Thank you for the prompt reply. Following is a new HiJackThis logfile and the ComboFix logfile. One note to start: When I first started ComboFix, my McAfee software quarantined a file called EICAR_test_file. Other than that it asked me to allow a few registry changes while ComboFix was running, which I did. Logfiles follow:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:25 AM, on 05/03/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Taskbar Activate\TaskbarActivate.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\temp\HiJackThis\HJThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://mail.google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - Startup: Taskbar Activate.lnk = C:\Program Files\Taskbar Activate\TaskbarActivate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Open PasswordMaker -
file://C:\Program Files\PasswordMaker\passwordmaker.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Populate with Pass&wordMaker -
file://C:\Program Files\PasswordMaker\pop_stub.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PasswordMaker - {B6B02DCA-D060-4c03-A662-1FE7BA47AAB2} -
file://C:\Program Files\PasswordMaker\passwordmaker.html (HKCU)
O9 - Extra 'Tools' menuitem: Open PasswordMaker - {B6B02DCA-D060-4c03-A662-1FE7BA47AAB2} -
file://C:\Program Files\PasswordMaker\passwordmaker.html (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: cbXRLbAT - cbXRLbAT.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
--
End of file - 7716 bytes
#####################ComboFix Follows########################
ComboFix 08-05-01.3 - Rick 2008-05-03 9:00:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.552 [GMT -4:00]
Running from: C:\Documents and Settings\Rick\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cKknnnpo.ini
C:\WINDOWS\system32\cKknnnpo.ini2
C:\WINDOWS\system32\crlltwhj.dll
C:\WINDOWS\system32\gakbqxav.ini
C:\WINDOWS\system32\jhwtllrc.ini
C:\WINDOWS\system32\jxfyycpr.ini
C:\WINDOWS\system32\malrlvnm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnvlrlam.ini
C:\WINDOWS\system32\opnnnkKc.dll
C:\WINDOWS\system32\rpcyyfxj.dll
C:\WINDOWS\system32\vaxqbkag.dll
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.
2008-05-02 18:54 . 2008-05-02 18:54 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-05-02 11:53 . 2008-05-02 11:53 518,888 --a------ C:\temp\WindowsXP-KB884020-x86-enu.exe
2008-05-02 11:49 . 2008-05-02 11:49 8,548,984 --a------ C:\temp\Windows-KB890830-V1.40.exe
2008-05-02 11:18 . 2008-05-02 11:18 1,044,168 --a------ C:\WINDOWS\vbrun60sp5.exe
2008-05-02 11:16 . 2008-05-02 11:32 <DIR> d-------- C:\temp\HiJackThis
2008-05-02 11:16 . 2008-05-02 11:16 318,369 --a------ C:\temp\HiJackThis.zip
2008-05-02 11:06 . 2008-05-02 11:06 401,720 --a------ C:\temp\HiJackThis.exe
2008-05-02 09:50 . 2008-05-02 09:50 <DIR> d-------- C:\Program Files\Three Rings Design
2008-05-01 18:38 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-01 18:36 . 2008-05-02 09:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-01 18:35 . 2008-05-01 18:35 382,352 --a------ C:\Program Files\jxpiinstall.exe
2008-05-01 17:01 . 2008-05-01 17:01 1,409 --a------ C:\WINDOWS\system32\tmpEBE22.FOT
2008-05-01 17:01 . 2008-05-01 17:01 1,409 --a------ C:\WINDOWS\system32\tmpD6032.FOT
2008-05-01 17:01 . 2008-05-01 17:01 1,409 --a------ C:\WINDOWS\system32\tmpB4F22.FOT
2008-05-01 17:01 . 2008-05-01 17:01 1,409 --a------ C:\WINDOWS\system32\tmp99132.FOT
2008-05-01 17:01 . 2008-05-01 17:01 1,409 --a------ C:\WINDOWS\system32\tmp30132.FOT
2008-05-01 17:01 . 2008-05-01 17:01 1,409 --a------ C:\WINDOWS\system32\tmp1EF22.FOT
2008-04-29 09:43 . 2008-04-29 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\jkfabine
2008-04-13 10:32 . 2008-04-13 10:32 <DIR> d-------- C:\Program Files\New Folder (2)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 22:54 --------- d-----w C:\Documents and Settings\Rick\Application Data\Netscape
2008-05-02 17:04 --------- d-----w C:\Program Files\JustChecking
