I don't know if I did this right - I started the computer on safe mode like you said and drag the CFScript to ComboFix and it did its thing, but at some points I could see on the window that some processes were denied because it wanted me to run it as administrator. Please see if I've done this correctly. Thanks.-------------------------------------------------------------------------------
ComboFix 08-08-23.03 - Karen 2008-08-25 21:53:57.4 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2701 [GMT -4:00]
Running from: C:\Users\Karen\Desktop\ComboFix.exe
Command switches used :: C:\Users\Karen\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\AdmMntCmd
C:\ProgramData\AdmMntCmd\vyvmfyju.exe
C:\ProgramData\genactdb
C:\ProgramData\genactdb\tsjirgfy.exe
C:\ProgramData\srvmonapl
C:\ProgramData\srvmonapl\dobgbibk.exe
C:\Users\All Users\AdmMntCmd\vyvmfyju.exe
C:\Users\All Users\genactdb\tsjirgfy.exe
C:\Users\All Users\srvmonapl\dobgbibk.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 01:47 --------- d-----w C:\Users\Karen\AppData\Roaming\DMCache
2008-08-26 01:40 --------- d-----w C:\Program Files\Java
2008-08-25 01:25 --------- d-----w C:\ProgramData\Google Updater
2008-08-24 22:35 --------- d-----w C:\ProgramData\HlpCmdSh
2008-08-24 05:46 --------- d-----w C:\ProgramData\Roxio
2008-08-24 04:51 --------- d-----w C:\Users\Karen\AppData\Roaming\dvdcss
2008-08-22 02:51 --------- d-----w C:\Program Files\Winamp
2008-08-20 00:36 --------- d-----w C:\ProgramData\webmsginfo
2008-08-16 03:47 --------- d-----w C:\ProgramData\DVD Shrink
2008-08-16 03:47 --------- d-----w C:\Program Files\DVD Shrink
2008-08-16 03:36 --------- d-----w C:\Program Files\Trend Micro
2008-08-16 03:23 --------- d-----w C:\Users\Karen\AppData\Roaming\Malwarebytes
2008-08-16 03:23 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-16 03:23 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 03:22 --------- d-----w C:\Users\Karen\AppData\Roaming\Download Manager
2008-08-16 03:10 --------- d-----w C:\Users\Karen\AppData\Roaming\Winamp
2008-08-16 03:10 --------- d-----w C:\ProgramData\FLEXnet
2008-08-16 01:27 5,790 ----a-w C:\Windows\System32\tmp.reg
2008-08-16 01:25 --------- d-----w C:\Users\Karen\AppData\Roaming\IDM
2008-08-15 06:59 --------- d-----w C:\ProgramData\NVIDIA
2008-08-15 04:56 --------- d-----w C:\Program Files\Megaupload Downloader
2008-08-15 02:53 --------- d-----w C:\Program Files\Google
2008-08-15 01:52 82,432 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-08-14 07:05 --------- d-----w C:\Program Files\Windows Mail
2008-08-09 19:37 82,432 ----a-w C:\Windows\System32\404Fix.exe
2008-08-09 07:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 07:47 --------- d-----w C:\Program Files\Bonjour
2008-08-09 03:57 --------- d-----w C:\Program Files\PowerISO
2008-08-04 22:36 --------- d-----w C:\Program Files\TagRename
2008-07-31 00:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-31 00:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-27 01:38 27,335 ----a-w C:\Users\Karen\AppData\Roaming\nvModes.dat
2008-07-25 23:33 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-23 02:55 --------- d-----w C:\Program Files\Free Download Manager
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-14 23:38 --------- d-----w C:\ProgramData\WindowsSearch
2008-07-13 04:49 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-07-13 04:20 --------- d-----w C:\Program Files\CAPCOM
2008-07-10 02:02 --------- d-----w C:\Program Files\SiteAdvisor
2008-07-08 02:46 --------- d-----w C:\Program Files\DVD Identifier
2008-07-07 05:44 --------- d-----w C:\Program Files\McAfee
2008-07-07 01:43 --------- d-----w C:\Users\Karen\AppData\Roaming\SiteAdvisor
2008-07-07 00:31 --------- d-----w C:\ProgramData\SiteAdvisor
2008-07-07 00:31 --------- d-----w C:\ProgramData\McAfee
2008-07-07 00:30 --------- d-----w C:\Program Files\McAfee.com
2008-07-07 00:30 --------- d-----w C:\Program Files\Common Files\McAfee
2008-07-06 20:19 --------- d-----w C:\Program Files\SiteAdvisor(55)
2008-07-05 07:26 --------- d-----w C:\Users\Karen\AppData\Roaming\Thinstall
2008-06-27 05:11 --------- d-----w C:\ProgramData\ACD Systems
2008-06-27 05:11 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-27 05:10 --------- d-----w C:\Program Files\ACD Systems
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-29 13:35 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-05-27 23:24 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 21:55 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 21:55 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-03-16 15:07 74 --sh--r C:\Windows\CT4CET.bin
