OOOPPPSSSSS got ya Dan. Sorry. Here goes.
ComboFix 08-03-30.1 - Ian 2008-03-30 11:10:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.348 [GMT 1:00]
Running from: C:\Documents and Settings\Ian.MAINPC\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Ian.MAINPC\Application Data\inst.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.
2008-03-30 09:05 . 2008-03-30 09:05 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-29 18:42 . 2008-03-29 18:42 <DIR> d-------- C:\Program Files\CCleaner
2008-03-29 15:31 . 2008-03-29 15:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-03-29 14:32 . 2008-03-29 14:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-29 14:27 . 2008-03-29 14:57 <DIR> d-------- C:\SDFix
2008-03-29 13:16 . 2008-03-29 17:16 <DIR> d-------- C:\VundoFix Backups
2008-03-28 20:40 . 2008-03-28 20:43 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-03-28 17:39 . 2008-03-28 17:39 2,752 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-28 12:06 . 1998-11-13 13:07 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2008-03-25 22:59 . 2008-03-26 22:10 1,580,441 ---hs---- C:\WINDOWS\system32\enhtvkvw.ini
2008-03-25 21:43 . 2008-03-25 21:43 6,144 --a------ C:\eqmycdql.exe
2008-03-22 09:43 . 2008-03-22 09:43 76 --a------ C:\WINDOWS\system32\Sun Clock 6.ini
2008-03-22 09:42 . 2008-03-22 09:42 <DIR> d-------- C:\Program Files\Map Maker
2008-03-21 18:55 . 2008-03-21 18:55 <DIR> d-------- C:\Program Files\PawPrint.net
2008-03-21 18:30 . 2008-03-22 09:43 <DIR> d-------- C:\Documents and Settings\Ian.MAINPC\Application Data\Map Maker
2008-03-21 18:29 . 2008-03-21 18:45 <DIR> d-------- C:\Map Maker
2008-03-21 11:49 . 2008-03-21 11:49 <DIR> d-------- C:\Program Files\Kontiki
2008-03-21 11:49 . 2008-03-21 11:49 <DIR> d-------- C:\logs3
2008-03-21 11:49 . 2008-03-29 11:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2008-03-16 18:32 . 2008-03-16 18:32 131,584 --------- C:\WINDOWS\combatfs.exe
2008-03-16 15:46 . 2008-03-16 15:46 <DIR> d-------- C:\Casper
2008-03-16 15:46 . 1996-02-14 15:01 92,208 --a------ C:\WINDOWS\system\Wing.dll
2008-03-16 15:46 . 1998-09-02 13:43 81,920 --a------ C:\WINDOWS\system32\LZSCMPRS.DLL
2008-03-16 15:46 . 1998-03-26 16:25 12,800 --a------ C:\WINDOWS\system32\Wing32.dll
2008-03-16 15:46 . 2008-03-16 15:46 183 --a------ C:\WINDOWS\compedia.ini
2008-03-16 15:43 . 2008-03-16 15:43 <DIR> d-------- C:\Documents and Settings\Ian.MAINPC\WINDOWS
2008-03-16 15:42 . 2008-03-16 15:48 <DIR> d-------- C:\Program Files\The Learning Company
2008-03-16 15:42 . 2002-09-26 13:19 274,432 --a------ C:\WINDOWS\TLCUninstall.exe
2008-03-16 15:40 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-16 15:40 . 2008-03-16 15:40 0 --a------ C:\WINDOWS\SETUP32.INI
2008-03-16 15:36 . 2008-03-16 15:40 <DIR> d-------- C:\Documents and Settings\Cian\Application Data\Teleca
2008-03-16 15:36 . 2008-03-16 15:36 <DIR> d-------- C:\Documents and Settings\Cian\Application Data\Roxio
2008-03-16 00:16 . 2008-03-29 19:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 00:16 . 2008-03-16 00:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-15 21:22 . 2006-03-03 12:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-03-15 19:58 . 2008-03-15 20:33 <DIR> d-------- C:\Program Files\SiteAdvisor(2)
2008-03-15 19:58 . 2008-03-15 20:17 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SiteAdvisor(2)
2008-03-15 19:58 . 2008-03-15 20:16 <DIR> d-------- C:\Documents and Settings\Ian.MAINPC\Application Data\SiteAdvisor(2)
2008-03-15 19:42 . 2008-03-16 00:15 <DIR> d-------- C:\Program Files\QuickTime
2008-03-15 19:42 . 2008-03-29 15:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 19:41 . 2008-03-15 19:41 <DIR> d-------- C:\Program Files\Smart Projects
2008-03-15 19:41 . 2008-03-15 19:41 <DIR> d-------- C:\Program Files\Free iPod Video Converter
2008-03-15 10:17 . 2008-03-29 19:35 14,644 --a------ C:\WINDOWS\system32\Config.MPF
2008-03-09 20:19 . 2007-07-21 10:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-09 20:19 . 2007-07-24 08:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-09 20:19 . 2007-07-21 10:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-03-09 20:19 . 2007-07-21 10:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-09 20:19 . 2007-07-24 13:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-03-09 16:33 . 2008-03-09 16:33 254 --a------ C:\WINDOWS\system32\USER.SCP
2008-03-09 16:33 . 2008-03-09 16:33 254 --a------ C:\WINDOWS\system32\TEMPSCP.SCP
2008-03-09 16:21 . 2008-03-09 16:21 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-02-26 18:58 . 2008-02-26 18:58 <DIR> d-------- C:\Program Files\iPod
2008-02-23 14:39 . 2008-02-23 14:44 <DIR> d-------- C:\Program Files\ChemBuddy
2008-02-05 14:54 . 2008-02-05 14:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-02-05 13:40 . 2008-02-05 13:40 <DIR> d-------- C:\Program Files\Windows Live
2008-02-05 13:40 . 2008-02-05 13:40 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-02-01 00:13 . 2008-02-01 00:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-02-01 00:13 . 2008-02-01 00:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 10:17 --------- d-----w C:\Documents and Settings\Ian.MAINPC\Application Data\Azureus
2008-03-30 08:05 --------- d-----w C:\Program Files\McAfee
2008-03-29 14:38 --------- d-----w C:\Program Files\WLViewerLite
2008-03-29 14:32 --------- d-----w C:\Program Files\Ahead
2008-03-29 14:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-29 14:27 --------- d-----w C:\Program Files\DivX
2008-03-29 14:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-29 14:18 --------- d-----w C:\Documents and Settings\Ian.MAINPC\Application Data\Vso
2008-03-29 14:17 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-29 14:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Roxio
2008-03-29 14:13 --------- d-----w C:\Program Files\GameShadow
2008-03-29 12:36 --------- d-----w C:\Program Files\PowerISO
2008-03-29 09:20 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-28 17:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-03-28 16:49 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-28 14:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-28 12:00 --------- d-----w C:\Program Files\Microsoft Games
2008-03-27 20:35 --------- d-----w C:\Program Files\S103
2008-03-26 19:54 --------- d-----w C:\Documents and Settings\Ian.MAINPC\Application Data\Apple Computer
2008-03-21 18:27 --------- d-----w C:\Documents and Settings\Ian.MAINPC\Application Data\AdobeUM
2008-03-18 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 17:58 --------- d-----w C:\Program Files\Ubisoft
2008-03-15 20:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-03-15 18:42 --------- d-----w C:\Documents and Settings\Ian.MAINPC\Application Data\SUPERAntiSpyware.com
2008-03-15 07:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-03-09 19:19 --------- d-----w C:\Program Files\Common Files\McAfee
2008-03-09 18:36 --------- d-----w C:\Program Files\DellSupport
2008-03-09 18:21 --------- d-----w C:\Program Files\Java
2008-02-26 17:59 --------- d-----w C:\Program Files\iTunes
2008-02-05 12:40 --------- d-----w C:\Program Files\MSN Messenger
2007-12-10 17:52 47,360 ----a-w C:\Documents and Settings\Ian.MAINPC\Application Data\pcouffin.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-10-14 10:22 375,800 --sh--w C:\WINDOWS\system32\pstwa.bak2
2007-10-12 18:34 382,736 --sha-w C:\WINDOWS\system32\uvvwa.bak2
.
((((((((((((((((((((((((((((( snapshot@2008-03-29_18.04.03.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 08:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-29 17:39:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-30 08:03:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-29 17:39:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-30 08:03:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-29 17:39:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-30 08:03:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2000-08-31 08:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 21:05 344064]
"AsioReg"="REGSVR32 /S CTASIO.DLL" []
"CTHelper"="CTHELPER.EXE" [2005-11-08 20:30 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 12:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 339968 C:\WINDOWS\stsystra.exe]
"EPSON Stylus Photo R340 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.exe" [2005-05-12 05:00 98304]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGuiSt.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 21:29 1160480]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 12:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25025:TCP"= 25025:TCP:BitComet 25025 TCP
"25025:UDP"= 25025:UDP:BitComet 25025 UDP
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\
000.fcl [2006-11-02 16:51]
S2 0054591206864331mcinstcleanup;McAfee Application Installer Cleanup (0054591206864331);C:\WINDOWS\TEMP\
005459~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\ADOBE\command - E:\extras\ar405ita.exe
\Shell\AutoRun\command - E:\setup.EXE /autorun
\Shell\dxsetup\command - E:\directx\dxsetup.exe
\Shell\log\command - E:\machine\machine.exe -l
\Shell\machine\command - E:\machine\machine.exe
\Shell\Register\command - E:\extras\runshell.exe
http://www.microsoft.com/games/product_ ... on/fs2002/\Shell\setup\command - E:\setup.exe
\Shell\Web\command - E:\extras\runshell.exe
http://www.microsoft.com/games/fs2002/default.asp\Shell\WMP\command - E:\wmp\mp71.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{040bb98e-157f-11db-a832-00123fcb9d0e}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72d80cf9-de07-11da-a7d1-00123fcb9d0e}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 09:07:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-30 10:00:00 C:\WINDOWS\Tasks\B49FA522997C5942.job"
- c:\docume~1\ian~1.mai\applic~1\onehtm~1\spam seek each.exe
"2008-03-09 19:19:11 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-09 19:19:10 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-30 02:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-30 11:16:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\
000.fcl"
.
Completion time: 2008-03-30 11:19:10
ComboFix-quarantined-files.txt 2008-03-30 10:19:07
ComboFix2.txt 2008-03-29 18:04:26
Pre-Run: 22,459,797,504 bytes free
Post-Run: 22,447,775,744 bytes free
.
2008-03-21 10:46:26 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:35, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\CTHELPER.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
C:\PROGRA~1\McAfee\MHN\McENUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bbc.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O16 - DPF: McAfee Wi-FiScan -
http://download.mcafee.com/molbin/iss-l ... erCtrl.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 2778162375O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cabO23 - Service: McAfee Application Installer Cleanup (0054591206864331) (0054591206864331mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\005459~1.EXE (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - Unknown owner - C:\Program Files\Mcafee\MWL\MwlSvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9012 bytes
Cheers
Ian