ComboFix 10-04-14.01 - HP_Owner 04/14/2010 21:40:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.619 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
The following files were disabled during the run:
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server\ydtrxa.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\HP_Owner\LOCALS~1\Temp\csrss.exe
c:\docume~1\HP_Owner\LOCALS~1\Temp\svchost.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\documents and settings\HP_Owner\.COMMgr
c:\documents and settings\HP_Owner\agrsmmsg .exe
c:\documents and settings\HP_Owner\alcxmntr .exe
c:\documents and settings\HP_Owner\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\HP_Owner\Application Data\AntiVirus Plus
c:\documents and settings\HP_Owner\Application Data\AntiVirus Plus\AntiVirus Plus.55532.dll
c:\documents and settings\HP_Owner\Application Data\avp.ico
c:\documents and settings\HP_Owner\Application Data\FunWebProducts
c:\documents and settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk
c:\documents and settings\HP_Owner\Desktop\AntiVirus Plus.lnk
c:\documents and settings\HP_Owner\Local Settings\Application Data\Windows Server
c:\documents and settings\HP_Owner\Local Settings\Application Data\Windows Server\ydtrxa.dll
c:\documents and settings\HP_Owner\ntload.dll
c:\documents and settings\HP_Owner\rundll32 .exe
c:\documents and settings\HP_Owner\rundll32.exe
c:\documents and settings\HP_Owner\Start Menu\Programs\AntiVirus Plus
c:\documents and settings\HP_Owner\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk
c:\documents and settings\HP_Owner\Start Menu\Programs\AntiVirus Plus\EULA.url
c:\documents and settings\HP_Owner\Start Menu\Programs\AntiVirus Plus\Uninstall.lnk
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\documents and settings\LocalService\Local Settings\Application Data\Windows Server
c:\documents and settings\LocalService\Local Settings\Application Data\Windows Server\ydtrxa.dll
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server\ydtrxa.dll
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server\ydtrxa.dll.vir
c:\program files\Adobe\acrotray .exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\223A63EF.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\msimg32.dll
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\m3srchmn .exe
c:\program files\MyWebSearch\bar\1.bin\m3srchmn.exe
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\mwsoemon .exe
c:\program files\MyWebSearch\bar\1.bin\mwsoemon.exe
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\008580B2.bin
c:\program files\MyWebSearch\bar\Cache\0085842D.bin
c:\program files\MyWebSearch\bar\Cache\00858788.bin
c:\program files\MyWebSearch\bar\Cache\008588A1.bin
c:\program files\MyWebSearch\bar\Cache\06C4EF87.bin
c:\program files\MyWebSearch\bar\Cache\06C505DE.bin
c:\program files\MyWebSearch\bar\Cache\06C50794.bin
c:\program files\MyWebSearch\bar\Cache\06C508AD.bin
c:\program files\MyWebSearch\bar\Cache\0F234E5E
c:\program files\MyWebSearch\bar\Cache\0F235534
c:\program files\MyWebSearch\bar\Cache\0F235747.bin
c:\program files\MyWebSearch\bar\Cache\0F2362A2.bin
c:\program files\MyWebSearch\bar\Cache\0F2365CE.bin
c:\program files\MyWebSearch\bar\Cache\0F23690A.bin
c:\program files\MyWebSearch\bar\Cache\0F236CA4.bin
c:\program files\MyWebSearch\bar\Cache\13BCD360
c:\program files\MyWebSearch\bar\Cache\18EBE82A
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\Protection System
c:\program files\Windows NT\Accessories\svchost.exe
c:\recycler\S-1-5-21-2420815842-893142185-2243674053-1003
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Fonts\mlog
c:\windows\Install.txt
c:\windows\sc.exe
c:\windows\SC.INS
c:\windows\system\hpsysdrv .exe
c:\windows\system32\107464.exe
c:\windows\system32\1873416.exe
c:\windows\system32\2079409.exe
c:\windows\system32\2420618.exe
c:\windows\system32\3367578.exe
c:\windows\system32\3573267.exe
c:\windows\system32\4336207.exe
c:\windows\system32\4726633.exe
c:\windows\system32\4763.exe
c:\windows\system32\4F3X
c:\windows\system32\5454218.exe
c:\windows\system32\6216654.exe
c:\windows\system32\6532816.exe
c:\windows\system32\6819682.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\7582316.exe
c:\windows\system32\7695276.exe
c:\windows\system32\7904917.exe
c:\windows\system32\8021159.exe
c:\windows\system32\9463465.exe
