I was not able to run the ESET online scan to completion. My system froze after it had run for quite some time. It had detected two “threats” but gave no meaningful information about them and no log was generated that I am aware of. My virus scanner was disabled and I did not touch the mouse or keyboard while it ran. I tried to re-run it, but it would not run. It gave me the following message: Can not get update. Is proxy configured? So I tried uninstalling ESET and tried to start it fresh. It would not run and gave me the same message. The logs from the other two steps follow.
HELPASST LOG:C:\Documents and Settings\Steve\Desktop\MalWare Tools\HelpAsst_mebroot_fix.exe
Sun 04/04/2010 at 22:16:09.34
HelpAssistant account was found to be Active ~ attempting to de-activate
Full Name Remote Desktop Help Assistant Account
Account active Yes
Local Group Memberships *Administrators
HelpAssistant successfully set Inactive
~~ Checking for termsrv32.dll ~~
termsrv32.dll present! ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll
~~ Checking firewall ports ~~
backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"9152:TCP"=-
"5326:TCP"=-
"5731:TCP"=-
"9962:TCP"=-
"8682:TCP"=-
"8683:TCP"=-
"5263:TCP"=-
"9026:TCP"=-
"7921:TCP"=-
"7922:TCP"=-
"3389:TCP"=-
backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"8682:TCP"=-
"8683:TCP"=-
"5263:TCP"=-
"9026:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"7921:TCP"=-
"7922:TCP"=-
"3389:TCP"=-
HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-2033143763-3021469003-3136413673-1005
~ No profile directory exists for S-1-5-21-2033143763-3021469003-3136413673-1005 ~
~ All HelpAssistant profiles removed from registry ~
~~ Checking mbr ~~
user & kernel MBR OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Status check on Sun 04/04/2010 at 22:17:13.54
Full Name Remote Desktop Help Assistant Account
Account active No
Local Group Memberships
~~ Checking mbr ~~
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86465EB8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\iaStor -> 0x86465eb8
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0x85fde330
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
~~ Checking for termsrv32.dll ~~
termsrv32.dll present!
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll
~~ Checking profile list ~~
No HelpAssistant profile in List
~~ Checking for HelpAssistant directories ~~
none found
~~ Checking firewall ports ~~
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
~~ EOF ~~
COMBOFIX LOG:ComboFix 10-03-29.04 - Steve 04/04/2010 22:25:11.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.563 [GMT -7:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.
2010-03-26 22:26 . 2010-03-26 22:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-20 20:05 . 2010-03-20 20:05 -------- d-----w- C:\HelpAsst_backup
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 05:36 . 2009-09-27 04:15 -------- d-----w- c:\documents and settings\Steve\Application Data\IM
2010-04-04 16:57 . 2010-03-12 07:46 439816 ----a-w- c:\documents and settings\Steve\Application Data\Real\Update\setup3.10\setup.exe
2010-04-03 00:05 . 2009-08-17 02:56 -------- d-----w- c:\program files\Verizon
2010-03-31 21:37 . 2009-09-21 03:07 -------- d-----w- c:\program files\McAfee
2010-03-31 06:22 . 2009-08-17 03:12 -------- d-----w- c:\program files\Common Files\Motive
2010-03-26 22:26 . 2005-06-04 23:02 -------- d-----w- c:\program files\Common Files\Java
2010-03-26 22:26 . 2010-03-26 22:26 503808 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6014ee1b-n\msvcp71.dll
2010-03-26 22:26 . 2010-03-26 22:26 348160 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6014ee1b-n\msvcr71.dll
2010-03-26 22:26 . 2010-03-26 22:26 499712 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6014ee1b-n\jmc.dll
2010-03-26 22:26 . 2010-03-26 22:26 61440 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-14b6677d-n\decora-sse.dll
2010-03-26 22:26 . 2010-03-26 22:26 12800 ----a-w- c:\documents and settings\Steve\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-14b6677d-n\decora-d3d.dll
2010-03-26 22:25 . 2005-06-04 23:02 -------- d-----w- c:\program files\Java
2010-03-13 05:11 . 2007-09-09 21:42 -------- d-----w- c:\documents and settings\Steve\Application Data\SolidWorks
2010-03-07 08:40 . 2005-06-27 02:04 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000002-00001102-00000004-20061102}.dat
2010-03-07 08:40 . 2005-06-27 02:04 384 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20061102}.dat
2010-03-06 05:35 . 2005-06-25 18:33 180608 ----a-w- c:\documents and settings\Steve\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 03:46 . 2010-03-06 03:46 36864 ----a-w- c:\documents and settings\Steve\Application Data\Autodesk\DWG TrueView 2010\R7\enu\ContextualTabSelectorRules.dll
2010-03-06 02:51 . 2010-03-06 02:51 311888 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-06 02:38 . 2010-03-06 02:36 -------- d-----w- c:\program files\DWG TrueView 2010
2010-03-06 02:38 . 2008-03-21 22:54 -------- d-----w- c:\documents and settings\Steve\Application Data\Autodesk
