Thanks for your patience!
Combofix:
ComboFix 08-03-30.2 - User1 2008-03-30 22:38:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.149 [GMT -4:00]
Running from: C:\Documents and Settings\User1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User1\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\system32\cpmsky.dll
C:\WINDOWS\system32\nsaB.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cpmsky.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-29 09:06 . 2008-03-29 09:06 <DIR> d-------- C:\Program Files\CCleaner
2008-03-28 18:49 . 2008-03-28 18:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-25 14:56 . 2008-03-25 14:56 <DIR> d-------- C:\Documents and Settings\User1\Application Data\dvdcss
2008-03-25 01:18 . 2008-03-25 01:18 <DIR> d-------- C:\Documents and Settings\User1\Application Data\vlc
2008-03-25 01:17 . 2008-03-25 01:17 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-24 10:54 . 2008-03-25 01:21 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-24 10:52 . 2008-03-24 10:52 17,144 --a------ C:\Documents and Settings\User1\Application Data\GDIPFONTCACHEV1.DAT
2008-03-23 17:23 . 2008-03-23 17:24 <DIR> d-------- C:\Program Files\BearShare
2008-03-23 17:23 . 2008-03-29 22:29 <DIR> d-------- C:\My Downloads
2008-03-23 16:11 . 2008-03-23 16:11 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-23 16:11 . 2008-03-24 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 20:54 . 2008-03-24 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 20:54 . 2008-03-22 20:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-21 09:56 . 2008-03-21 09:56 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-20 18:58 . 2008-03-20 18:58 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-20 15:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-20 15:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-20 15:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-20 09:08 . 2008-03-20 09:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-20 09:07 . 2008-03-20 09:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-20 09:07 . 2008-03-20 12:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-20 08:55 . 2007-07-27 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-20 01:34 . 2008-03-20 01:34 <DIR> d-------- C:\Documents and Settings\User1\Application Data\Talkback
2008-03-20 01:33 . 2008-03-20 01:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-20 00:32 . 2008-03-20 00:32 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-20 00:32 . 2008-03-20 00:32 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-03-20 00:11 . 2008-03-20 00:11 <DIR> d-------- C:\Program Files\Axon Data
2008-03-19 23:47 . 2008-03-19 23:47 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-19 22:49 . 2008-03-19 22:49 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-03-19 22:49 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-03-19 22:49 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-03-19 22:24 . 2008-03-19 22:24 <DIR> d-------- C:\Documents and Settings\User1\Application Data\InstallShield
2008-03-19 22:22 . 2008-03-19 22:24 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-19 22:22 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-03-19 22:22 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-03-19 22:22 . 2003-12-26 11:22 24,192 -ra------ C:\WINDOWS\system32\drivers\OLD4E7.tmp
2008-03-19 22:21 . 2008-03-19 22:21 92,064 --a------ C:\Documents and Settings\User1\mqdmmdm.sys
2008-03-19 22:21 . 2008-03-19 22:21 79,328 --a------ C:\Documents and Settings\User1\mqdmserd.sys
2008-03-19 22:21 . 2008-03-19 22:21 9,232 --a------ C:\Documents and Settings\User1\mqdmmdfl.sys
2008-03-19 22:21 . 2008-03-19 22:21 6,208 --a------ C:\Documents and Settings\User1\mqdmcmnt.sys
2008-03-19 22:21 . 2008-03-19 22:21 5,936 --a------ C:\Documents and Settings\User1\mqdmwhnt.sys
2008-03-19 22:21 . 2008-03-19 22:21 4,048 --a------ C:\Documents and Settings\User1\mqdmcr.sys
2008-03-19 22:20 . 2008-03-19 22:50 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-03-19 22:20 . 2008-03-20 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-19 22:20 . 2008-03-19 22:21 66,656 --a------ C:\Documents and Settings\User1\mqdmbus.sys
2008-03-19 22:20 . 2008-03-19 22:20 25,600 --a------ C:\Documents and Settings\User1\usbsermptxp.sys
2008-03-19 22:20 . 2008-03-19 22:20 22,768 --a------ C:\Documents and Settings\User1\usbsermpt.sys
2008-03-19 22:15 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-03-19 22:14 . 2008-03-19 22:15 <DIR> d-------- C:\Program Files\QuickTime
2008-03-19 22:14 . 2008-03-19 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-19 22:12 . 2008-03-19 22:12 <DIR> d-------- C:\WINDOWS\system32\color
2008-03-19 22:12 . 2008-03-19 22:12 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-03-19 22:12 . 2008-03-19 22:12 <DIR> d-------- C:\KPCMS
2008-03-19 22:09 . 2008-03-19 22:14 <DIR> d-------- C:\Program Files\Kodak
