Daughter hit a key by mistComboFix 08-01-18.5 - jaime 2008-01-18 20:29:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.229 [GMT -5:00]
Running from: C:\Documents and Settings\jaime\Local Settings\Temporary Internet Files\Content.IE5\9TM7MWH6\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\drivers\etc\.protected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.
2008-01-18 20:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 18:03 . 2008-01-18 18:03 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
2008-01-18 07:42 . 2008-01-18 07:42 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-18 07:41 . 2008-01-18 18:03 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-01-16 09:53 . 2008-01-17 19:55 3,772 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-15 21:56 . 2008-01-15 22:02 <DIR> d-------- C:\pebuilder3110a
2008-01-15 12:54 . 2008-01-15 12:54 <DIR> d-------- C:\Program Files\Drive Rescue
2008-01-14 13:53 . 2008-01-14 13:53 <DIR> d-------- C:\Program Files\Ss-Tools
2008-01-14 13:32 . 2008-01-14 13:33 45,983,065 --a------ C:\WINDOWS\Verify.reg
2008-01-14 13:30 . 2008-01-14 13:30 <DIR> d-------- C:\WINDOWS\Registry Drill
2008-01-14 12:45 . 2008-01-14 12:45 <DIR> d-------- C:\Documents and Settings\jaime\Application Data\Microsoft Web Folders
2008-01-14 12:44 . 2008-01-14 12:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 12:44 . 2008-01-14 12:44 <DIR> d-------- C:\Program Files\Avira
2008-01-14 12:44 . 2008-01-14 12:44 <DIR> d-------- C:\Documents and Settings\jaime\Application Data\Simply Super Software
2008-01-14 12:44 . 2008-01-14 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-14 03:02 . 2008-01-14 12:45 <DIR> d-------- C:\My Documents
2008-01-14 02:27 . 2008-01-14 12:32 <DIR> d-------- C:\Documents and Settings\jaime\Incomplete
2008-01-14 02:26 . 2008-01-14 12:32 <DIR> d-------- C:\Documents and Settings\jaime\Application Data\LimeWire
2008-01-14 01:18 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-14 01:18 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-14 01:18 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-14 01:18 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-14 01:18 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-14 01:00 . 2008-01-14 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 00:14 . 2008-01-14 12:44 <DIR> d-------- C:\Program Files\IOI
2008-01-14 00:11 . 2002-09-16 11:06 266,240 --------- C:\WINDOWS\system32\shpshftr.dll
2008-01-14 00:11 . 2003-12-14 19:21 69,632 --------- C:\WINDOWS\system32\oemdspif.dll
2008-01-14 00:11 . 2003-12-29 04:20 9,358 --------- C:\WINDOWS\system32\ikch8xx.cat
2008-01-14 00:11 . 2003-12-29 04:20 9,354 --------- C:\WINDOWS\system32\isb8xx.cat
2008-01-14 00:11 . 2003-12-29 04:20 9,352 --------- C:\WINDOWS\system32\wa301b.cat
2008-01-14 00:11 . 2003-12-29 04:20 9,352 --------- C:\WINDOWS\system32\wa301a.cat
2008-01-14 00:11 . 2003-12-29 04:20 9,340 --------- C:\WINDOWS\system32\vch.cat
2008-01-14 00:02 . 2008-01-14 00:03 95,461,618 --a------ C:\WINDOWS\Backup.reg
2008-01-13 23:42 . 2008-01-13 23:42 655 --a------ C:\WINDOWS\Winsafe.res
2008-01-13 23:41 . 2008-01-15 19:29 183 --a------ C:\Boot.ini
2008-01-13 23:40 . 2008-01-14 12:44 <DIR> d---s---- C:\WINDOWS\WinSafe
2008-01-13 23:39 . 1997-01-20 15:12 71,680 --a--c--- C:\WINDOWS\ST5UNST.EXE
2008-01-13 23:39 . 2000-01-29 00:39 40,960 --a--c--- C:\WINDOWS\system32\VB5StKit.dll
2008-01-13 22:09 . 2008-01-13 22:09 <DIR> d-------- C:\Documents and Settings\user\Application Data\McAfee