c:\windows\system32\agrsmmsg .exe
c:\windows\system32\ak954.dll
c:\windows\system32\alcxmntr .exe
c:\windows\system32\BtwSvc.dll
c:\windows\system32\C2H3
c:\windows\system32\certstore.dat
c:\windows\system32\ctfmon .exe
c:\windows\system32\davagadu.exe
c:\windows\system32\dibiyowa.dll
c:\windows\system32\dupefomu.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\FInstall.sys
c:\windows\system32\fubatuzo.dll
c:\windows\system32\hamehalu.dll
c:\windows\system32\hemudapa.dll
c:\windows\system32\hkcmd .exe
c:\windows\system32\hovolile.dll
c:\windows\system32\hphmon06 .exe
c:\windows\system32\htmp.030
c:\windows\system32\Install.txt
c:\windows\system32\iphy.dll
c:\windows\system32\jisagade.dll
c:\windows\system32\kopupavo.dll
c:\windows\system32\ms.bin
c:\windows\system32\msejfzrl.dll
c:\windows\system32\msepdlkp.dll
c:\windows\system32\mslgqlaj.dll
c:\windows\system32\msnvkrmf.dll
c:\windows\system32\mssapsmr.dll
c:\windows\system32\msuqddft.dll
c:\windows\system32\notepad.dll
c:\windows\system32\opear.exe
c:\windows\system32\PereSvc.exe
c:\windows\system32\PowerDes.exe
c:\windows\system32\ps2 .exe
c:\windows\system32\regedit .exe
c:\windows\system32\rojisabo.dll
c:\windows\system32\rugozeko.dll
c:\windows\system32\rundll32 .exe
c:\windows\system32\ruwiraje.dll
c:\windows\system32\seagate.sys
c:\windows\system32\so.bin
c:\windows\system32\sohibesi.dll
c:\windows\system32\tawagifi.dll
c:\windows\system32\tofanuwo.dll
c:\windows\system32\w.exe
c:\windows\system32\wuaucldt .exe
c:\windows\system32\wuaucldt.exe
c:\windows\system32\yofabutu.dll
c:\windows\system32\yopopanu.dll
c:\windows\system32\yusodipi.dll
c:\windows\system32\zikedama.dll
c:\windows\Tasks\wgdnypat.job
c:\windows\Temp\log.txt
c:\windows\TEMP\mta13187.dll
D:\Autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete
----- BITS: Possible infected sites -----
hxxp://77.74.48.111hxxp://85.12.18.119Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\userinit.exe
Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\spoolsv.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\explorer.exe
Infected copy of c:\windows\system32\srsvc.dll was found and disinfected
Restored copy from - c:\qoobox\Quarantine\C\WINDOWS\system32\4F3X.vir
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_BTWSVC
-------\Legacy_SEAGATE
-------\Service_6to4
-------\Service_BtwSvc
-------\Service_seagate
-------\Legacy_peresvc
-------\Service_peresvc
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.
2010-04-15 01:56 . 2004-08-04 04:00 170496 ----a-w- c:\windows\system32\srsvc.dll
2010-04-15 01:56 . 2010-04-15 01:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
2010-04-15 01:19 . 2010-04-15 01:19 230912 --sh--w- c:\windows\system32\jivuvomo.exe
2010-04-12 10:42 . 2010-04-12 10:42 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\AntiVirus Plus
2010-04-12 01:20 . 2010-04-15 02:02 61952 ----a-w- c:\windows\system32\hkcmd.exe
2010-04-10 23:25 . 2010-04-10 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\6ea4e22
2010-04-09 02:05 . 2010-04-15 02:02 61952 ----a-w- c:\documents and settings\HP_Owner\alcxmntr.exe
2010-04-09 02:05 . 2010-04-15 02:02 61952 ----a-w- c:\documents and settings\HP_Owner\agrsmmsg.exe
2010-04-07 00:33 . 1999-12-17 14:13 110592 ----a-w- c:\windows\unvise32.exe
2010-04-07 00:33 . 2010-04-07 00:33 -------- d-----w- c:\program files\PCBugFinderPro
2010-04-06 11:06 . 2010-04-06 11:06 -------- d-----w- c:\windows\system32\GroupPolicy
2010-04-06 11:05 . 2010-04-15 01:24 36864 ----a-w- c:\windows\system32\d.bin
2010-04-06 11:05 . 2010-04-15 01:32 61952 ----a-w- c:\windows\system\hpsysdrv.exe
2010-04-06 02:02 . 2010-04-12 01:21 226304 --sha-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\2269221376.dll
2010-04-06 01:47 . 2010-04-15 02:02 61952 ----a-w- c:\windows\system32\ps2.exe
2010-04-06 01:47 . 2010-04-15 02:02 61952 ----a-w- c:\windows\system32\hphmon06.exe
2010-04-06 01:37 . 2010-04-15 01:33 61952 ----a-w- c:\windows\system32\alcxmntr.exe
2010-04-06 01:37 . 2010-04-15 01:32 61952 ----a-w- c:\windows\system32\agrsmmsg.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 02:03 . 2010-04-15 02:03 61952 ----a-w- c:\documents and settings\HP_Owner\rundll32.exe
2010-04-15 02:03 . 2010-04-15 02:03 61952 ----a-w- c:\windows\system32\wuaucldt.exe
2010-04-15 02:03 . 2010-04-15 02:03 61952 ----a-w- c:\documents and settings\HP_Owner\rundll32 .exe
