Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my computer infected


  • This topic is locked This topic is locked
4 replies to this topic

#1 dadcruise86

dadcruise86

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 20 May 2011 - 10:57 PM

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Matthew at 23:51:36 on 2011-05-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2014 [GMT -4:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Matthew\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512002229.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [SpSgqCLLfWkq] C:\ProgramData\SpSgqCLLfWkq.exe
uRun: [ieswqMPFEaliD] C:\ProgramData\ieswqMPFEaliD.exe
uRun: [Lgilihepayuk] rundll32.exe "C:\Users\Matthew\AppData\Local\casayp2.dll",Startup
uRun: [Fnesozececisuw] rundll32.exe "C:\Users\Matthew\AppData\Local\otuyipidura.dll",Startup
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
BHO-X64: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110512002229.dll
BHO-X64: scriptproxy - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\mj4arz0f.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll
FF - plugin: C:\Users\Matthew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Matthew\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Matthew\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/05 09:36:01];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-11 355440]
R2 McMPFSvc;McAfee Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-11 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-11 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-11 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-10-11 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-10-11 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-11 149032]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-20 365952]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe [2011-2-5 689464]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-14 136176]
S2 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-11 355440]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-20 222512]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-14 136176]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
S4 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe -service --> C:\Windows\system32\dlbccoms.exe -service [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-05-20 23:23:09 -------- d-----w- C:\ComboFix218477C
2011-05-19 22:13:31 -------- d-----w- C:\Users\Matthew\AppData\Local\temp
2011-05-19 22:07:14 -------- d-----w- C:\ComboFix28698C
2011-05-19 21:46:48 -------- d-----w- C:\ComboFix2
2011-05-19 21:13:53 0 ---ha-w- C:\Users\Matthew\AppData\Local\Etatogajek.bin
2011-05-10 23:55:18 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-05-10 23:55:18 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-05-03 04:28:05 -------- d--h--w- C:\Users\Matthew\AppData\Local\Amazon
2011-04-26 23:48:35 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-26 23:48:35 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-26 23:48:26 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-26 23:48:26 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-04-26 23:48:26 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-04-26 23:48:26 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
.
==================== Find3M ====================
.
2011-04-15 17:58:35 691 ---ha-w- C:\Users\Matthew\AppData\Roaming\GetValue.vbs
2011-04-15 17:58:35 35 ---ha-w- C:\Users\Matthew\AppData\Roaming\SetValue.bat
2011-04-14 18:08:02 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-04-14 18:08:02 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-04-14 18:08:02 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-04-14 18:08:02 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-04-14 18:08:02 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-04-14 18:08:02 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-04-14 18:08:02 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-04-14 18:08:02 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-04-14 18:08:02 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-03-10 17:18:03 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-10 17:18:02 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-10 17:03:51 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 16:02:50 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-03 15:59:37 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59:36 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59:36 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42:03 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:46:31 2762240 ----a-w- C:\Windows\System32\win32k.sys
2011-03-02 16:12:21 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-02-24 16:38:07 991104 ----a-w- C:\Windows\System32\winresume.efi
2011-02-24 16:38:07 979840 ----a-w- C:\Windows\System32\winresume.exe
2011-02-24 16:37:57 1076608 ----a-w- C:\Windows\System32\winload.efi
2011-02-24 16:37:57 1063296 ----a-w- C:\Windows\System32\winload.exe
2011-02-24 16:37:53 20864 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-24 16:37:53 18816 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-24 16:37:53 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-22 14:47:08 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-22 14:13:01 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53:33 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-22 13:53:27 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-22 13:33:12 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-22 06:50:39 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-02-22 06:46:49 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-22 06:46:34 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-02-22 06:46:20 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-02-22 06:46:19 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-02-22 06:21:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-02-22 05:56:46 479232 ----a-w- C:\Windows\System32\html.iec