2010-03-06 02:38 . 2008-03-21 22:47 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-03-06 02:36 . 2008-03-21 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-03-02 22:31 . 2010-03-02 22:31 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2010-03-02 22:31 . 2010-03-02 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 22:31 . 2010-03-02 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-28 03:31 . 2007-04-06 03:10 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-28 03:27 . 2010-02-28 03:27 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-28 03:26 . 2010-02-28 03:26 -------- d-----w- c:\program files\MSXML 6.0
2010-02-25 01:09 . 2010-02-25 01:09 -------- d-----w- c:\documents and settings\Steve\Application Data\SolidWorks 2009
2010-02-25 00:36 . 2010-02-24 23:35 -------- d-----w- c:\program files\SolidWorks Corp
2010-02-25 00:35 . 2010-02-24 23:36 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-02-25 00:34 . 2010-02-25 00:34 335872 ----a-r- c:\documents and settings\Steve\Application Data\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\NewShortcut2_5135BE5531E34696827B50FE43E48CC2_1.exe
2010-02-25 00:34 . 2010-02-25 00:34 335872 ----a-r- c:\documents and settings\Steve\Application Data\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\NewShortcut1_5135BE5531E34696827B50FE43E48CC2_1.exe
2010-02-25 00:34 . 2010-02-25 00:34 335872 ----a-r- c:\documents and settings\Steve\Application Data\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\ARPPRODUCTICON.exe
2010-02-24 23:35 . 2008-03-21 22:54 -------- d-----w- c:\program files\AutoCAD 2007
2010-02-24 23:35 . 2010-02-24 23:35 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-24 23:35 . 2010-02-24 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SolidWorks
2010-02-24 23:30 . 2009-09-27 04:17 -------- d-----w- c:\program files\Common Files\SolidWorks Installation Manager
2010-02-11 04:44 . 2009-07-09 20:51 -------- d-----w- c:\documents and settings\Steve\Application Data\ZoomBrowser EX
2010-02-11 04:43 . 2009-07-09 20:50 -------- d-----w- c:\documents and settings\Steve\Application Data\CameraWindowDC
2010-01-08 00:07 . 2010-03-02 22:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-03-02 22:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"UpdateFlow.Verizon"="c:\program files\Verizon\McciBrowser.exe" [2010-03-17 1048576]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-10 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-06-30 7218472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-06-04 98304]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-05-10 11776]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"D-Link AirPlus Xtreme G"="c:\program files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-11-05 2502656]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 61440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-22 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
c:\documents and settings\Steve\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-6-4 156784]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-4 11000]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7921:TCP"= 7921:TCP:Services
"7922:TCP"= 7922:TCP:Services
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4528:TCP"= 4528:TCP:Services
"7556:TCP"= 7556:TCP:Services
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/20/2009 8:09 PM 93320]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 4:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 4:52 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 4:52 PM 166384]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\SYSTEM32\DRIVERS\A3AB.sys [6/26/2005 9:33 AM 344800]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9/9/2008 7:01 AM 79144]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 4:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 4:52 PM 1083888]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder
2009-09-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-21 19:22]
2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-21 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://www.dell4me.com/mywayuInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-04 22:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\sqlite_EXuXx5H3NfhX3MF 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86654DF0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7696fc3
\Driver\ACPI -> ACPI.sys @ 0xf74a9cb8
\Driver\atapi -> atapi.sys @ 0xf73d47b4
\Driver\iaStor -> 0x86654df0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0x85fed330
PacketIndicateHandler -> NDIS.sys @ 0xf7275a0b
SendHandler -> NDIS.sys @ 0xf7289b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4256)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTsvcCDA.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\rundll32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
c:\program files\Microsoft ActiveSync\WCESCOMM.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe
c:\docume~1\Steve\LOCALS~1\Temp\SolidWorksLicTemp.0001
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
c:\program files\Windows Desktop Search\WindowsSearchFilter.exe
.
**************************************************************************
.
Completion time: 2010-04-04 22:46:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-05 05:46
ComboFix2.txt 2010-04-02 23:26
ComboFix3.txt 2010-04-01 21:11
ComboFix4.txt 2010-03-29 17:43
ComboFix5.txt 2010-04-05 05:20
Pre-Run: 84,002,107,392 bytes free
Post-Run: 83,963,183,104 bytes free
- - End Of File - - EF7907625AE9FA67792682ED4FE13E07