2008-01-13 22:00 . 2008-01-18 20:34 7,090 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-13 21:58 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-13 21:58 . 2007-06-25 14:54 71,496 --a--c--- C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-01-13 21:58 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-01-13 21:58 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-01-13 21:58 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-01-13 21:57 . 2008-01-13 21:57 <DIR> d-------- C:\Program Files\McAfee.com
2008-01-13 21:57 . 2008-01-18 07:11 <DIR> d-------- C:\Program Files\McAfee
2008-01-13 21:57 . 2008-01-13 21:59 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-13 21:57 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-01-13 21:50 . 2008-01-13 22:03 <DIR> d-------- C:\Documents and Settings\jaime\Application Data\McAfee
2008-01-13 21:36 . 2008-01-13 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-13 21:27 . 2008-01-13 21:27 <DIR> d-------- C:\Documents and Settings\jaime\Application Data\SUPERAntiSpyware.com
2008-01-13 21:27 . 2008-01-13 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-13 19:01 . 2008-01-13 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage(5)
2008-01-13 18:25 . 2008-01-13 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage(4)
2008-01-13 18:18 . 2008-01-13 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage(3)
2008-01-13 18:04 . 2008-01-14 00:17 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-01-13 17:51 . 2008-01-13 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage(2)
2008-01-13 17:50 . 2008-01-13 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-13 17:49 . 2008-01-13 21:26 2,608 --a------ C:\WINDOWS\system32\settings.aaw
2008-01-13 17:49 . 2008-01-13 21:26 816 --a------ C:\WINDOWS\system32\history.aaw
2008-01-13 17:39 . 2008-01-13 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 01:33 --------- d-----w C:\Program Files\Weather Watcher
2008-01-18 15:26 --------- d-----w C:\Program Files\Winamp
2008-01-17 01:27 --------- d-----w C:\Program Files\Trend Micro
2008-01-14 18:57 --------- d-----w C:\Program Files\RegScrubXP
2008-01-14 17:46 --------- d-----w C:\Program Files\support.com
2008-01-14 17:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-14 17:44 --------- d-----w C:\Program Files\Lavasoft
2008-01-14 17:44 --------- d-----w C:\Program Files\Common Files\L&H
2008-01-14 08:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-14 02:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-14 02:26 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-03 00:41 --------- d-----w C:\Program Files\Video Card Stability Test
2007-12-01 19:38 --------- d-----w C:\Program Files\LimeWire
2007-11-28 17:39 --------- d-----w C:\Program Files\FontPage
2007-11-25 20:26 --------- d-----w C:\Program Files\CleanCache 3.0
2007-11-21 08:45 --------- d-----w C:\Program Files\Atomic Clock Sync
2007-01-21 15:42 73,728 -c--a-w C:\Program Files\Driver Collector.exe
2006-12-19 14:03 277,746 -c--a-w C:\Program Files\Signature
2006-12-18 16:45 446,464 -c--a-w C:\Program Files\hashcheck.exe
2006-12-01 01:51 197,632 -c--a-w C:\Program Files\mscomctl.ocx
2006-11-23 20:10 4,526 -c--a-w C:\Program Files\pe2usb.cmd
2006-10-17 02:20 134,733 -c--a-w C:\Documents and Settings\user\Start Menu.zip
2006-09-05 23:30 5,032 -c--a-w C:\Program Files\!Start_Autobuild(click-me).cmd
2006-06-08 22:45 386 -c--a-w C:\Program Files\input.inf
2006-06-05 21:46 46,334 -c--a-w C:\Program Files\changes.txt
2006-04-09 01:33 6,616 -c--a-w C:\Program Files\UBCD4WinBuilder.txt
2006-03-05 20:42 360,054 -c--a-w C:\Program Files\UBCD4WinBuilder.bmp
2006-03-05 19:32 14,691 -c--a-w C:\Program Files\autobuild.cmd
2006-02-10 17:42 232 -c--a-w C:\Program Files\translations.txt
2006-01-23 18:06 73,279 -c--a-w C:\Program Files\UBCD4WinBuilder.inf
2005-11-30 19:18 165,413 -c--a-w C:\Program Files\mkisofs.exe
2005-11-29 13:55 411,648 -c--a-w C:\Program Files\StarBurn.dll
2005-03-02 14:50 7,774 -c--a-w C:\Program Files\pe2usb.txt
