Ok, below are the combofix and hijack logs. Also, I've posted the results of the Kaspersky scan of my X drive. It finally finished after 21 hours!
Looks like most of the files are outlook files.
ComboFix 08-08-23.03 - gerrym 2008-08-25 17:25:04.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2768 [GMT -7:00]
Running from: C:\Documents and Settings\gerrym\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\gerrym\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\cfexfst.sys
.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
2008-08-20 19:27 . 2008-08-20 19:27 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-20 19:26 . 2008-08-20 19:26 <DIR> d-------- C:\Program Files\iTunes
2008-08-20 19:26 . 2008-08-20 19:26 <DIR> d-------- C:\Program Files\iPod
2008-08-20 19:24 . 2008-08-20 19:24 <DIR> d-------- C:\Program Files\Bonjour
2008-08-17 05:43 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-17 05:42 . 2008-08-17 05:42 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-16 09:27 . 2008-08-16 11:21 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-13 20:27 . 2008-05-01 07:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 20:26 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 22:24 . 2008-08-12 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-09 10:38 . 2008-08-09 10:38 <DIR> d-------- C:\Deckard
2008-08-08 22:52 . 2008-04-13 17:12 14,336 --a------ C:\WINDOWS\system32\svchost.exe
2008-08-08 22:52 . 2008-04-13 17:12 14,336 --a------ C:\WINDOWS\system32\dllcache\svchost.exe
2008-08-08 21:03 . 2008-08-08 21:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 20:12 . 2008-08-14 19:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-08 20:12 . 2008-08-14 19:58 <DIR> d-------- C:\Documents and Settings\gerrym\Application Data\SUPERAntiSpyware.com
2008-08-08 20:12 . 2008-08-08 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-07 21:57 . 2008-08-07 21:57 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-07 21:57 . 2008-08-07 21:57 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-07 21:57 . 2008-08-07 21:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-07 21:57 . 2008-08-07 21:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-07 21:54 . 2008-08-07 21:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-07 21:42 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-06 20:00 . 2008-08-06 20:06 <DIR> d-------- C:\sdat
2008-08-06 20:00 . 2008-08-06 20:00 63,186,610 --a------ C:\sdat5355.exe
2008-08-06 19:25 . 2008-08-06 19:25 61,224 --a------ C:\Documents and Settings\gerrym\GoToAssistDownloadHelper.exe
2008-08-06 19:24 . 2008-08-06 19:24 <DIR> d-------- C:\Documents and Settings\gerrym\Application Data\McAfee
2008-08-04 20:45 . 2008-08-24 09:14 15,907 --a------ C:\WINDOWS\system32\Config.MPF
2008-08-04 20:42 . 2008-08-04 20:42 <DIR> d-------- C:\Program Files\McAfee.com
2008-08-04 20:42 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-08-04 20:42 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-08-04 20:42 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-08-04 20:42 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-08-04 20:42 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-08-04 20:42 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-08-04 20:41 . 2008-08-06 17:59 <DIR> d-------- C:\Program Files\McAfee
2008-08-04 20:41 . 2008-08-04 20:42 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-08-04 20:08 . 2008-08-08 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 12:51 --------- d-----w C:\Program Files\SpiralFrog
2008-08-17 12:43 --------- d-----w C:\Program Files\Java
2008-08-16 14:46 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-15 02:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-14 04:44 --------- d-----w C:\Program Files\MSN Messenger
2008-08-14 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-13 07:06 --------- d-----w C:\Documents and Settings\gerrym\Application Data\Yahoo!
2008-08-13 05:23 --------- d-----w C:\Program Files\Yahoo!
2008-08-13 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-08 05:36 14,336 ----a-w C:\WINDOWS\system32\svchostold.exe
2008-07-26 18:38 --------- d-----w C:\Program Files\QuickTime
2008-07-26 16:27 --------- d-----w C:\Program Files\WinFax
2008-07-14 01:40 --------- d-----w C:\Program Files\TiVo
2008-07-14 01:40 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-07-14 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\TiVo
2008-07-12 17:00 --------- d-----w C:\Program Files\radio SHARK
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 17:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((( snapshot_2008-08-14_ 7.34.22.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-21 02:27:02 102,400 ----a-r C:\WINDOWS\Installer\{3DE0053C-FD9A-483E-B7C9-B06E4392206E}\iTunesIco.exe
+ 2008-08-21 02:25:00 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe
+ 2008-08-21 02:28:00 27,136 ----a-r C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
- 2008-08-14 10:34:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-25 23:18:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-14 10:34:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-25 23:18:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-07-24 22:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2007-07-24 22:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
- 2008-02-22 08:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 08:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 09:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-07-27 21:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 21:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 02:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 19:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2008-02-11 16:39:26 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2008-02-11 16:39:18 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2008-02-08 20:53:46 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2008-02-05 15:48:04 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
