Here is the new combofix log after applying the CFScript. The only issue is that I forgot to disable anti-virus programs this time and a virus warning popped up during the scan... I think it was called ELICAR or something like that. Does that affect the scan results? Should I undo it and redo it again?
ComboFix 08-08-21.02 - Karen 2008-08-23 0:43:01.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1615 [GMT -4:00]
Running from: C:\Users\Karen\Desktop\ComboFix.exe
Command switches used :: C:\Users\Karen\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\dscmsgweb
C:\ProgramData\dscmsgweb\dkxsdgzy.exe
C:\ProgramData\jspklkxi
C:\ProgramData\jspklkxi\lmtglqti.exe
C:\ProgramData\WebCom
C:\ProgramData\WebCom\folwjebw.exe
C:\ProgramData\webui
C:\ProgramData\webui\lazgnyps.exe
C:\Users\All Users\chkapp
C:\Users\All Users\chkapp\nefujuro.exe
C:\Users\All Users\dscmsgweb\dkxsdgzy.exe
C:\Users\All Users\jspklkxi\lmtglqti.exe
C:\Users\All Users\shcfg
C:\Users\All Users\shcfg\vopitefe.exe
C:\Users\All Users\WebCom\folwjebw.exe
C:\Users\All Users\webui\lazgnyps.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-21 22:28 . 2008-08-21 22:28 <DIR> d-------- C:\Users\All Users\strui
2008-08-21 22:28 . 2008-08-21 22:28 <DIR> d-------- C:\Users\All Users\AdmMntCmd
2008-08-21 22:28 . 2008-08-21 22:28 <DIR> d-------- C:\ProgramData\strui
2008-08-21 22:28 . 2008-08-21 22:28 <DIR> d-------- C:\ProgramData\AdmMntCmd
2008-08-21 21:58 . 2008-08-21 21:58 <DIR> d-------- C:\Users\All Users\srvmonapl
2008-08-21 21:58 . 2008-08-21 21:58 <DIR> d-------- C:\Users\All Users\genactdb
2008-08-21 21:58 . 2008-08-21 21:58 <DIR> d-------- C:\ProgramData\srvmonapl
2008-08-21 21:58 . 2008-08-21 21:58 <DIR> d-------- C:\ProgramData\genactdb
2008-08-19 21:57 . 2008-08-19 22:17 2,425 --a------ C:\Windows\diagwrn.xml
2008-08-19 21:57 . 2008-08-19 22:17 1,905 --a------ C:\Windows\diagerr.xml
2008-08-19 20:36 . 2008-08-19 20:36 <DIR> d-------- C:\Users\All Users\webmsginfo
2008-08-19 20:36 . 2008-08-19 20:36 <DIR> d-------- C:\ProgramData\webmsginfo
2008-08-17 05:37 . 2008-08-17 05:37 <DIR> d-------- C:\Users\All Users\HlpCmdSh
2008-08-17 05:37 . 2008-08-17 05:37 <DIR> d-------- C:\ProgramData\HlpCmdSh
2008-08-15 23:47 . 2008-08-15 23:47 <DIR> d-------- C:\Users\All Users\DVD Shrink
2008-08-15 23:47 . 2008-08-15 23:47 <DIR> d-------- C:\ProgramData\DVD Shrink
2008-08-15 23:47 . 2008-08-15 23:47 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-15 23:36 . 2008-08-15 23:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-15 23:23 . 2008-08-15 23:23 <DIR> d-------- C:\Users\Karen\AppData\Roaming\Malwarebytes
2008-08-15 23:23 . 2008-08-15 23:23 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-15 23:23 . 2008-08-15 23:23 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-15 23:23 . 2008-08-15 23:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 23:23 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-15 23:23 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-15 23:22 . 2008-08-15 23:22 <DIR> d-------- C:\Users\Karen\AppData\Roaming\Download Manager
2008-08-15 21:27 . 2008-08-15 21:27 5,790 --a------ C:\Windows\System32\tmp.reg
2008-08-15 21:26 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-08-15 21:26 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-08-15 21:26 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-08-15 21:26 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-08-15 21:26 . 2008-08-14 21:52 82,432 --a------ C:\Windows\System32\IEDFix.C.exe
2008-08-15 21:26 . 2008-08-09 15:37 82,432 --a------ C:\Windows\System32\404Fix.exe
2008-08-15 21:26 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-08-15 21:26 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-08-15 02:54 . 2008-08-15 02:59 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-08-15 02:54 . 2008-08-15 02:59 <DIR> d-------- C:\ProgramData\NVIDIA
2008-08-15 00:58 . 2008-08-15 00:58 <DIR> d-------- C:\Windows\nvtmpinst
2008-08-15 00:56 . 2008-08-15 00:56 <DIR> d-------- C:\Program Files\Megaupload Downloader