2011-02-22 05:20:39 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-22 05:15:51 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-02-22 05:14:35 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-22 04:43:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 23:52:23.48 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2009 11:46:12
System Uptime: 5/20/2011 18:40:41 (5 hours ago)
.
Motherboard: Hewlett-Packard | | 30FC
Processor: AMD Turion™ X2 Dual-Core Mobile RM-74 | Socket M2/S1G1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 111.218 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.037 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP306: 4/19/2011 19:26:00 - Scheduled Checkpoint
RP307: 4/27/2011 15:34:54 - Windows Update
RP308: 4/29/2011 20:24:35 - Scheduled Checkpoint
RP309: 5/5/2011 17:44:35 - Scheduled Checkpoint
RP310: 5/7/2011 15:26:27 - Scheduled Checkpoint
RP311: 5/10/2011 20:29:55 - Scheduled Checkpoint
RP312: 5/11/2011 22:07:22 - Windows Update
RP313: 5/14/2011 17:47:32 - Scheduled Checkpoint
RP314: 5/17/2011 20:15:23 - Scheduled Checkpoint
RP315: 5/19/2011 18:21:28 - Restore Operation
RP316: 5/19/2011 19:26:14 - Restore Operation
.
==== Installed Programs ======================
.
.
AAC Decoder
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Amazon Kindle
AMD USB Audio Driver Filter
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
AutoUpdate
AVS Media Player 3.1
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Driver Robot
ESU for Microsoft Vista
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart TV
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0129
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java™ 6 Update 15
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller
Juno Preloader
LabelPrint
Lexmark 640 Series
Metacafe
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MKV Splitter
Move Media Player
Mozilla Firefox (3.6.15)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetZero Preloader
Power2Go
PowerDirector
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Reg Tool
RPS CRT
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Shareaza 2.5.1.0
Skins
Slingbox - Watch Your TV Anywhere
SlingPlayer
SPORE Creature Creator Trial Edition
Super Crossword Creator 5.0.8
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
VC80CRTRedist - 8.0.50727.762
Verizon Internet Security Suite
Verizon Servicepoint 3.7.44
VoiceOver Kit
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/20/2011 19:43:27, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/20/2011 19:22:43, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/20/2011 19:22:40, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/20/2011 18:45:52, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0428) disappeared from the system without first being prepared for removal.
5/20/2011 18:45:52, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0028) disappeared from the system without first being prepared for removal.
5/20/2011 18:45:52, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0228) disappeared from the system without first being prepared for removal.
5/20/2011 18:45:52, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&3b4983b4&0&0328) disappeared from the system without first being prepared for removal.
5/20/2011 18:42:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep SASDIFSV SASKUTIL
5/20/2011 18:41:13, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Dell Photo Printer 720 with shared resource name Dell Photo Printer 720. Error 2114. The printer cannot be used by others on the network.
5/19/2011 20:10:17, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/19/2011 19:49:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/19/2011 19:49:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
5/19/2011 19:45:48, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep SASDIFSV SASKUTIL spldr Wanarpv6
5/19/2011 19:45:48, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/19/2011 19:45:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/19/2011 19:45:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/19/2011 19:45:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/19/2011 19:45:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
5/19/2011 19:45:00, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
5/19/2011 19:44:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/19/2011 18:01:17, Error: Application Popup [1060] - \??\C:\ComboFix2\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/17/2011 22:49:23, Error: disk [15] - The device, \Device\Harddisk1\DR1, is not ready for access yet.
5/17/2011 22:49:23, Error: disk [11] - The driver detected a controller error on \...\DR1.
5/15/2011 22:18:35, Error: EventLog [6008] - The previous system shutdown at 12:53:47 AM on 5/15/2011 was unexpected.
5/14/2011 10:03:39, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Matthew-PC\Matthew SID (S-1-5-21-1937645594-2378020060-2163045775-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Edited by Andrew, 21 May 2011 - 04:27 AM.
Mod Edit: Moved From Vista to MRL - AA


