (0143611208010974) (0143611208010974mcinstcleanup) - Unknown owner - C:\DOCUME~1\Keith\LOCALS~1\Temp\014361~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 18539 bytes
ComboFix 08-04-11.5 - Keith 2008-04-15 16:10:26.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.581 [GMT -4:00]
Running from: C:\Documents and Settings\Keith\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Keith\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\system32\lmfuhcbs.exe
C:\WINDOWS\system32\mpoxefap.exe
C:\WINDOWS\system32\yxmzovqf.exe
C:\WINDOWS\system32\zwhingdi.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-12 16:29 . 2008-04-12 16:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-12 16:29 . 2008-04-12 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 10:38 . 2008-04-15 16:00 9,017 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-12 10:37 . 2008-04-14 15:28 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-04-12 10:37 . 2008-04-14 07:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-12 10:37 . 2008-04-15 14:49 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\SiteAdvisor
2008-04-12 10:37 . 2008-04-12 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-12 10:37 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-04-12 10:36 . 2008-04-12 10:36 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-12 10:36 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-12 10:36 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-12 10:36 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-12 10:36 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-12 10:36 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-12 10:36 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-12 10:35 . 2008-04-12 10:37 <DIR> d-------- C:\Program Files\McAfee
2008-04-12 10:35 . 2008-04-12 10:36 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-12 10:00 . 2008-04-12 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-11 18:56 . 2008-04-11 18:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-11 18:50 . 2008-04-11 19:07 <DIR> d-------- C:\SDFix
2008-04-08 18:59 . 2008-04-08 18:59 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-07 20:34 . 2008-04-07 20:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 20:04 . 2008-04-07 20:04 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-06 19:18 . 2008-04-06 19:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-06 19:18 . 2008-04-06 19:44 4,642 --a------ C:\WINDOWS\unins000.dat
2008-04-06 17:55 . 2008-04-12 10:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 17:55 . 2008-04-12 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 16:12 . 2008-04-06 16:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 15:08 . 2008-04-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 15:07 . 2008-04-06 18:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\SUPERAntiSpyware.com
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-06 13:36 . 2008-04-06 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-06 10:33 . 2008-04-08 08:01 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\TmpRecentIcons
2008-04-05 23:04 . 2008-04-08 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjobmnsx
2008-04-02 16:44 . 2008-04-02 16:44 <DIR> d-------- C:\Documents and Settings\Keith\Application Data\towers_pc
2008-03-30 11:39 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-03-30 11:38 . 2008-03-30 11:39 <DIR> d-------- C:\Program Files\Strawberry Shortcake
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 22:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 16:41 5,483 ----a-w C:\WINDOWS\java\Packages\SGR93XF7.ZIP
2008-04-13 16:41 3,113,844 ----a-w C:\WINDOWS\java\Packages\7RDBTZRX.ZIP
2008-04-12 14:19 --------- d-----w C:\Program Files\BFG
2008-04-12 13:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-12 13:56 --------- d-----w C:\Program Files\Symantec
2008-04-12 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-11 17:11 5,483 ----a-w C:\WINDOWS\java\Packages\5BN77H3T.ZIP
2008-04-11 17:11 2,998,092 ----a-w C:\WINDOWS\java\Packages\CC60Y7PZ.ZIP
2008-04-11 00:39 --------- d-----w C:\Program Files\Oberon Media
2008-04-11 00:38 5,483 ----a-w C:\WINDOWS\java\Packages\8HBDRBF3.ZIP
2008-04-11 00:38 2,679,460 ----a-w C:\WINDOWS\java\Packages\Z5ZZ9VB3.ZIP
2008-04-10 01:13 5,483 ----a-w C:\WINDOWS\java\Packages\JNFNLVPN.ZIP
2008-04-10 01:13 2,488,744 ----a-w C:\WINDOWS\java\Packages\6CK5VJPR.ZIP
2008-04-09 19:59 5,483 ----a-w C:\WINDOWS\java\Packages\W0BXNTZ7.ZIP
2008-04-09 19:59 1,946,947 ----a-w C:\WINDOWS\java\Packages\QAXZRJBF.ZIP
2008-04-09 19:35 2,018,968 ----a-w C:\WINDOWS\java\Packages\UT3DBV5B.ZIP
2008-04-09 19:35 14,138 ----a-w C:\WINDOWS\java\Packages\SW93HVPR.ZIP
2008-04-06 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-04-06 22:51 --------- d-----w C:\Program Files\Ahead
2008-04-06 22:35 --------- d-----w C:\Program Files\Google
2008-04-06 22:05 --------- d-----w C:\Program Files\Yahoo!
2008-04-06 19:20 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-04-06 19:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 19:02 --------- d-----w C:\Documents and Settings\Keith\Application Data\Lavasoft
2008-04-06 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-02 17:15 1,474,504 ----a-w C:\WINDOWS\java\Packages\6BHNVDN5.ZIP
2008-04-02 16:32 2,662,551 ----a-w C:\WINDOWS\java\Packages\8LFT7Z57.ZIP
2008-04-01 16:54 2,521,594 ----a-w C:\WINDOWS\java\Packages\UXBZH33T.ZIP
2008-03-30 23:52 3,495,221 ----a-w C:\WINDOWS\java\Packages\DBFLVF53.ZIP
2008-03-30 23:42 3,026,983 ----a-w C:\WINDOWS\java\Packages\RZZBDB3N.ZIP
2008-03-28 22:15 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2008-03-27 17:39 2,416,174 ----a-w C:\WINDOWS\java\Packages\SMDBZX3D.ZIP
2008-03-25 16:59 --------- d-----w C:\Documents and Settings\Keith\Application Data\funkitron
2008-03-24 23:47 2,341,860 ----a-w C:\WINDOWS\java\Packages\NNBRFB37.ZIP
2008-03-24 01:30 --------- d-----w C:\Documents and Settings\Keith\Application Data\iWin
2008-03-19 09:47 1,845,248 ----a-w C: