View Single Post

speedaccordinly · 01-08-2008, 05:07 AM

Here you go... thanks.

ComboFix 08-01-08.2 - Ercilia 2008-01-07 23:51:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -5:00]
Running from: C:\Documents and Settings\Ercilia\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\nmcuninstall.exe
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\nm
-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-07 23:57 . 2008-01-07 23:59 18,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-07 23:57 . 2008-01-07 23:57 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-07 23:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 23:48 . 2008-01-07 23:47 262,144 --a------ C:\Program Files\Uninstall Spy Blocker.dll
2008-01-07 23:46 . 2008-01-07 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-07 23:46 . 2008-01-07 23:47 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-07 23:39 . 2008-01-07 23:39 759 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-07 23:33 . 2008-01-07 23:33 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-07 23:25 . 2008-01-07 23:57 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-07 23:22 . 2008-01-07 23:22 <DIR> d-------- C:\Program Files\Avira
2008-01-07 23:22 . 2008-01-07 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-07 23:18 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-01-07 22:40 . 2008-01-07 22:40 <DIR> d-------- C:\Documents and Settings\Ercilia\Application Data\Talkback
2008-01-07 21:57 . 2008-01-07 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 19:49 . 2008-01-07 19:49 206 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-07 19:46 . 2008-01-07 19:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-07 16:04 . 2008-01-07 16:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-07 16:04 . 2008-01-07 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-07 15:58 . 2008-01-07 15:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 15:48 . 2008-01-07 15:50 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-08 03:51 --------- d-----w C:\Program Files\Google
2008-01-08 02:49 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-07 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-07 14:41 --------- d-----w C:\Program Files\Dl_cats
2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{561B1A4C-0CE2-B080-9F75-026EF4F903B5}]
2007-10-20 12:03 102400 --a------ C:\Program Files\ywkrkexf\seyxxrkk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-06-17 20:02 67128]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 18:48 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 15:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 23:45 77892]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-12 09:27 98304]
"DLCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCItime.dll" [2006-02-24 09:30 73728]
"dlcimon.exe"="C:\Program Files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 21:26 430080]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 09:46 497200]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-07 23:30 249896]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-12 09:24:25]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-06-17 20:02:20]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareRemover2007]
C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-12-08 17:50 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-10-20 08:46 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 19:52 50736 C:\Program Files\Common Files\AOL\1159036810\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-09-08 19:20 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 02:24 20480 C:\Program Files\NetWaiting\NetWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-12 19:05 1117184 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--------- 2005-08-11 22:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--------- 2005-08-10 12:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 17:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

R3 dlci_device;dlci_device;C:\WINDOWS\system32\dlcico ms.exe [2006-05-11 09:22]

*Newly Created Service* - KLIF
*Newly Created Service* - SRESCAN
*Newly Created Service* - SSMDRV
*Newly Created Service* - VSMON
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 23:58:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-08 0:04:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 05:04:39
.
2008-01-08 04:38:47 --- E O F ---

01-08-2008, 05:07 AM	#3 (permalink)
speedaccordinly Silver Member Join Date: Apr 2006 Posts: 137	Here you go... thanks. ComboFix 08-01-08.2 - Ercilia 2008-01-07 23:51:47.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -5:00] Running from: C:\Documents and Settings\Ercilia\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\nmcuninstall.exe C:\WINDOWS\search_res.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NWSAPAGENT -------\nm -------\NwSapAgent ((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))) . 2008-01-07 23:57 . 2008-01-07 23:59 18,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-01-07 23:57 . 2008-01-07 23:57 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-01-07 23:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-07 23:48 . 2008-01-07 23:47 262,144 --a------ C:\Program Files\Uninstall Spy Blocker.dll 2008-01-07 23:46 . 2008-01-07 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-01-07 23:46 . 2008-01-07 23:47 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-01-07 23:39 . 2008-01-07 23:39 759 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-01-07 23:33 . 2008-01-07 23:33 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-01-07 23:25 . 2008-01-07 23:57 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-01-07 23:22 . 2008-01-07 23:22 <DIR> d-------- C:\Program Files\Avira 2008-01-07 23:22 . 2008-01-07 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-07 23:18 . <DIR> C:\WINDOWS\LastGood.Tmp 2008-01-07 22:40 . 2008-01-07 22:40 <DIR> d-------- C:\Documents and Settings\Ercilia\Application Data\Talkback 2008-01-07 21:57 . 2008-01-07 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-07 19:49 . 2008-01-07 19:49 206 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-07 19:46 . 2008-01-07 19:46 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-07 16:04 . 2008-01-07 16:04 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-07 16:04 . 2008-01-07 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-07 15:58 . 2008-01-07 15:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-07 15:48 . 2008-01-07 15:50 <DIR> d-------- C:\Program Files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-01-08 03:51 --------- d-----w C:\Program Files\Google 2008-01-08 02:49 --------- d-----w C:\Program Files\Common Files\AOL 2008-01-07 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-01-07 14:41 --------- d-----w C:\Program Files\Dl_cats 2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{561B1A4C-0CE2-B080-9F75-026EF4F903B5}] 2007-10-20 12:03 102400 --a------ C:\Program Files\ywkrkexf\seyxxrkk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-06-17 20:02 67128] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 18:48 761947] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 15:08 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920] "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 23:45 77892] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-12 09:27 98304] "DLCICATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCItime.dll" [2006-02-24 09:30 73728] "dlcimon.exe"="C:\Program Files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 21:26 430080] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 09:46 497200] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-07 23:30 249896] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-12 09:24:25] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-06-17 20:02:20] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2004-12-08 17:50 67160 C:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] -ra------ 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2007-10-20 08:46 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-09-25 19:52 50736 C:\Program Files\Common Files\AOL\1159036810\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] --a------ 2005-09-08 19:20 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] --------- 2003-09-10 02:24 20480 C:\Program Files\NetWaiting\NetWaiting.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] --a------ 2005-07-12 19:05 1117184 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] --------- 2005-08-11 22:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] --------- 2005-08-10 12:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] --a------ 2005-07-08 17:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe R3 dlci_device;dlci_device;C:\WINDOWS\system32\dlcico ms.exe [2006-05-11 09:22] Newly Created Service - KLIF Newly Created Service - SRESCAN Newly Created Service - SSMDRV Newly Created Service - VSMON . ************************************************ ******************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 23:58:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2008-01-08 0:04:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-08 05:04:39 . 2008-01-08 04:38:47 --- E O F ---