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:32 AM

Posted 21 May 2011 - 07:03 AM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 dadcruise86

dadcruise86
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 21 May 2011 - 11:27 PM

ComboFix 11-05-21.03 - Matthew 05/21/2011 23:45:48.5.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2687 [GMT -4:00]
Running from: C:\Users\Matthew\Desktop\cleanup\ComboFix2.exe
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))


2011-05-22 04:02:11 . 2011-05-22 04:02:11 -------- d-----w- C:\Users\Public\AppData\Local\temp
2011-05-22 04:02:11 . 2011-05-22 04:02:11 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-05-22 04:02:11 . 2011-05-22 04:02:11 -------- d-----w- C:\Users\AppData\AppData\Local\temp
2011-05-21 04:14:51 . 2010-12-20 22:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-21 04:14:48 . 2011-05-21 04:14:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-21 04:14:48 . 2010-12-20 22:08:40 24152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-05-19 22:13:31 . 2011-05-22 04:02:11 -------- d-----w- C:\Users\Matthew\AppData\Local\temp
2011-05-19 21:46:48 . 2011-05-19 22:03:44 -------- d-----w- C:\ComboFix2
2011-05-19 21:13:53 . 2011-05-19 21:13:53 0 ---ha-w- C:\Users\Matthew\AppData\Local\Etatogajek.bin
2011-05-10 23:55:18 . 2011-04-07 12:02:43 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-05-10 23:55:18 . 2011-04-07 12:01:52 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-05-03 04:28:30 . 2011-05-03 04:28:30 -------- d--h--w- C:\Users\Matthew\AppData\Roaming\Amazon
2011-05-03 04:28:05 . 2011-05-03 04:28:05 -------- d--h--w- C:\Users\Matthew\AppData\Local\Amazon
2011-04-26 23:48:35 . 2011-03-12 22:52:03 1653760 ----a-w- C:\Windows\system32\XpsPrint.dll
2011-04-26 23:48:35 . 2011-03-12 21:55:52 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-26 23:48:26 . 2011-03-03 15:59:49 32256 ----a-w- C:\Windows\system32\Apphlpdm.dll
2011-04-26 23:48:26 . 2011-03-03 15:40:13 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-04-26 23:48:26 . 2011-03-03 14:00:00 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-04-26 23:48:26 . 2011-03-03 13:35:36 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-15 17:58:35 . 2011-04-15 02:47:02 691 ---ha-w- C:\Users\Matthew\AppData\Roaming\GetValue.vbs
2011-04-15 17:58:35 . 2011-04-15 02:47:02 35 ---ha-w- C:\Users\Matthew\AppData\Roaming\SetValue.bat
2011-04-14 18:08:02 . 2010-10-11 19:25:11 9984 ----a-w- C:\Windows\system32\drivers\mfeclnk.sys
2011-04-14 18:08:02 . 2010-10-11 19:24:39 94992 ----a-w- C:\Windows\system32\drivers\mferkdet.sys
2011-04-14 18:08:02 . 2010-10-11 19:24:39 75160 ----a-w- C:\Windows\system32\drivers\mfenlfk.sys
2011-04-14 18:08:02 . 2010-10-11 19:24:39 530304 ----a-w- C:\Windows\system32\drivers\mfehidk.sys
2011-04-14 18:08:02 . 2010-10-11 19:24:39 283744 ----a-w- C:\Windows\system32\drivers\mfewfpk.sys
2011-04-14 18:08:02 . 2010-10-11 19:24:38 63056 ----a-w- C:\Windows\system32\drivers\cfwids.sys
2011-04-14 18:08:02 . 2010-10-11 19:24:38 441840 ----a-w- C:\Windows\system32\drivers\mfefirek.sys
2011-04-14 18:08:02 . 2010-10-11 19:24:38 190520 ----a-w- C:\Windows\system32\drivers\mfeavfk.sys
2011-04-14 18:08:02 . 2010-10-11 19:24:38 121376 ----a-w- C:\Windows\system32\drivers\mfeapfk.sys
2011-03-10 17:18:03 . 2011-04-15 02:04:16 1360384 ----a-w- C:\Windows\system32\mfc42u.dll
2011-03-10 17:18:02 . 2011-04-15 02:04:16 1398784 ----a-w- C:\Windows\system32\mfc42.dll