2008-04-01 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-01 20:44 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-01 20:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Users\Karen\Documents\Downloads ----
2008-08-15 21:23 1486171 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix.exe
2008-08-15 00:55 616066 --a------ C:\Users\Karen\Documents\Downloads\Programs\Setup_Megaupload_Downloader_2008.exe
2008-08-15 00:05 1848318 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\SmitfraudFix.cmd
2008-08-14 22:51 1018584 --a------ C:\Users\Karen\Documents\Downloads\Programs\Google Updater.exe
2008-08-14 21:52 82432 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\IEDFix.C.exe
2008-08-09 15:37 82432 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\404Fix.exe
2008-08-07 16:27 4080 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\beep_2K_original.sys
2008-07-22 12:27 82432 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\GenericRenosFix.exe
2008-07-16 22:35 2459088 --a------ C:\Users\Karen\Documents\Downloads\Programs\FileZilla_Server-0_9_26.exe
2008-07-09 23:43 9032208 --a------ C:\Users\Karen\Documents\Downloads\Programs\winamp554_full_emusic-7plus_en-us.exe
2008-06-15 23:36 3788336 --a------ C:\Users\Karen\Documents\Downloads\Programs\Driveway10000setup.exe
2008-05-29 09:35 86528 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\VACFix.exe
2008-05-29 00:26 90253 --a------ C:\Users\Karen\Documents\Downloads\Programs\winroll-2.0.exe
2008-05-27 23:17 3584 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\Policies.exe
2008-05-18 21:40 82944 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\IEDFix.exe
2008-05-04 04:11 736095 --a------ C:\Users\Karen\Documents\Downloads\Programs\SetupKHTV3.06.exe
2008-05-04 02:19 4974107 --a------ C:\Users\Karen\Documents\Downloads\Programs\kiwi-0.9.7.exe
2008-05-04 01:33 1495112 --a------ C:\Users\Karen\Documents\Downloads\Programs\install_flash_player.exe
2008-03-02 23:38 77312 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\UIFix.exe
2007-10-04 00:36 25600 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\WS2Fix.exe
2007-09-06 00:22 289144 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\VCCLSID.exe
2007-08-21 08:00 1536 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\exit.exe
2007-03-28 18:38 77824 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\HostsChk.exe
2006-12-01 06:20 79360 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\swxcacls.exe
2006-09-19 22:13 20480 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\SmiUpdate.exe
2006-09-15 00:34 167936 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\unzip.exe
2006-08-29 19:43 135168 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\swreg.exe
2006-04-27 17:49 288417 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\SrchSTS.exe
2006-03-07 22:45 16384 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\restart.exe
2006-01-09 10:36 40960 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\swsc.exe
2005-01-13 21:41 24576 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\Reboot.exe
2004-07-31 18:50 51200 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\dumphive.exe
2003-06-05 21:13 53248 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\Process.exe
2001-08-28 14:00 4224 --a------ C:\Users\Karen\Documents\Downloads\Programs\SmitfraudFix\beep_XP_original.sys
((((((((((((((((((((((((((((( snapshot@2008-08-21_22.05.07.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-22 01:56:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-26 01:51:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-26 01:51:51 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-22 01:56:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-26 01:51:51 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-26 01:51:51 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-22 01:56:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-26 01:47:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-22 01:56:27 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-26 01:47:25 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-22 01:56:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-26 01:47:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-22 01:52:49 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-25 00:25:01 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-02-22 05:23:35 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-02-22 05:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-02-22 06:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe
- 2008-08-20 03:16:32 105,852 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-26 01:57:18 104,658 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-20 03:16:32 600,378 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-26 01:57:18 598,782 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-22 01:58:34 8,098 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1345769177-2316361058-2631478649-1000_UserData.bin
+ 2008-08-26 01:49:17 8,106 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1345769177-2316361058-2631478649-1000_UserData.bin
- 2008-08-22 01:58:33 62,002 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-26 01:49:16 62,086 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-20 03:12:57 51,862 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-26 01:49:14 52,366 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-08-22 01:32:09 253,112 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-08-26 01:34:29 254,484 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 00:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 00:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [2007-12-02 17:30 308464]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-07-06 21:00 2594224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 02:03 17920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 03:00 857648]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 01:58 36864]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 23:50 49168]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-16 11:20 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 19:57 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 19:02 36352]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 19:56 202544]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 17:57 36640]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 00:04 86528 C:\Windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F86430DE-CF8F-4BCB-BD80-5EB812AB449A}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{A3956BCC-9895-4B4B-8E74-036D94C0036D}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{31043A6D-AF7E-4416-9F64-872ABE578709}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{3F27E2D6-D258-4C52-982C-3489E84321A9}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{2DD59FD8-2A7D-49BC-89C5-E6B0AB90EE07}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D5190660-187A-4C71-865A-7E53CDDABDAB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C29B27A2-DB63-4438-AC0D-3B2A5930A34A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A6C3E698-ADED-4D90-A42F-BE90C578317D}C:\\program files\\keyholetv\\keyholetv.exe"= UDP:C:\program files\keyholetv\keyholetv.exe:KeyHole TV Main Application
"UDP Query User{9949E4C4-8286-4FD9-829B-9B80BB870C70}C:\\program files\\keyholetv\\keyholetv.exe"= TCP:C:\program files\keyholetv\keyholetv.exe:KeyHole TV Main Application
"TCP Query User{9C6D6266-F1EA-44D7-B67F-009DFB6CCCDB}C:\\users\\karen\\desktop\\hfs.exe"= UDP:C:\users\karen\desktop\hfs.exe:hfs.exe
"UDP Query User{3E383C3A-56CB-4E02-B332-A327EA68C804}C:\\users\\karen\\desktop\\hfs.exe"= TCP:C:\users\karen\desktop\hfs.exe:hfs.exe
"TCP Query User{D0A7B4B8-AD22-4877-8984-FD750EFF762E}C:\\program files\\keyholetv\\keyholetv.exe"= UDP:C:\program files\keyholetv\keyholetv.exe:KeyHole TV Main Application
"UDP Query User{9386816D-AD72-4364-AACC-8DDACB37B312}C:\\program files\\keyholetv\\keyholetv.exe"= TCP:C:\program files\keyholetv\keyholetv.exe:KeyHole TV Main Application
"TCP Query User{11BEA281-33B2-4C72-BCEB-B92530D22AD4}C:\\program files\\flashfxp\\flashfxp.exe"= UDP:C:\program files\flashfxp\flashfxp.exe:FlashFXP
"UDP Query User{5C56AA88-85DD-4819-BCAF-AF66E6CAEBE5}C:\\program files\\flashfxp\\flashfxp.exe"= TCP:C:\program files\flashfxp\flashfxp.exe:FlashFXP
"{2AF6D983-395E-457B-8F7C-B6112B196372}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\System\\winnet32.exe"= C:\Program Files\Common Files\System\winnet32.exe:*:Enabled:Windows Update
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-01 23:44]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 08:35]
S3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 01:58]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 01:59]
*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
2008-08-15 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-01 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-06-09 C:\Windows\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-08 09:14]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-25 21:57:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-25 21:59:04
ComboFix-quarantined-files.txt 2008-08-26 01:58:06
ComboFix2.txt 2008-08-25 00:28:55
ComboFix3.txt 2008-08-23 04:47:56
ComboFix4.txt 2008-08-22 02:06:34
ComboFix5.txt 2008-08-26 01:53:41
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 122,840,137,728 bytes free
298 --- E O F --- 2008-08-23 06:24:05