2008-05-02 16:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 16:20 --------- d-----w C:\Program Files\Nikon
2008-05-02 16:18 --------- d-----w C:\Program Files\Common Files\Nikon
2008-05-02 16:18 --------- d-----w C:\Documents and Settings\Rick\Application Data\Simple Star
2008-05-02 16:17 0 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-05-02 16:14 --------- d-----w C:\Program Files\FLVPlayer
2008-05-02 16:13 --------- d-----w C:\Program Files\Canon
2008-05-02 13:50 --------- d-----w C:\Program Files\Java
2008-04-29 01:06 --------- d-----w C:\Program Files\downloads
2008-04-17 14:48 --------- d-----w C:\Program Files\PSP
2008-03-13 00:56 1,879,376 -c--a-w C:\Program Files\zf5view.exe
2008-03-13 00:56 --------- d-----w C:\Program Files\Transaction Viewer
2008-02-12 21:43 382,352 -c--a-w C:\Program Files\jre-6u3-windows-i586-p-iftw.exe
2008-01-13 16:02 479,781 -c--a-w C:\Program Files\lolinst3038077.exe
2008-01-01 20:17 881,192 -c--a-w C:\Program Files\WGAPluginInstall.exe
2008-01-01 20:16 1,469,992 -c--a-w C:\Program Files\GenuineCheck.exe
2008-01-01 19:44 408,868 -c--a-w C:\Program Files\oleaut32.zip
2008-01-01 19:13 14,603,672 -c--a-w C:\Program Files\jre-6u3-windows-i586-p-s.exe
2008-01-01 19:09 382,352 -c--a-w C:\Program Files\jdk-6u3-windows-i586-p-iftw.exe
2007-10-28 22:30 636,192 -c--a-w C:\Program Files\DMSetup.exe
2007-09-19 12:21 1,164,456 -c--a-w C:\Program Files\install_flash_player.exe
2007-09-18 20:26 53,985,488 -c--a-w C:\Program Files\PCC15.3_b1239_Small_TMWebsite.exe
2007-08-27 21:53 2,124,162 -c--a-w C:\Program Files\3dfish394cn.exe
2007-08-27 21:42 10,474,201 -c--a-w C:\Program Files\SimAQUARIUM-V2.6-Complete.exe
2007-08-25 21:09 4,407,506 -c--a-w C:\Program Files\acdmpowertools.exe
2007-05-22 22:26 422,347 -c--a-w C:\Program Files\Copysafe.EXE
2007-01-17 00:39 283,960 -c--a-w C:\Program Files\dxwebsetup.exe
2006-11-27 02:38 1,602 -c--a-w C:\Program Files\counter.zip
2006-11-27 02:25 185,424 -c--a-w C:\Program Files\whcpscut.exe
2006-11-30 01:16 88 --sh--r C:\WINDOWS\system32\5659C8E32A.sys
2006-11-30 01:16 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEB8951F-0656-4DA2-82B1-DF33847B1D63}]
C:\WINDOWS\system32\opnnnkKc.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 20:04 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-20 19:37 282624]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 18:08 1347584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"combofix"="C:\WINDOWS\system32\CF21895.exe" [2004-08-04 08:00 388608]
C:\Documents and Settings\Rick\Start Menu\Programs\Startup\
Taskbar Activate.lnk - C:\Program Files\Taskbar Activate\TaskbarActivate.exe [2008-01-18 10:32:16 78848]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-30 07:51:50 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRLbAT]
cbXRLbAT.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QuickLink Mobile\\QuickLink Mobile.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\ScottradeElite\\Scottrader.exe"=
"C:\\Program Files\\Goto.Games\\NetGammon8\\NETGAMMON8.EXE"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:secure
"443:UDP"= 443:UDP:send
S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys []
S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys []
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2002-10-15 15:03]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2002-10-15 15:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-28 22:35:51 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-10-28 22:35:49 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2006-07-12 00:43:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-03 09:09:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2008-05-03 9:18:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-03 13:17:25
Pre-Run: 16,267,603,968 bytes free
Post-Run: 16,218,021,888 bytes free
188 --- E O F --- 2008-04-13 02:53:55
Thanks again. Please let me know what else I need to do.