- 2008-08-14 03:42:15 72,152 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-24 16:17:52 72,152 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-14 03:42:15 444,528 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-24 16:17:52 444,528 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-04-04 10:54 1193984]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2008-04-04 10:54 394240]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2008-04-04 10:56 1879552]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 03:00 98304]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.EXE" [2007-10-27 10:44 50528]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 05:34 69632]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2004-02-18 07:56 177152]
"HostManager"="C:\Program Files\Common Files\AOL\1192916523\ee\AOLSoftware.exe" [2007-05-25 10:16 42032]
"EPSON Stylus Photo R320 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 03:00 98304]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 10:21 116224]
"WFXSwtch"="C:\PROGRA~1\WinFax\WFXSWTCH.exe" [2002-10-15 18:42 27648]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 15:57 102400]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-19 07:15 7634944]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-19 07:15 86016]
"SpiralFrog"="C:\Program Files\SpiralFrog\Spiralfrog.exe" [2007-10-15 14:38 163128]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 10:19 15872]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 17:12 110592 C:\WINDOWS\system32\bthprops.cpl]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-10-15 18:42 45568 C:\WINDOWS\system32\WFXSNT40.EXE]
"nwiz"="nwiz.exe" [2007-03-19 07:15 1622016 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\gerrym\Start Menu\Programs\Startup\
radio SHARK Scheduler.lnk - C:\Program Files\radio SHARK\radioSHARKScheduler.exe [2006-08-07 18:10:44 40960]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Controller.LNK - C:\Program Files\WinFax\WFXCTL32.EXE [2007-10-21 15:38:10 549376]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-16 01:39:06 67128]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "C:\PROGRA~1\WinFax\WfxSeh32.Dll" [1998-07-27 04:54 38400]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\aol\\1192916523\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Documents and Settings\\gerrym\\Desktop\\BL-NetCamera-EasyConfig.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 IFP300;iriver Internet Audio Player IFP-300;C:\WINDOWS\system32\DRIVERS\ifp300.sys [2004-03-29 18:28]
R2 TivoBeacon2;TiVo Beacon;C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-04-04 10:53]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 14:38]
R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-09-28 23:58]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2005-03-02 12:44]
R3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-10-09 13:52]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-10-09 18:04]
S3 SoundMovieServer;SoundMovieServer;C:\WINDOWS\system32\snmvtsvc.exe [2007-10-09 13:42]
.
Contents of the 'Scheduled Tasks' folder
2008-08-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-08-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-05 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-25 17:27:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-25 17:29:14
ComboFix-quarantined-files.txt 2008-08-26 00:28:54
ComboFix2.txt 2008-08-24 16:08:01
ComboFix3.txt 2008-08-16 14:30:04
ComboFix4.txt 2008-08-16 00:29:06
ComboFix5.txt 2008-08-26 00:24:12
Pre-Run: 7,816,753,152 bytes free
Post-Run: 7,846,813,696 bytes free
229 --- E O F --- 2008-08-08 05:24:14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:04 PM, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\AOL\1192916523\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\PDF Complete\pdfsaver.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\WinFax\WFXCTL32.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.1\shellmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192916523\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: radio SHARK Scheduler.lnk = C:\Program Files\radio SHARK\radioSHARKScheduler.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O15 - Trusted Zone:
http://*.mcafee.comO16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 2911433140O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDow ... eqlab2.cabO16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
http://www.kodakgallery.com/downloads/B ... ofupld.cabO16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) -
http://martinezfamily.viewnetcam.com:50 ... camera.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
--
End of file - 12748 bytes
=========== Kaspersky Scan ===========
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 24, 2008 16:20:21
Records in database: 1140664
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Folder:
X:\
Scan statistics:
Files scanned: 73059
Threat name: 7
Infected objects: 67
Suspicious objects: 5
Duration of the scan: 21:39:02
File name / Threat name / Threats count
X:\Computer Backups\033008\My Documents\LISA\!Email Backup\mailbox.pst Infected: Email-Worm.VBS.KakWorm 11
X:\Computer Backups\062208\My Documents\LISA\!Email Backup\mailbox.pst Infected: Email-Worm.VBS.KakWorm 11
X:\Computer Backups\DadsComputer_Jan2007\jose\Desktop\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
X:\Computer Backups\DadsComputer_Jan2007\jose\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2
X:\Computer Backups\DadsComputer_Jan2007\jose\Local Settings\Temporary Internet Files\Content.IE5\74P5FKSS\e-chords[1].exe Infected: not-a-virus:AdWare.Win32.SearchIt.o 1
X:\Computer Backups\DadsComputer_Jan2007\jose\Local Settings\Temporary Internet Files\Content.IE5\98NU7V9B\vnc-4_1_2-x86_win32[1].exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
X:\Computer Backups\DadsComputer_Jan2007\My Documents\LISA\!Email Backup\mailbox.pst Infected: Email-Worm.VBS.KakWorm 11
X:\Computer Backups\May_2007\Outlook_2005.pst Infected: Trojan-Spy.HTML.Bankfraud.ej 1
X:\Computer Backups\May_2007\Outlook_2005.pst Infected: Trojan-Spy.HTML.Paylap.ev 1
X:\Computer Backups\May_2007\Outlook_2005.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 3
X:\Computer Backups\100907\My Documents\LISA\!Email Backup\mailbox.pst Infected: Email-Worm.VBS.KakWorm 11
X:\Computer Backups\101907\My Documents\LISA\!Email Backup\mailbox.pst Infected: Email-Worm.VBS.KakWorm 11
X:\Computer Backups\DadsComp_2003\test1.zip Infected: not-virus:BadJoke.Win32.JepRuss 1
The selected area was scanned.