2008-08-14 22:51 . 2008-08-21 22:05 <DIR> d-------- C:\Users\All Users\Google Updater
2008-08-14 22:51 . 2008-08-21 22:05 <DIR> d-------- C:\ProgramData\Google Updater
2008-08-13 23:11 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 19:59 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 19:58 . 2008-04-18 01:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 19:57 . 2008-06-26 21:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 19:57 . 2008-06-27 00:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 19:49 . 2008-04-10 01:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-09 03:47 . 2008-08-09 03:47 <DIR> d-------- C:\Program Files\Bonjour
2008-08-08 23:57 . 2008-08-08 23:57 <DIR> d-------- C:\Program Files\PowerISO
2008-08-04 18:36 . 2008-08-04 18:36 <DIR> d-------- C:\Program Files\TagRename
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-23 04:45 --------- d-----w C:\Users\Karen\AppData\Roaming\DMCache
2008-08-22 02:51 --------- d-----w C:\Program Files\Winamp
2008-08-16 03:10 --------- d-----w C:\Users\Karen\AppData\Roaming\Winamp
2008-08-16 03:10 --------- d-----w C:\ProgramData\FLEXnet
2008-08-16 01:25 --------- d-----w C:\Users\Karen\AppData\Roaming\IDM
2008-08-15 02:53 --------- d-----w C:\Program Files\Google
2008-08-14 07:05 --------- d-----w C:\Program Files\Windows Mail
2008-08-09 07:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-06 01:19 --------- d-----w C:\ProgramData\Roxio
2008-07-31 00:39 --------- d-----w C:\Users\Karen\AppData\Roaming\dvdcss
2008-07-27 01:38 27,335 ----a-w C:\Users\Karen\AppData\Roaming\nvModes.dat
2008-07-25 23:33 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-23 02:55 --------- d-----w C:\Program Files\Free Download Manager
2008-07-14 23:38 --------- d-----w C:\ProgramData\WindowsSearch
2008-07-13 04:49 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-07-13 04:20 --------- d-----w C:\Program Files\CAPCOM
2008-07-10 02:02 --------- d-----w C:\Program Files\SiteAdvisor
2008-07-08 02:46 --------- d-----w C:\Program Files\DVD Identifier
2008-07-07 05:44 --------- d-----w C:\Program Files\McAfee
2008-07-07 01:43 --------- d-----w C:\Users\Karen\AppData\Roaming\SiteAdvisor
2008-07-07 00:31 --------- d-----w C:\ProgramData\SiteAdvisor
2008-07-07 00:31 --------- d-----w C:\ProgramData\McAfee
2008-07-07 00:30 --------- d-----w C:\Program Files\McAfee.com
2008-07-07 00:30 --------- d-----w C:\Program Files\Common Files\McAfee
2008-07-06 20:19 --------- d-----w C:\Program Files\SiteAdvisor(55)
2008-07-05 07:26 --------- d-----w C:\Users\Karen\AppData\Roaming\Thinstall
2008-06-27 05:11 --------- d-----w C:\ProgramData\ACD Systems
2008-06-27 05:11 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-27 05:10 --------- d-----w C:\Program Files\ACD Systems
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-27 23:24 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 21:55 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 21:55 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-03-16 15:07 74 --sh--r C:\Windows\CT4CET.bin
2008-04-01 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-01 20:44 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-01 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-08-21_22.05.07.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-22 01:56:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-22 02:42:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-22 01:56:27 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-22 02:42:11 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-22 01:56:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-22 02:42:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-20 03:16:32 105,852 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-22 02:04:03 105,852 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-20 03:16:32 600,378 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-22 02:04:03 600,378 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-22 01:32:09 253,112 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-08-23 04:38:12 253,490 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 00:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 00:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [2007-12-02 17:30 308464]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-07-06 21:00 2594224]
