Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please analyze combofix


  • Please log in to reply

#1
zinzin1012

zinzin1012

    New Member

  • Member
  • Pip
  • 1 posts
ComboFix 12-07-10.01 - vcare 07/10/2012 15:04:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2161 [GMT -4:00]
Running from: c:\users\vcare\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Any Video To DVD DB Toolbar\tbHElper.dll
c:\program files (x86)\intellidownload\gunzip.exe
c:\program files (x86)\LP
c:\program files (x86)\LP\C7E9\1093.tmp
c:\program files (x86)\LP\C7E9\10C2.tmp
c:\program files (x86)\LP\C7E9\11CB.tmp
c:\program files (x86)\LP\C7E9\12E4.tmp
c:\program files (x86)\LP\C7E9\1426.tmp
c:\program files (x86)\LP\C7E9\167.tmp
c:\program files (x86)\LP\C7E9\17EC.tmp
c:\program files (x86)\LP\C7E9\18B4.tmp
c:\program files (x86)\LP\C7E9\1A25.tmp
c:\program files (x86)\LP\C7E9\1BC9.tmp
c:\program files (x86)\LP\C7E9\1CE2.tmp
c:\program files (x86)\LP\C7E9\1E0A.tmp
c:\program files (x86)\LP\C7E9\22B5.tmp
c:\program files (x86)\LP\C7E9\2327.tmp
c:\program files (x86)\LP\C7E9\242.tmp
c:\program files (x86)\LP\C7E9\2550.tmp
c:\program files (x86)\LP\C7E9\272E.tmp
c:\program files (x86)\LP\C7E9\2857.tmp
c:\program files (x86)\LP\C7E9\29FC.tmp
c:\program files (x86)\LP\C7E9\2CAA.tmp
c:\program files (x86)\LP\C7E9\2E0D.tmp
c:\program files (x86)\LP\C7E9\2ECF.tmp
c:\program files (x86)\LP\C7E9\30A0.tmp
c:\program files (x86)\LP\C7E9\30C.tmp
c:\program files (x86)\LP\C7E9\3246.tmp
c:\program files (x86)\LP\C7E9\3496.tmp
c:\program files (x86)\LP\C7E9\3986.tmp
c:\program files (x86)\LP\C7E9\3998.tmp
c:\program files (x86)\LP\C7E9\3A05.tmp
c:\program files (x86)\LP\C7E9\3C54.tmp
c:\program files (x86)\LP\C7E9\43D2.tmp
c:\program files (x86)\LP\C7E9\443E.tmp
c:\program files (x86)\LP\C7E9\4623.tmp
c:\program files (x86)\LP\C7E9\4827.tmp
c:\program files (x86)\LP\C7E9\4B1.tmp
c:\program files (x86)\LP\C7E9\4B2.tmp
c:\program files (x86)\LP\C7E9\54EF.tmp
c:\program files (x86)\LP\C7E9\5618.tmp
c:\program files (x86)\LP\C7E9\569A.tmp
c:\program files (x86)\LP\C7E9\5817.tmp
c:\program files (x86)\LP\C7E9\5887.tmp
c:\program files (x86)\LP\C7E9\5A35.tmp
c:\program files (x86)\LP\C7E9\5DB8.tmp
c:\program files (x86)\LP\C7E9\5F53.tmp
c:\program files (x86)\LP\C7E9\6350.tmp
c:\program files (x86)\LP\C7E9\6768.tmp
c:\program files (x86)\LP\C7E9\695.tmp
c:\program files (x86)\LP\C7E9\6C16.tmp
c:\program files (x86)\LP\C7E9\71A6.tmp
c:\program files (x86)\LP\C7E9\7296.tmp
c:\program files (x86)\LP\C7E9\76DD.tmp
c:\program files (x86)\LP\C7E9\7E4A.tmp
c:\program files (x86)\LP\C7E9\820D.tmp
c:\program files (x86)\LP\C7E9\823B.tmp
c:\program files (x86)\LP\C7E9\8729.tmp
c:\program files (x86)\LP\C7E9\8B5E.tmp
c:\program files (x86)\LP\C7E9\8BBC.tmp
c:\program files (x86)\LP\C7E9\8C19.tmp
c:\program files (x86)\LP\C7E9\8C1D.tmp
c:\program files (x86)\LP\C7E9\8C1E.tmp
c:\program files (x86)\LP\C7E9\8C28.tmp
c:\program files (x86)\LP\C7E9\90DA.tmp
c:\program files (x86)\LP\C7E9\9221.tmp
c:\program files (x86)\LP\C7E9\9263.tmp
c:\program files (x86)\LP\C7E9\9356.tmp
c:\program files (x86)\LP\C7E9\950D.tmp
c:\program files (x86)\LP\C7E9\9587.tmp
c:\program files (x86)\LP\C7E9\95C0.tmp
c:\program files (x86)\LP\C7E9\9672.tmp
c:\program files (x86)\LP\C7E9\97BC.tmp
c:\program files (x86)\LP\C7E9\9BAA.tmp
c:\program files (x86)\LP\C7E9\A000.tmp
c:\program files (x86)\LP\C7E9\A153.tmp
c:\program files (x86)\LP\C7E9\A351.tmp
c:\program files (x86)\LP\C7E9\A35F.tmp
c:\program files (x86)\LP\C7E9\A69B.tmp
c:\program files (x86)\LP\C7E9\AB29.tmp
c:\program files (x86)\LP\C7E9\ADA3.tmp
c:\program files (x86)\LP\C7E9\B089.tmp
c:\program files (x86)\LP\C7E9\B1D2.tmp