2005-02-16 00:34 29,926 -c--a-w C:\Program Files\UBCD4WinBuilder.ico
2005-02-10 17:36 512 -c--a-w C:\Program Files\pe2usb.bin
2005-01-03 17:46 7,356 -c--a-w C:\Program Files\bartpe.txt
2004-12-15 19:03 960,056 -c--a-w C:\Program Files\bartpe.bmp
2004-12-03 18:17 22,016 -c--a-w C:\Program Files\bartpe.exe
2004-11-29 00:36 214,024 -c--a-w C:\Program Files\supercollapse.exe
2004-11-28 23:15 15,930 -c--a-w C:\Program Files\xmcd2.zip
2004-11-28 23:05 201,496 -c--a-w C:\Program Files\xmcd.zip
2004-11-28 15:08 360,891 -c--a-w C:\Program Files\musiCutter0.7.1.zip
2004-11-27 04:58 73,329 -c--a-w C:\Program Files\cuemaster16.zip
2004-11-17 03:59 4,386,176 -c--a-w C:\Program Files\WinXP_EN_HOM_BF.EXE
2004-11-14 02:51 8,007,752 -c--a-w C:\Program Files\junoinst.exe
2004-11-11 19:04 18,701 -c--a-w C:\Program Files\gnugpl.txt
2004-10-04 01:00 2,020,143 -c--a-w C:\Program Files\iaa23_enu.exe
2004-09-10 07:01 220,508 -c--a-w C:\Program Files\mkisofs.org
2004-09-10 07:01 198,399 -c--a-w C:\Program Files\cdrecord.exe
2004-09-07 22:12 169,416 -c--a-w C:\Documents and Settings\user\Application Data\shb.dat
2004-08-04 04:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 20:05 1498032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [2007-09-24 07:23 1024000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-12-14 19:20 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-12-14 19:07 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03 81920]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-08-09 05:03 221184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 09:58 1773568]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 19:36 196608]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 15:54 65024 C:\WINDOWS\soundman.exe]
"PhoneTray"="C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe" [2007-06-15 12:54 430640]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"Dit.exe"="C:\WINDOWS\Dit.exe" [2002-09-05 13:14 69632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:59 44544]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-05-30 06:50:54]
PowerReg SchedulerV2.exe [2006-04-15 19:08:25]
C:\Documents and Settings\jaime\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
PowerReg Scheduler V3.exe [2006-05-30 06:50:54]
PowerReg SchedulerV2.exe [2006-04-15 19:08:25]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit.exe]
--a------ 2002-09-05 13:14 69632 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2003-11-01 09:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-02-09 15:54 65024 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"ERSvc"=2 (0x2)
S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys [2004-07-08 12:12]
S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\5a8d49f7-96b2-4d94-a104-38ec761bd98a]
C:\WINDOWS\system32\ppmahm.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 15:00:01 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-01-02 09:00:01 C:\WINDOWS\Tasks\Disk Defragmenter.job"
- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk
"2008-01-15 06:21:39 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-14 02:57:42 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-18 20:35:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-01-18 20:41:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 01:41:04
.
2007-12-15 01:35:27 --- E O F --- ake. Thanks again, jberd99usa. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:59 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Dit.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Dit.exe] C:\WINDOWS\Dit.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} -
http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7973 bytes
Login 
General Security 
Search 
Facebook
Twitter
TechGuy.tv
TSG Mobile