"HlpCmdSh"="C:\ProgramData\HlpCmdSh\hczwvupc.exe" [2008-08-17 05:37 90112]
"strui"="C:\ProgramData\strui\zsrspwvu.exe" [2008-08-21 22:28 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 02:03 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 03:00 857648]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 01:58 36864]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 23:50 49168]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-16 11:20 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 19:57 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 19:02 36352]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 17:57 36640]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 00:04 86528 C:\Windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F86430DE-CF8F-4BCB-BD80-5EB812AB449A}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{A3956BCC-9895-4B4B-8E74-036D94C0036D}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{31043A6D-AF7E-4416-9F64-872ABE578709}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{3F27E2D6-D258-4C52-982C-3489E84321A9}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{2DD59FD8-2A7D-49BC-89C5-E6B0AB90EE07}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D5190660-187A-4C71-865A-7E53CDDABDAB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C29B27A2-DB63-4438-AC0D-3B2A5930A34A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A6C3E698-ADED-4D90-A42F-BE90C578317D}C:\\program files\\keyholetv\\keyholetv.exe"= UDP:C:\program files\keyholetv\keyholetv.exe:KeyHole TV Main Application
"UDP Query User{9949E4C4-8286-4FD9-829B-9B80BB870C70}C:\\program files\\keyholetv\\keyholetv.exe"= TCP:C:\program files\keyholetv\keyholetv.exe:KeyHole TV Main Application
"TCP Query User{9C6D6266-F1EA-44D7-B67F-009DFB6CCCDB}C:\\users\\karen\\desktop\\hfs.exe"= UDP:C:\users\karen\desktop\hfs.exe:hfs.exe
"UDP Query User{3E383C3A-56CB-4E02-B332-A327EA68C804}C:\\users\\karen\\desktop\\hfs.exe"= TCP:C:\users\karen\desktop\hfs.exe:hfs.exe
"TCP Query User{D0A7B4B8-AD22-4877-8984-FD750EFF762E}C:\\program files\\keyholetv\\keyholetv.exe"= UDP:C:\program files\keyholetv\keyholetv.exe:KeyHole TV Main Application
"UDP Query User{9386816D-AD72-4364-AACC-8DDACB37B312}C:\\program files\\keyholetv\\keyholetv.exe"= TCP:C:\program files\keyholetv\keyholetv.exe:KeyHole TV Main Application
"TCP Query User{11BEA281-33B2-4C72-BCEB-B92530D22AD4}C:\\program files\\flashfxp\\flashfxp.exe"= UDP:C:\program files\flashfxp\flashfxp.exe:FlashFXP
"UDP Query User{5C56AA88-85DD-4819-BCAF-AF66E6CAEBE5}C:\\program files\\flashfxp\\flashfxp.exe"= TCP:C:\program files\flashfxp\flashfxp.exe:FlashFXP
"{2AF6D983-395E-457B-8F7C-B6112B196372}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\System\\winnet32.exe"= C:\Program Files\Common Files\System\winnet32.exe:*:Enabled:Windows Update
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-01 23:44]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 08:35]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 01:58]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 01:59]
.
Contents of the 'Scheduled Tasks' folder
2008-08-15 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-01 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-06-09 C:\Windows\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-08 09:14]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-23 00:45:59
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-23 0:47:55
ComboFix-quarantined-files.txt 2008-08-23 04:47:21
ComboFix2.txt 2008-08-22 02:06:34
ComboFix3.txt 2008-08-16 02:08:43
Pre-Run: 132,121,874,432 bytes free
Post-Run: 132,108,488,704 bytes free
267 --- E O F --- 2008-08-21 02:42:14