2010-04-15 02:03 . 2005-02-26 08:23 -------- d-----w- c:\program files\Microsoft Works
2010-04-15 02:02 . 2005-02-26 08:26 -------- d-----w- c:\program files\QuickTime
2010-04-15 02:02 . 2005-02-26 08:26 -------- d-----w- c:\program files\iTunes
2010-04-15 01:33 . 2010-04-06 01:47 61952 ----a-w- c:\windows\system32\ps2 .exe
2010-04-15 01:32 . 2010-04-06 01:47 61952 ----a-w- c:\windows\system32\hphmon06 .exe
2010-04-15 01:32 . 2010-04-12 01:20 61952 ----a-w- c:\windows\system32\hkcmd .exe
2010-04-14 01:45 . 2010-04-09 02:05 61952 ----a-w- c:\documents and settings\HP_Owner\alcxmntr .exe
2010-04-14 01:45 . 2010-04-09 02:05 61952 ----a-w- c:\documents and settings\HP_Owner\agrsmmsg .exe
2010-04-11 01:48 . 2004-08-04 04:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-04-10 23:32 . 2010-04-10 23:32 2307072 ----a-w- c:\documents and settings\All Users\Application Data\6ea4e22\SG6ea4.exe
2010-04-07 00:36 . 2004-08-04 04:00 174592 ----a-w- c:\windows\system32\imapi.exe
2010-04-07 00:19 . 2004-08-11 09:45 63488 ----a-w- c:\windows\system32\wdfmgr.exe
2010-04-06 02:12 . 2004-08-04 04:00 160256 ----a-w- c:\windows\system32\taskmgr.exe
2010-04-06 01:45 . 2009-11-05 02:44 -------- d-----w- c:\program files\McAfee
2010-03-30 00:56 . 2005-04-30 04:13 21008 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-03-11 12:38 . 2004-08-04 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-28 12:02 . 2010-02-10 08:21 828808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-18 02:31 . 2010-02-18 02:28 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LEGO Company
2010-02-18 02:27 . 2010-02-18 02:27 -------- d-----w- c:\program files\LEGO Company
2010-01-30 14:23 . 2010-01-30 14:23 8704 ----a-w- c:\windows\system32\bootexctrl.exe
2010-01-30 14:23 . 2010-01-30 14:23 11264 ----a-w- c:\windows\system32\defrag_native.exe
2010-01-30 14:23 . 2010-01-30 14:23 9216 ----a-w- c:\windows\system32\wgx.dll
2010-01-30 14:23 . 2010-01-30 14:23 20992 ----a-w- c:\windows\system32\udefrag.exe
2010-01-30 14:23 . 2010-01-30 14:23 39424 ----a-w- c:\windows\system32\lua5.1a_gui.exe
2010-01-30 14:23 . 2010-01-30 14:23 91648 ----a-w- c:\windows\system32\lua5.1a.dll
2010-01-30 14:23 . 2010-01-30 14:23 10752 ----a-w- c:\windows\system32\lua5.1a.exe
2010-01-30 14:23 . 2010-01-30 14:23 8704 ----a-w- c:\windows\system32\udefrag.dll
2010-01-30 14:23 . 2010-01-30 14:23 34816 ----a-w- c:\windows\system32\udefrag-kernel.dll
2010-01-30 14:23 . 2010-01-30 14:23 6144 ----a-w- c:\windows\system32\hibernate4win.exe
2010-01-30 14:23 . 2010-01-30 14:23 24576 ----a-w- c:\windows\system32\zenwinx.dll
2010-01-22 16:53 . 2010-01-22 16:53 882 ----a-w- c:\windows\system32\ud-boot-time.cmd
2004-08-04 04:00 . 2004-08-04 04:00 94784 --sh--w- c:\windows\twain.dll
2004-08-04 04:00 . 2004-08-04 04:00 50688 --sh--w- c:\windows\twain_32.dll
2010-01-12 10:41 . 2010-01-12 10:41 113664 --sha-w- c:\windows\system32\bovenage.exe
2010-01-10 23:25 . 2010-01-10 23:25 113664 --sha-w- c:\windows\system32\gigivada.exe
2010-01-06 11:02 . 2010-01-06 11:02 203776 --sha-w- c:\windows\system32\lipewedi.exe
2004-08-04 04:00 . 2004-08-04 04:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2004-08-04 04:00 . 2004-08-04 04:00 54784 --sh--w- c:\windows\system32\msvcirt.dll
2004-08-04 04:00 . 2004-08-04 04:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2004-08-04 04:00 . 2004-08-04 04:00 343040 --sh--w- c:\windows\system32\msvcrt.dll
2007-12-04 18:38 . 2004-08-04 04:00 550912 --sh--w- c:\windows\system32\oleaut32.dll
2004-08-04 04:00 . 2004-08-04 04:00 83456 --sh--w- c:\windows\system32\olepro32.dll
2004-08-04 04:00 . 2004-08-04 04:00 36352 --sh--w- c:\windows\system32\regsvr32.exe
2010-01-12 10:41 . 2010-01-12 10:41 225280 --sha-w- c:\windows\system32\takavere.exe
2010-01-12 10:41 . 2010-01-12 10:41 114176 --sha-w- c:\windows\system32\wamejawe.exe
2010-01-10 23:25 . 2010-01-10 23:25 225280 --sha-w- c:\windows\system32\yijokuwu.exe
2010-01-15 01:19 . 2010-01-15 01:19 64512 --sha-w- c:\windows\system32\yivoboki.dll
2010-01-10 23:25 . 2010-01-10 23:25 114176 --sha-w- c:\windows\system32\zumidiba.exe
2010-01-10 00:54 . 2010-01-10 00:54 11 --sha-r- c:\windows\system32\GroupPolicy\User\scripts\Logon\autorun.bat
.
Code:
<pre>
c:\program files\Adobe\Acrobat 7.0\Reader\adobeupdatemanager .exe
c:\program files\Common Files\AOL\ACS\aoldial .exe