2008-03-19 22:09 . 2008-03-19 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-03-19 22:07 . 2008-03-19 22:07 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-03-19 22:07 . 2008-03-19 22:07 <DIR> d-------- C:\WINDOWS\Profiles
2008-03-19 22:07 . 2008-03-19 22:07 <DIR> d-------- C:\Documents and Settings\User1\Application Data\InterTrust
2008-03-19 22:07 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-19 22:06 . 2008-03-19 22:06 <DIR> d-------- C:\Program Files\Philips
2008-03-19 22:06 . 2008-03-19 22:07 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-03-19 22:06 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-03-19 22:06 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-03-19 22:05 . 2008-03-19 22:05 <DIR> d-------- C:\WINDOWS\PixArt
2008-03-19 22:05 . 2008-03-19 22:05 <DIR> d-------- C:\WINDOWS\Philips
2008-03-19 22:05 . 2008-03-19 22:06 <DIR> d-------- C:\Program Files\Common Files\SPC500NC
2008-03-19 22:05 . 2006-06-02 23:50 470,016 --a------ C:\WINDOWS\VPro500.exe
2008-03-19 22:05 . 2005-10-13 16:41 156,800 --a------ C:\WINDOWS\system32\drivers\SPC610NC.sys
2008-03-19 22:05 . 2005-10-27 13:23 101,888 --a------ C:\WINDOWS\system32\SPC610NC.ax
2008-03-19 22:05 . 2005-05-17 15:21 10,240 --a------ C:\WINDOWS\system32\SPC610NC.dll
2008-03-19 21:29 . 2008-03-19 21:29 <DIR> d-------- C:\Documents and Settings\User1\Contacts
2008-03-19 21:23 . 2008-03-19 22:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-19 21:05 . 2008-03-19 21:38 <DIR> d-------- C:\Program Files\Windows Live
2008-03-19 21:05 . 2008-03-19 21:21 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-19 21:05 . 2008-03-19 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-19 20:58 . 2008-03-30 16:32 12,067 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-19 20:57 . 2008-03-24 14:11 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-03-19 20:57 . 2008-03-30 11:25 <DIR> d-------- C:\Documents and Settings\User1\Application Data\SiteAdvisor
2008-03-19 20:57 . 2008-03-19 20:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-19 20:57 . 2008-03-30 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-19 20:56 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-19 20:55 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-19 20:55 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-19 20:55 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-19 20:55 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-19 20:55 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-19 20:55 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-19 20:54 . 2008-03-19 20:54 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-19 20:54 . 2008-03-30 16:31 <DIR> d-------- C:\Program Files\McAfee
2008-03-19 20:54 . 2008-03-19 20:55 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-19 20:30 . 2008-03-19 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-19 20:18 . 2008-03-19 20:19 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-03-19 20:07 . 2008-03-19 20:07 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-19 20:07 . 2008-03-19 20:07 376 --a------ C:\WINDOWS\ODBC.INI
2008-03-19 20:05 . 2008-03-19 20:06 <DIR> d-------- C:\WINDOWS\ShellNew
2008-03-16 13:09 . 2008-03-16 13:09 <DIR> d-------- C:\WINDOWS\Sun
2008-03-16 12:58 . 2008-03-16 12:58 <DIR> d-------- C:\Program Files\Java
2008-03-16 12:58 . 2008-03-16 12:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-16 12:58 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-16 12:40 . 2008-03-16 12:41 <DIR> d-------- C:\Documents and Settings\User1\Application Data\AVG7
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 02:15 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-03-29_ 9.23.42.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-29 12:32:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-31 00:49:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-29 12:32:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-31 00:49:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-29 12:32:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-31 00:49:44 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 08:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-01 22:05 344064]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 17:02 815104]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-19 22:15 77824]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPro500.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPro500.lnk
backup=C:\WINDOWS\pss\VPro500.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User1^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\User1\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 15:06]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 00:54:51 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-20 00:54:50 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-30 22:41:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-30 22:42:36
ComboFix-quarantined-files.txt 2008-03-31 02:42:26
ComboFix2.txt 2008-03-29 13:24:06
Pre-Run: 95,935,361,024 bytes free
Post-Run: 95,920,390,144 bytes free
.
