Thanks
Ran requested program Combofix.
Log attached
Thanks for your assistance
Ted
ComboFix 12-04-13.01 - HP_Owner 04/13/2012 22:47:37.1.1 - x86
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\Application Data\DragToDiscUserNameL.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Owner\Application Data\inst.exe
c:\documents and settings\HP_Owner\Application Data\PriceGong
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\1.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\10.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\1029.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\1730.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\2256.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\3631.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\4378.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\a.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\b.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\c.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\d.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\e.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\f.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\g.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\h.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\i.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\j.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\k.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\l.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\m.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\n.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\o.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\p.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\q.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\r.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\s.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\t.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\u.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\v.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\w.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\x.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\y.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\z.txt
c:\documents and settings\HP_Owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\HP_Owner\Application Data\vso_ts_preview.xml
c:\documents and settings\HP_Owner\System
c:\documents and settings\HP_Owner\System\win_qs8.jqx
c:\documents and settings\HP_Owner\WINDOWS
C:\prefs.js
c:\program files\Adware Lite
c:\program files\Adware Lite\noadware4_112509.na
c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
c:\windows\$NtUninstallKB10083$\1200384182
c:\windows\$NtUninstallKB10083$\1703101152\@
c:\windows\$NtUninstallKB10083$\1703101152\cfg.ini
c:\windows\$NtUninstallKB10083$\1703101152\Desktop.ini
c:\windows\$NtUninstallKB10083$\1703101152\L\beuximqp
c:\windows\$NtUninstallKB10083$\1703101152\oemid
c:\windows\$NtUninstallKB10083$\1703101152\U\00000001.@
c:\windows\$NtUninstallKB10083$\1703101152\U\00000002.@
c:\windows\$NtUninstallKB10083$\1703101152\U\00000004.@
c:\windows\$NtUninstallKB10083$\1703101152\U\80000000.@
c:\windows\$NtUninstallKB10083$\1703101152\U\80000004.@
c:\windows\$NtUninstallKB10083$\1703101152\U\80000032.@
c:\windows\$NtUninstallKB10083$\1703101152\version
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 02:43 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-04-13 01:31 . 2012-04-13 01:31 -------- d-----w- c:\documents and settings\HP_Owner\AppData
2012-04-10 22:23 . 2012-04-10 22:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-10 13:22 . 2012-04-10 13:22 -------- d-----w- C:\temp
2012-04-10 04:04 . 2012-04-10 04:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-04-06 17:38 . 2012-04-06 17:39 -------- d-----w- c:\program files\Creative
2012-03-16 04:02 . 2012-03-16 04:04 -------- dc-h--w- c:\windows\ie8
2012-03-16 03:24 . 2012-03-16 03:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\PCPro
2012-03-16 03:24 . 2012-03-16 03:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\PC Cleaners
2012-03-16 03:24 . 2012-03-16 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2012-03-16 02:13 . 2012-03-16 02:13 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\LogiShrd
2012-03-16 02:11 . 2009-04-30 22:55 2687512 ----a-w- c:\windows\system32\drivers\LV302V32.SYS
2012-03-16 02:10 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 03:23 . 2009-02-24 00:27 3979536 ----a-w- c:\windows\uninst.exe
2012-03-01 11:01 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 18:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-04 11:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-04 11:00 385024 ------w- c:\windows\system32\html.iec
2012-02-24 14:13 . 2012-01-07 07:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2004-08-04 11:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-19 05:30 . 2009-02-12 11:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-19 05:30 . 2010-06-21 21:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-05-12 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-31 39408]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-21 1625024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-26 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 2742272]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-11-06 229376]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-16 113664]
cpeupdate.lnk - l:\media\Xtras\ShareIns\cpeupdate.exe [N/A]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Alexandria v5 Folder\\Alexandria.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Freemake\\Freemake Video Downloader\\FreemakeVD.exe"=
"c:\\Documents and Settings\\HP_Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2/24/2009 12:05 AM 4064]
R2 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/6/2009 7:24 PM 8768]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [11/18/2011 10:02 AM 8704]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 5:23 PM 35088]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2011 11:49 PM 136176]
S2 PMP;Password Manager Pro;"c:\program files\PMP\bin\wrapper.exe" -s "c:\program files\PMP\conf\wrapper.conf" --> c:\program files\PMP\bin\wrapper.exe [?]