c:\program files\Common Files\AOL\AOL Spyware Protection\aolsp scheduler .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd .exe
c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpi_monitor .exe
c:\program files\HP\hpcoretech\hpcmpmgr .exe
c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06 .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre1.6.0_05\bin\jusched .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft Works\wkdetect .exe
c:\program files\Microsoft Works\wkfud .exe
c:\program files\Microsoft Works\wkssb .exe
c:\program files\QuickTime\qttask .exe
c:\windows\SMINST\recguard .exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\hphmon06 .exe
c:\windows\system32\ps2 .exe
c:\windows\system32\spool\drivers\w32x86\3\e_s4i2p1 .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb10 .exe
</pre>
------- Sigcheck -------
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[7] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . 410F8A1805EF64C774D67705DF246FBC . 82432 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[7] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 . 1CE6BC8C02EC15F81991528704474FF7 . 49152 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 5AEBFF2C786DB09B93D635D788816838 . 1057792 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . BF0B3C1773A3AD9EAB3007C0F7315882 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2010-04-06 61952]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [N/A]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 39936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2010-04-15 61952]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2010-04-15 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-15 61952]
"AGRSMMSG"="AGRSMMSG.exe" [2010-04-15 61952]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2010-04-15 61952]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2010-04-15 61952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-15 61952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-15 61952]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2010-04-15 61952]
"AlcxMonitor"="ALCXMNTR.EXE" [2010-04-15 61952]
"PS2"="c:\windows\system32\ps2.exe" [2010-04-15 61952]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2010-04-15 61952]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2010-04-15 61952]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2010-04-06 61952]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2010-04-15 61952]
"EPSON PictureMate"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE" [2010-04-15 61952]
"EPSON PictureMate (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE" [2010-04-15 61952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-04-15 61952]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2010-04-15 61952]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2010-04-15 61952]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2010-04-15 61952]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2010-04-15 61952]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2010-04-15 61952]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2010-04-15 61952]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-15 61952]
"uxvefl"="c:\windows\system32\mssapsmr.dll" [N/A]
"syncman"="c:\windows\system32\wuaucldt.exe" [2010-04-15 61952]
"fzwkht"="c:\windows\system32\msuqddft.dll" [N/A]
"kelowupugo"="yofabutu.dll" [N/A]
"qyfvwm"="c:\windows\system32\msejfzrl.dll" [N/A]
"gbuekc"="c:\windows\system32\mslgqlaj.dll" [N/A]
"rozidilak"="c:\windows\system32\hemudapa.dll" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"O@"="114f4000" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"syncman"="c:\documents and settings\hp_owner\wuaucldt.exe" [N/A]
"AntiVirus Plus"="c:\documents and settings\HP_Owner\Application Data\AntiVirus Plus\AntiVirus Plus.55532.dll" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SGD"="c:\windows\TEMP\takavere.exe" [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"mslivemsn"="c:\program files\Windows NT\Accessories\svchost.exe" [N/A]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
AppSecDll REG_SZ c:\documents and settings\LocalService\Local Settings\Application Data\Windows Server\ydtrxa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2301:TCP"= 2301:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/4/2009 10:51 PM 93320]
.
