ComboFix log:
ComboFix 08-03-14.4 - Admin 2008-03-19 15:58:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.627 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.
2008-03-19 15:49 . 2008-03-19 15:49 <DIR> d-------- C:\Program Files\CCleaner
2008-03-17 19:34 . 2008-03-17 19:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-17 19:33 . 2008-03-17 19:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-17 19:33 . 2008-03-17 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-17 16:54 . 2008-03-17 16:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-03-14 06:13 . 2008-03-14 06:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 06:12 . 2008-03-14 06:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 06:00 . 2008-03-14 06:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-03-14 04:14 . 2008-03-14 04:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-14 04:14 . 2008-03-14 04:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 01:59 . 2008-03-19 15:44 4,374 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-14 01:56 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-14 01:53 . 2008-02-06 09:51 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-14 01:53 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-14 01:53 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-14 01:53 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-14 01:53 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-14 01:52 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-03-14 01:51 . 2008-03-14 01:52 <DIR> d-------- C:\Program Files\McAfee.com
2008-03-14 01:51 . 2008-03-14 02:01 <DIR> d-------- C:\Program Files\McAfee
2008-03-14 01:51 . 2008-03-14 01:56 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-03-14 01:16 . 2008-03-14 01:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-14 01:02 . 2008-03-14 01:02 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-03-14 00:44 . 2007-12-06 22:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-14 00:44 . 2007-06-30 23:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-14 00:44 . 2007-06-30 23:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-14 00:44 . 2007-12-06 22:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-14 00:44 . 2007-12-06 22:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-14 00:44 . 2007-12-06 22:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-14 00:44 . 2007-12-06 22:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-14 00:44 . 2007-12-06 22:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-14 00:44 . 2007-12-06 07:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-14 00:40 . 2007-08-13 19:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-14 00:18 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-13 23:45 . 2008-03-14 00:58 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-13 23:29 . 2004-08-04 03:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-13 23:27 . 2008-03-17 18:17 <DIR> d-------- C:\WINDOWS\peernet
2008-03-13 23:26 . 2008-03-13 23:26 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-13 23:22 . 2006-09-06 18:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-13 23:20 . 2008-03-13 23:20 <DIR> d-------- C:\WINDOWS\EHome
2008-03-13 23:17 . 2004-08-04 01:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-03-13 23:17 . 2004-08-02 15:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-03-13 23:17 . 2004-08-02 15:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-03-13 23:06 . 2008-03-13 23:06 215 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-13 23:02 . 2004-08-04 03:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-03-13 23:02 . 2004-08-04 03:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-03-13 23:02 . 2004-08-04 03:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-03-13 23:02 . 2004-08-04 03:56 77,312 --a------ C:\WINDOWS\system32\browser.dll
2008-03-13 23:02 . 2007-03-08 11:36 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2008-03-13 22:56 . 2004-08-04 03:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-03-13 22:52 . 2008-03-13 23:01 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-03-13 22:52 . 2008-03-13 22:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-13 22:52 . 2004-01-10 01:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-03-13 22:44 . 2008-03-13 22:44 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-08 00:02 . 2008-03-08 00:02 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData
2008-03-08 00:02 . 2004-08-04 03:56 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-03-08 00:02 . 2004-08-04 03:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-08 00:02 . 2004-08-04 03:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-08 00:02 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-03-08 00:02 . 2004-08-04 03:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-03-07 23:04 . 2008-03-07 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-03-07 23:01 . 2008-03-07 23:01 61,224 --a------ C:\Documents and Settings\Bailey\GoToAssistDownloadHelper.exe
2008-03-07 22:01 . 2008-03-07 22:01 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-03-07 21:41 . 2008-03-14 01:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-07 21:41 . 2008-03-14 21:08 2,430 --a------ C:\WINDOWS\WinInit.Ini
2008-03-05 22:34 . 2008-03-07 10:37 0 ---hs---- C:\Documents and Settings\Bailey\Application Data\
0047cf333f146ee683017927e4c506bb6ccc0fb8840ba1e2bc.dat
2008-03-05 19:50 . 2008-03-14 05:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-05 19:45 . 2008-03-05 19:45 <DIR> d-------- C:\WINDOWS\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-14 10:14 --------- d-----w C:\Program Files\Lavasoft
2008-03-14 10:14 --------- d-----w C:\Documents and Settings\Bailey\Application Data\Lavasoft
2008-03-14 09:03 --------- d-----w C:\Program Files\Sync Manager
2008-03-14 08:09 --------- d-----w C:\Program Files\Opera
2008-03-08 04:01 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\Gtek
2008-02-28 21:38 --------- d-----w C:\Documents and Settings\Bailey\Application Data\LimeWire
2008-02-06 00:44 --------- d-----w C:\Program Files\MySpace
2008-02-06 00:44 --------- d-----w C:\Program Files\AIM
2008-02-06 00:44 --------- d-----w C:\Documents and Settings\Bailey\Application Data\Aim
.