S3 2a60e5cf-b147-4f51-8105-f27ceeb83f5d;2a60e5cf-b147-4f51-8105-f27ceeb83f5d;\??\e:\cds300\cds300.dll --> e:\cds300\cds300.dll [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\HP_Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\HP_Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2011 11:49 PM 136176]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/20/2009 9:52 PM 47360]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/8/2011 8:30 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
remotelyanywhere
ndasscsi
P16X
xpadminserver
ooclevercacheagent
wanminiportservice
SRTSP
mxssvr
enecbpth
AsIO
kpfwsvc
hpwirelessmgr
SetupNT
slabser
SABProcEnum
sffp_sd
USB28xxOEM
ikfilesec
qconsvc
mrpostman
gotomypc
mldserv
RESMGR
nsctop
mi-raysat_3dsmax9_32
W700obex
LMouFilt
p17xfilt
SED133x
svv
W700bus
NAL
DumaNT
dlaudfam
LMIRfsDriver
vncmirror
CnxtHdAudService
wpsscannersvc
clsched
aksusb
STV680
itmrtsvc
epsonbidirectionalservice
sisperf
wlancig
licensemanagersocket
aswupdsv
atitool
smartlinkservice
giveio
se59nd5
plsremotesvc
rampartsvc
ssoftservice
iaimfp0
thpsrv
NOWMEMDF
Blfp
sdhelper
StickyMesger
superproserver
k750obex
apache2
mpfirewl
deltafw
ntrtscan
nsm1mdm
vpctcom
eskerlicensecontrol
RTSTOR
hf30service
isdrv120
bdss
pavdrv
sit_bus
ibmsmbus
BCM43XV
bdrsdrv
elservice
eliservice
s116mgmt
mclserviceatl
tvald
tvtnetwk
oracleorahomepagingserver
RR2IOMod
se44mgmt
comhost
s3ssavage
tng-dts
gemserv
macformatservice
minilog
elosystemservice
rt73
ngserver
keriomailserver
db2
SE2Dmgmt
catchme
a016mdm
LHidKe
prtg4service
SNC
mdvrmng
NWSIPX32
vmauthdservice
PSSdk21
PSI_SVC_2
PSDFilter
CAMCAUD
DcPTP
s117mgmt
se59bus
mssql$sqlexpress
backupexecrpcservice
SISNICXP
rtm
U81xmgmt
tones
se45obex
a8djavs
HBtnKey
ACDaemon
roxupnprenderer
netcfgsvr
PPPoEWin
DMUSBUSBDCam
savrtpel
ngdbserv
rrspy
lvtuner
rnadirectory
stcagent
nsm1mdfl
SANDRA
nim32
sdcoreservice
as32svc
LoopBeMidi1
incdpass
pdagent
symappcore
ikhfile
bgsvcgen
idechndr
acs
serenum
SPFDRV
inort
tdsmapi
pdlnatcm
NICM
kbfiltr
UimBus
scanexplicit
https-nassry
CTEAPSFX.DLL
Freedom
bdselfpr
tosrfsnd
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-31 23:21]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-20 03:49]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-20 03:49]
.
2011-01-18 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-09-21 00:57]
.
2012-04-14 c:\windows\Tasks\User_Feed_Synchronization-{B4CA62CA-3590-442A-BC81-E6C22B42EA06}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2011-02-11 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-07-31 23:18]
.
2011-01-06 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-07-31 23:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
Yahoo!
IE: Free YouTube Download - c:\documents and settings\HP_Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\HP_Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 64.71.255.198
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-HP Lamp - c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
SafeBoot-Lavasoft Ad-Aware Service
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2012-04-13 23:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB10083$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,fe,17,f2,7f,96,05,45,a1,84,26,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,fe,17,f2,7f,96,05,45,a1,84,26,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\devldr32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\HPZipm12.exe
c:\documents and settings\HP_Owner\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2012-04-13 23:31:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 03:30
.
Pre-Run: 94,904,041,472 bytes free
Post-Run: 95,461,847,040 bytes free
.
- - End Of File - - 0F2C0DBA6C34A61BA35FD42A7E1FDA6E