Contents of the 'Scheduled Tasks' folder
2010-04-15 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-04-15 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-04-15 02:03]
2010-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-05 17:22]
2010-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-05 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.windstream.net/uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktopuSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyServer = 166.82.1.110:8080
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant =
uCustomizeSearch =
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comIE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: {1AF07143-BD28-4905-8B88-0E8BEF0E6642} = 83.149.115.157,4.2.2.1,192.168.254.254
DPF: Microsoft XML Parser for Java -
file:///C:/WINDOWS/Java/classes/xmldso.cabDPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} -
hxxps://care.windstream.com/lwp/static/installers/ALLTELControls.cabFF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\vjnwy8m5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
BHO-{A9BA40A1-74F1-52BD-F431-00B15A2C8953} - c:\windows\system32\ak954.dll
BHO-{d0b28c29-ea33-40a1-8fcd-9f5d9f42a963} - tofanuwo.dll
SharedTaskScheduler-{A9BA40A1-74F1-52BD-F431-00B15A2C8953} - c:\windows\system32\ak954.dll
SharedTaskScheduler-{47d45d94-9798-4d7c-8549-1df24a10c563} - c:\windows\system32\hemudapa.dll
SSODL-lujuyodek-{47d45d94-9798-4d7c-8549-1df24a10c563} - c:\windows\system32\hemudapa.dll
AddRemove-AntiVirus Plus - c:\documents and settings\HP_Owner\Application Data\AntiVirus Plus\AntiVirus Plus.55532.dll
AddRemove-HijackThis - c:\documents and settings\HP_Owner\Desktop\HijackThis.exe
AddRemove-Jay Jay Sky Heroes to the Rescue - c:\program files\The Learning Company\Jay Jay Sky Heroes to the Rescue\uninstall.exe
AddRemove-Silent Package Run-Time Sample - c:\program files\epson\guide\picturemate_e\uninstall.exe
AddRemove-Super Collapse 3 - c:\program files\Yahoo! Games\Super Collapse 3\SuperCollapse3\Uninstall.exe
AddRemove-Super Collapse! 3 - c:\progra~1\YAHOO!~1\SUPERC~1\UNWISE.EXE
AddRemove-UnityWebPlayer - c:\program files\Unity\WebPlayer\Uninstall.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-ZSNESw - c:\program files\ZSNESw\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-14 22:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\wuaucldt.exe 61952 bytes executable
c:\windows\system32\ps2 .exe 61952 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EDEAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf77abfc3
\Driver\ACPI -> ACPI.sys @ 0xf771ecb8
\Driver\atapi -> atapi.sys @ 0xf76d67b4
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
SecurityProcedure -> ntoskrnl.exe @ 0x8059baf0
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
SecurityProcedure -> ntoskrnl.exe @ 0x8059baf0
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf75e3bc3
PacketIndicateHandler -> NDIS.sys @ 0xf75d1a0b
SendHandler -> NDIS.sys @ 0xf75e5b31
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\docume~1\HP_Owner\Desktop\winlogon.scr
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\agent\mcagent .exe
.
**************************************************************************
.
Completion time: 2010-04-14 22:12:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-15 02:12
Pre-Run: 54,003,253,248 bytes free
Post-Run: 54,608,273,408 bytes free
- - End Of File - - 2501C0D497B323B38AFFD7C8DF13E20E