First, I note that I am currently unable to remove the C:\JunkCrap folder. When I try to delete C:\JunkCrap\2d54cd5d5ba8bb75e61d762d149f\update, I encounter a popup which states: Cannot delete update: Access is denied. I think I might need to run chkdsk when this is finished.
OK. First the ComboFix log:ComboFix 09-01-01.02 - Noelle Rogers 2009-01-02 14:55:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1304 [GMT -5:00]
Running from: c:\documents and settings\Noelle Rogers\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Noelle Rogers\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1241215004.mtx
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-972954791.mtj&p2=1&p3=04100678288468276007578020140489&p4=16777217
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1233786184.mtx
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1355542221.mts
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-299397824.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1054459834.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1624992797.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1787670083.mtj&p2=1&p3=04100678288468276007578020140489&p4=0
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1991437604.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\491187006.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1506031361.mtj&p2=1&p3=04100678288468276007578020140489&p4=0
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-783162965.mtz
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1859761695.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\661418450.mtj&p2=1&p3=04100678288468276007578020140489&p4=0
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\848576915.mtj&p2=1&p3=04100678288468276007578020140489&p4=0
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1677271153.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1850579979.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-685907362.mtj&p2=1&p3=04100678288468276007578020140489&p4=0
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-876313420.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1440734358.mtj&p2=1&p3=04100678288468276007578020140489&p4=0
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1597059514.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\670487064.swf
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\918180575.mtj&p2=1&p3=04100678288468276007578020140489&p4=0
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\Noelle Rogers\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\WaveletReader.dll
c:\windows\system32\hikemavi.dll
c:\windows\system32\sazuduwe.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.
2009-01-01 13:28 . 2009-01-01 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-26 15:52 . 2008-12-26 15:52 <DIR> d-------- c:\documents and settings\Noelle Rogers\Application Data\GTek
2008-12-26 14:34 . 2008-12-26 14:34 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 14:01 . 2008-12-26 14:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Citrix
2008-12-26 13:26 . 2008-12-26 13:26 61,224 --a------ c:\documents and settings\Noelle Rogers\GoToAssistDownloadHelper.exe
2008-12-26 12:59 . 2008-12-26 12:59 <DIR> d-------- c:\documents and settings\Noelle Rogers\Application Data\McAfee
2008-12-26 12:00 . 2008-12-26 12:00 <DIR> d-------- c:\windows\McAfee.com
2008-12-26 11:11 . 2008-12-26 11:30 <DIR> d-------- C:\JunkCrap
2008-12-20 10:58 . 2008-12-20 11:01 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-20 10:58 . 2008-12-20 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 10:37 . 2008-12-20 10:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-17 13:02 . 2008-12-12 12:01 3,067,904 --a------ c:\windows\system32\SET135.tmp
2008-12-02 04:49 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 16:21 --------- d-----w c:\documents and settings\Noelle Rogers\Application Data\Skype
2009-01-02 16:20 --------- d-----w c:\program files\mIRC
2009-01-02 12:45 --------- d-----w c:\documents and settings\NetworkService\Application Data\SACore
2009-01-02 12:43 --------- d-----w c:\program files\Steam
2009-01-01 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-01 18:32 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-20 15:51 --------- d-----w c:\program files\Java
2008-12-18 06:20 --------- d-----w c:\program files\GemMaster
2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 15:03 --------- d-----w c:\program files\McAfee
2008-12-09 21:57 11,388 ----a-w c:\documents and settings\Noelle Rogers\Application Data\wklnhst.dat
2008-11-28 11:28 --------- d-----w c:\documents and settings\Noelle Rogers\Application Data\dvdcss
2008-11-25 22:31 --------- d-----w c:\program files\AIM6
2008-11-25 22:30 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-25 22:29 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-13 22:45 99,408 ----a-w c:\documents and settings\Noelle Rogers\Application Data\GDIPFONTCACHEV1.DAT
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-16 01:00 666,112 ------w c:\windows\system32\dllcache\wininet.dll
2008-10-16 01:00 619,520 ------w c:\windows\system32\dllcache\urlmon.dll
2008-10-16 01:00 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
.
((((((((((((((((((((((((((((( snapshot@2009-01-01_14.07.53.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-01 16:49:47 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 17:20:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-01 16:49:47 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 17:20:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-01 16:49:47 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 17:20:03 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 13:29:52 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1250.dat
+ 2009-01-02 11:36:04 16,384 ----atw c:\windows\temp\Perflib_Perfdata_998.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-28 23458344]
"Steam"="c:\program files\steam\steam.exe" [2008-11-26 1410296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-13 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-27 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-27 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-01-27 102400]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcods.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
R1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\drivers\VCdRom.sys [2007-10-10 8576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-04 206096]
S3 iComp;HP Analog TV Tuner;c:\windows\system32\DRIVERS\p2usbwdm.sys [2006-03-17 1544704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a43ae7ed-d356-11dd-b0a0-001636db8edb}]
\Shell\AutoRun\command - F:\CA_EdgeLitemobile.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daee8a71-be2d-11db-aeca-001636db8edb}]
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - F:\portablevaultaes.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.livejournal.com/uInternet Connection Wizard,ShellNext =
hxxp://h20239.www2.hp.com/techcenter/HP ... scheck.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
FF - ProfilePath - c:\documents and settings\Noelle Rogers\Application Data\Mozilla\Firefox\Profiles\ugosvz8k.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.livejournal.com/FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-02 14:56:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-02 14:57:39
ComboFix-quarantined-files.txt 2009-01-02 19:57:23
ComboFix2.txt 2009-01-01 19:08:58
Pre-Run: 10,865,889,280 bytes free
Post-Run: 10,845,614,080 bytes free
265 --- E O F --- 2008-12-20 20:58:51
Then the new HijackThis logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:24 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.livejournal.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://h20239.www2.hp.com/techcenter/HP ... scheck.htmO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone:
http://*.mcafee.comO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cabO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 11183 bytes
Is there anything left?
Regards,
Thomas