2008-03-21 13:59:21 --- E O F ---
Malwarebytes:
Malwarebytes' Anti-Malware 1.09
Database version: 572
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 53584
Time elapsed: 18 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bca95e31-1fbf-4f84-8f23-1ba653007a1e} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 31, 2008 4:54:55 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/03/2008
Kaspersky Anti-Virus database records: 674426
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 30228
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 00:27:55
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{3FD00734-F1BC-47F1-A333-72597192093A}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{7EE988BF-361D-4DB9-B185-48EC65F0C25C}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR6.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User1\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Messenger\mhardie32@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Messenger\mhardie32@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Messenger\mhardie32@hotmail.com\SharingMetadata\Working\database_1254_31A2_5431_898D\dfsr.db Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Messenger\mhardie32@hotmail.com\SharingMetadata\Working\database_1254_31A2_5431_898D\fsr.log Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Messenger\mhardie32@hotmail.com\SharingMetadata\Working\database_1254_31A2_5431_898D\tmp.edb Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Windows Live Contacts\mhardie32@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Application Data\Microsoft\Windows Live Contacts\mhardie32@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\User1\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\History\History.IE5\MSHist012008033120080401\index.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Temp\sqlite_8rMPVDvScHALLEh Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Temp\~DF2492.tmp Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Temp\~DF24A0.tmp Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Temp\~DFC062.tmp Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Temp\~DFC073.tmp Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Temp\~DFC9FA.tmp Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User1\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User1\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080330-113801-897.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.ae skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cpmsky.dll.vir Infected: not-a-virus:AdWare.Win32.TrafficSol.ae skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C37A115A-4B1F-4C38-AF85-7592A841B5E0}\RP13\A0002039.dll Infected: not-a-virus:Downloader.Win32.AdLoad.b skipped
C:\System Volume Information\_restore{C37A115A-4B1F-4C38-AF85-7592A841B5E0}\RP39\A0004135.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.ae skipped
C:\System Volume Information\_restore{C37A115A-4B1F-4C38-AF85-7592A841B5E0}\RP39\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B0C96C20-4ACC-40EB-846E-4838843B8C21}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_3mkidEr2ZVM90pd Object is locked skipped
C:\WINDOWS\Temp\mcmsc_2j9TanyczAfAsYo Object is locked skipped
C:\WINDOWS\Temp\mcmsc_dGclHA913AYHgtk Object is locked skipped
C:\WINDOWS\Temp\mcmsc_hnYWsis0KoxDNl6 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_PAGiYkhlkYzghxo Object is locked skipped
C:\WINDOWS\Temp\sqlite_gKZOoMPQAMjqLW3 Object is locked skipped
C:\WINDOWS\Temp\sqlite_h2C7BRlh9ztDu7x Object is locked skipped
C:\WINDOWS\Temp\sqlite_SwNLbBnZROzO8bX Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{C37A115A-4B1F-4C38-AF85-7592A841B5E0}\RP39\change.log Object is locked skipped
Scan process completed.
Last, but not least, Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:22 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://sdlc-esd.sun.com/ESD39/JSCDL/jdk ... 586-jc.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: McAfee Application Installer Cleanup (0065651206954979) (0065651206954979mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\006565~1.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
--
End of file - 7890 bytes