((((((((((((((((((((((((((((( snapshot@2008-03-16_20.32.35.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 07:56:45 151,552 -c--a-w C:\WINDOWS\system32\dllcache\sqldb20.dll
+ 2004-08-04 07:56:45 462,848 -c--a-w C:\WINDOWS\system32\dllcache\sqlqp20.dll
+ 2004-08-04 07:56:45 110,592 -c--a-w C:\WINDOWS\system32\dllcache\sqlse20.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Bailey^Start Menu^Programs^Startup^Morpheus.lnk]
path=C:\Documents and Settings\Bailey\Start Menu\Programs\Startup\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bailey^Start Menu^Programs^Startup^RABCO - Auto Update.lnk]
path=C:\Documents and Settings\Bailey\Start Menu\Programs\Startup\RABCO - Auto Update.lnk
backup=C:\WINDOWS\pss\RABCO - Auto Update.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-07-13 22:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMon]
C:\WINDOWS\System32\CTF\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 22:57 395776 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 16:45 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-06-18 01:24 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2004-06-18 01:24 131072 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2005-02-25 20:28 212992 C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-11-07 19:14 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 15:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-10-12 04:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Agent]
C:\Program Files\Sync Manager\agent\syncagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-01-19 13:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"MDM"=2 (0x2)
"helpsvc"=2 (0x2)
"Browser"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 05:40:33 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-14 05:52:20 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-19 15:59:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-19 16:00:37
ComboFix-quarantined-files.txt 2008-03-19 20:00:28
ComboFix2.txt 2008-03-17 22:18:36
ComboFix3.txt 2008-03-17 00:32:56
.
2008-03-14 02:45:16 --- E O F ---
_________________________________________________
Malwarebytes log:
Malwarebytes' Anti-Malware 1.08
Database version: 471
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 85233
Time elapsed: 13 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP476\A0056623.ico (Malware.Trace) -> Quarantined and deleted successfully.
__________________________
Kaspersky log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 19, 2008 5:30:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/03/2008
Kaspersky Anti-Virus database records: 641323
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 59309
Number of viruses found: 14
Number of infected objects: 60
Number of suspicious objects: 0
Duration of the scan process: 00:39:56
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\25d03aae.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca35a016dac51183e2c70be62f6d20a1_69fa0b1a-cab7-429f-a7f1-963a38acac37 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d220f653baf1c6d00efd0b68a084eb7a_69fa0b1a-cab7-429f-a7f1-963a38acac37 Object is locked skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file6 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.exe Inno: infected - 5 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file6 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\All Users\Documents\my docs\DOWNLOAD\vnc-E4_2_7-x86_win32.rar RAR: infected - 6 skipped
C:\Documents and Settings\Bailey\Application Data\Opera\Opera\profile\cache4\opr0RTTL.htm/packed Infected: not-a-virus:Downloader.JS.WinFixer.a skipped
C:\Documents and Settings\Bailey\Application Data\Opera\Opera\profile\cache4\opr0RTTL.htm GZIP: infected - 1 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.exe/file6 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.exe Inno: infected - 5 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe/file6 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.rar/vnc-E4_2_7-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Bailey\My Documents\DOWNLOAD\vnc-E4_2_7-x86_win32.rar RAR: infected - 6 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\RealVNC\VNC4\vncclipboard.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\QooBox\Quarantine\C\2107xg.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.ah skipped
C:\QooBox\Quarantine\C\Documents and Settings\Bailey\Application Data\CURITY~1\sрoolsv.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\QooBox\Quarantine\C\Documents and Settings\Bailey\Application Data\evjhv.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.ah skipped
C:\QooBox\Quarantine\C\WINDOWS\FNTS~1\dνdplay.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\enhsbbtn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hwyvepim.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nptqkigh.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.ajx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ptryiiyj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sblnycuq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wqwqvtxu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-16_203129.56.zip/fsvgaa.sys Infected: Rootkit.Win32.Agent.to skipped
C:\QooBox\Quarantine\catchme2008-03-16_203129.56.zip/mllmj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-16_203129.56.zip ZIP: infected - 2 skipped
C:\RECYCLER\S-1-5-21-725345543-1078145449-839522115-1003\Dc94\Content.IE5\45QRG5MZ\ctxad-546[1].0000 Infected: not-a-virus:AdWare.Win32.BetterInternet.cl skipped
C:\RECYCLER\S-1-5-21-725345543-1078145449-839522115-1003\Dc94\Content.IE5\WPUZ016R\ctxad-536[1].0000 Infected: not-a-virus:AdWare.Win32.BetterInternet.ct skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP470\A0056123.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP470\A0056124.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP470\A0056125.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP475\A0056417.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP475\A0056418.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP475\A0056419.dll Infected: not-a-virus:AdWare.Win32.Agent.ajx skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP475\A0056420.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP475\A0056421.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP475\A0056422.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP476\A0056537.exe Infected: Trojan-Downloader.Win32.FraudLoad.ah skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP476\A0056538.exe Infected: Trojan-Downloader.Win32.FraudLoad.ah skipped
C:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP478\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B5668997-8547-4972-831E-945332494A40}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_liDd7k5AuLgaxJL Object is locked skipped
C:\WINDOWS\Temp\mcafee_VD39DcsKh9OXdm7 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_gYclCtiSr8LMVAr Object is locked skipped
C:\WINDOWS\Temp\mcmsc_KveShu7DesMVe2o Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP478\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{7B7A5753-97E7-4880-B884-EE2453BDAA19}\RP478\change.log Object is locked skipped
Scan process completed.
_____________________________________
new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:48 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\HJT\remove.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://url.adtrgt.com/cpv.jsp?p=112194& ... Id=7155727R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 4946006875O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7723 bytes