2011-03-10 17:03:51 . 2011-04-15 02:04:16 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 17:03:51 . 2011-04-15 02:04:16 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 16:02:50 . 2011-04-15 02:04:59 975872 ----a-w- C:\Windows\system32\inetcomm.dll
2011-03-03 15:59:37 . 2011-04-26 23:48:26 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59:36 . 2011-04-26 23:48:28 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59:36 . 2011-04-26 23:48:26 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42:03 . 2011-04-15 02:04:59 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 15:40:07 . 2011-04-26 23:48:26 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 . 2011-04-26 23:48:28 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:05 . 2011-04-26 23:48:26 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 15:40:04 . 2011-04-26 23:48:28 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:46:31 . 2011-04-15 02:04:47 2762240 ----a-w- C:\Windows\system32\win32k.sys
2011-03-02 16:12:21 . 2011-04-15 02:04:11 117760 ----a-w- C:\Windows\system32\dnsrslvr.dll
2011-02-24 16:38:07 . 2011-04-15 02:06:24 991104 ----a-w- C:\Windows\system32\winresume.efi
2011-02-24 16:38:07 . 2011-04-15 02:06:24 979840 ----a-w- C:\Windows\system32\winresume.exe
2011-02-24 16:37:57 . 2011-04-15 02:06:24 1076608 ----a-w- C:\Windows\system32\winload.efi
2011-02-24 16:37:57 . 2011-04-15 02:06:24 1063296 ----a-w- C:\Windows\system32\winload.exe
2011-02-24 16:37:53 . 2011-04-15 02:06:24 18816 ----a-w- C:\Windows\system32\kd1394.dll
2011-02-24 16:37:53 . 2011-04-15 02:06:23 20864 ----a-w- C:\Windows\system32\kdusb.dll
2011-02-24 16:37:53 . 2011-04-15 02:06:23 17792 ----a-w- C:\Windows\system32\kdcom.dll
2011-02-22 14:47:08 . 2011-03-23 00:04:59 479744 ----a-w- C:\Windows\system32\XpsGdiConverter.dll
2011-02-22 14:13:01 . 2011-03-23 00:04:59 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53:33 . 2011-03-23 00:04:59 1555968 ----a-w- C:\Windows\system32\DWrite.dll
2011-02-22 13:53:27 . 2011-03-23 00:04:59 1149440 ----a-w- C:\Windows\system32\FntCache.dll
2011-02-22 13:33:12 . 2011-03-23 00:04:59 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-22 06:50:39 . 2011-04-15 02:04:32 1147904 ----a-w- C:\Windows\system32\wininet.dll
2011-02-22 06:46:49 . 2011-04-15 02:04:29 56832 ----a-w- C:\Windows\system32\licmgr10.dll
2011-02-22 06:46:34 . 2011-04-15 02:04:29 1538560 ----a-w- C:\Windows\system32\inetcpl.cpl
2011-02-22 06:46:20 . 2011-04-15 02:04:28 132096 ----a-w- C:\Windows\system32\iesysprep.dll
2011-02-22 06:46:19 . 2011-04-15 02:04:27 77312 ----a-w- C:\Windows\system32\iesetup.dll
2011-02-22 06:21:28 . 2011-04-15 02:04:31 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-22 06:17:08 . 2011-04-15 02:04:27 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-22 06:16:53 . 2011-04-15 02:04:29 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-02-22 06:16:40 . 2011-04-15 02:04:27 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-02-22 06:16:40 . 2011-04-15 02:04:27 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-02-22 05:56:46 . 2011-04-15 02:04:28 479232 ----a-w- C:\Windows\system32\html.iec
2011-02-22 05:20:39 . 2011-04-15 02:04:28 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-22 05:15:51 . 2011-04-15 02:04:28 162816 ----a-w- C:\Windows\system32\ieUnatt.exe
2011-02-22 05:14:35 . 2011-04-15 02:04:26 1638912 ----a-w- C:\Windows\system32\mshtml.tlb
2011-02-22 04:43:54 . 2011-04-15 02:04:27 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-02-22 04:42:38 . 2011-04-15 02:04:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb


((((((((((((((((((((((((((((( SnapShot_2011-05-20_23.43.54 )))))))))))))))))))))))))))))))))))))))))

+ 2008-01-21 02:23:20 . 2011-05-22 03:33:43 60236 C:\Windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-17 23:57:14 . 2011-05-22 03:33:45 17216 C:\Windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1937645594-2378020060-2163045775-1000_UserData.bin
+ 2009-04-17 22:44:10 . 2011-05-22 03:55:53 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-17 22:44:10 . 2011-05-20 22:41:17 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-17 22:44:10 . 2011-05-20 22:41:17 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-17 22:44:10 . 2011-05-22 03:55:53 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-17 22:44:10 . 2011-05-20 22:41:17 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-17 22:44:10 . 2011-05-22 03:55:53 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-08 23:04:45 . 2011-05-20 00:07:02 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-08 23:04:45 . 2011-05-22 03:35:07 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-08 23:04:45 . 2011-05-20 00:07:02 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-08 23:04:45 . 2011-05-22 03:35:07 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-08 23:04:45 . 2011-05-20 00:07:02 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-08 23:04:45 . 2011-05-22 03:35:07 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 20:07:22 . 2011-05-22 03:30:33 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-29 20:07:22 . 2011-05-20 22:41:12 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-29 20:07:22 . 2011-05-20 22:41:12 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 20:07:22 . 2011-05-22 03:30:33 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-20 22:41:06 . 2011-05-20 22:41:06 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-22 03:30:26 . 2011-05-22 03:30:26 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-20 22:41:06 . 2011-05-20 22:41:06 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-22 03:30:26 . 2011-05-22 03:30:26 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 15:45:30 . 2011-05-20 22:42:58 101948 C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45:30 . 2011-05-22 03:33:44 101948 C:\Windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 12:46:18 . 2011-05-18 02:50:51 604502 C:\Windows\system32\perfh009.dat
+ 2006-11-02 12:46:18 . 2011-05-22 03:35:56 604502 C:\Windows\system32\perfh009.dat
- 2006-11-02 12:46:18 . 2011-05-18 02:50:51 104170 C:\Windows\system32\perfc009.dat
+ 2006-11-02 12:46:18 . 2011-05-22 03:35:56 104170 C:\Windows\system32\perfc009.dat
- 2011-02-09 14:19:40 . 2011-05-20 22:40:14 374716 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-09 14:19:40 . 2011-05-22 01:50:48 374716 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:51:33 138240]
"WMPNSCFG"="C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
"SpSgqCLLfWkq"="C:\ProgramData\SpSgqCLLfWkq.exe" [BU]
"ieswqMPFEaliD"="C:\ProgramData\ieswqMPFEaliD.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 19:25:24 432432]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2010-12-16 13:11:52 1488464]
"VerizonServicepoint.exe"="C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 16:56:32 4318520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R1 SASDIFSV;SASDIFSV;C:\Users\Matthew\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;C:\Users\Matthew\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 14:01:32 136176]
R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-04-08 07:47:42 355440]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 17:14:06 222512]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 14:01:32 136176]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [x]
R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys [x]
R3 SASENUM;SASENUM;C:\Users\Matthew\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 18:27:14 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys [x]
R4 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe [x]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/05 09:36:01];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 02:04:24 146928]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2008-01-21 02:50:24 27648]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-04-08 07:47:42 355440]
S2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-04-08 07:47:42 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-04-08 07:47:42 355440]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 18:08:02 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 18:08:02 149032]
S2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-12-03 02:28:22 365952]
S2 ServicepointService;ServicepointService;C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe [2011-01-10 16:56:36 689464]
S2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 01:13:08 296320]
S2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 01:13:08 116096]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [x]
S3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

Contents of the 'Scheduled Tasks' folder

2010-12-14 C:\Windows\Tasks\Driver Robot.job
- C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-05 01:23:02 . 2009-11-30 21:29:08]

2011-05-22 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 14:01:58 . 2011-05-14 14:01:32]

2011-05-22 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-14 14:01:58 . 2011-05-14 14:01:32]

2011-05-22 C:\Windows\Tasks\Reg Tool Startup.job
- C:\Program Files (x86)\Reg Tool\Reg Tool.exe [2009-11-23 17:49:40 . 2009-11-23 17:49:40]

2011-05-22 C:\Windows\Tasks\User_Feed_Synchronization-{F9AE37A1-703A-4142-A2D9-0DEDDD7756DB}.job
- C:\Windows\system32\msfeedssync.exe [2011-04-15 02:04:27 . 2011-02-22 04:43:04]


--------- x86-64 -----------


------- Supplementary Scan -------

uStart Page = hxxp://www.yahoo.com/?ilc=1
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\mj4arz0f.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Matthew\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:32 AM

Posted 22 May 2011 - 05:59 AM

Hi

It looks like part of that log has been cut off, if you have problems with pasting on the forum, then you can attach the log if you wish

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic398613.html/page__view__findpost__p__2258083

Collect::
C:\ProgramData\SpSgqCLLfWkq.exe
C:\ProgramData\ieswqMPFEaliD.exe

KillAll::

File::
C:\Users\Matthew\AppData\Local\Etatogajek.bin


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpSgqCLLfWkq"=-
"ieswqMPFEaliD"=-

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:32 AM

Posted 29 May 2011 - 01:11 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users