c:\program files (x86)\LP\C7E9\B2ED.tmp
c:\program files (x86)\LP\C7E9\B73D.tmp
c:\program files (x86)\LP\C7E9\BBF5.tmp
c:\program files (x86)\LP\C7E9\BE31.tmp
c:\program files (x86)\LP\C7E9\BE32.tmp
c:\program files (x86)\LP\C7E9\C44B.tmp
c:\program files (x86)\LP\C7E9\CAB2.tmp
c:\program files (x86)\LP\C7E9\CE04.tmp
c:\program files (x86)\LP\C7E9\CFE2.tmp
c:\program files (x86)\LP\C7E9\D934.tmp
c:\program files (x86)\LP\C7E9\D936.tmp
c:\program files (x86)\LP\C7E9\D9FA.tmp
c:\program files (x86)\LP\C7E9\DA01.tmp
c:\program files (x86)\LP\C7E9\DA06.tmp
c:\program files (x86)\LP\C7E9\DA66.tmp
c:\program files (x86)\LP\C7E9\DAD3.tmp
c:\program files (x86)\LP\C7E9\DB31.tmp
c:\program files (x86)\LP\C7E9\DDC.tmp
c:\program files (x86)\LP\C7E9\E511.tmp
c:\program files (x86)\LP\C7E9\E797.tmp
c:\program files (x86)\LP\C7E9\E7B0.tmp
c:\program files (x86)\LP\C7E9\E8AD.tmp
c:\program files (x86)\LP\C7E9\EE04.tmp
c:\program files (x86)\LP\C7E9\EF2D.tmp
c:\program files (x86)\LP\C7E9\F209.tmp
c:\program files (x86)\LP\C7E9\F30.tmp
c:\program files (x86)\LP\C7E9\F99A.tmp
c:\program files (x86)\LP\C7E9\FA64.tmp
c:\program files (x86)\LP\C7E9\FD70.tmp
c:\program files (x86)\LP\C7E9\FD71.tmp
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\programdata\22cd857d
c:\users\vcare\AppData\Local\assembly\tmp
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{23C24237-1DBE-4A6E-A573-3478C5D7D18A}.xps
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{26BD1A6B-6662-4F31-BD1A-9E356E42C472}.xps
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{623D266F-DEAC-4F58-BE04-5196D36FE3F6}.xps
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D59C01A-A30F-4CF7-BB1A-D6AFD5E7D104}.xps
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EB7A63C8-996E-4574-8A48-5C5CAE7B044B}.xps
c:\users\vcare\AppData\Local\Temp\7zS249E\HPSLPSVC64.DLL
c:\users\vcare\AppData\Roaming\cc352bd1
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}\chrome.manifest
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}\chrome\xulcache.jar
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}\defaults\preferences\xulcache.js
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}\install.rdf
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\searchplugins\bing-zugo.xml
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\searchplugins\SearchquWebSearch.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 19:11 . 2012-07-10 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-10 17:08 . 2012-07-10 17:08 -------- d-----w- c:\users\vcare\AppData\Roaming\Malwarebytes
2012-07-10 17:08 . 2012-07-10 17:08 -------- d-----w- c:\programdata\Malwarebytes
2012-07-10 16:45 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-10 16:45 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-10 16:34 . 2012-07-10 16:34 -------- d-----w- c:\programdata\HP
2012-07-06 14:24 . 2012-07-10 13:12 -------- d-----w- c:\program files (x86)\TorrentSearch
2012-07-06 14:24 . 2012-07-10 19:11 -------- d-----w- c:\program files (x86)\intellidownload
2012-07-06 14:07 . 2012-07-06 14:12 -------- d-----w- c:\programdata\HitmanPro
2012-07-05 22:46 . 2012-07-05 22:46 172098 ----a-w- C:\torrent.exe
2012-06-27 19:29 . 2012-06-27 19:29 -------- d-----w- c:\windows\PCHEALTH
2012-06-27 19:25 . 2012-06-27 19:25 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-27 19:24 . 2012-06-27 19:24 -------- d-----r- C:\MSOCache
2012-06-26 21:06 . 2012-06-26 21:06 -------- d-----w- c:\programdata\AVG
2012-06-26 20:53 . 2012-06-27 13:04 -------- d-----w- c:\users\vcare\AppData\Roaming\AVG
2012-06-26 20:08 . 2012-06-26 20:08 -------- d-----w- c:\users\vcare\AppData\Roaming\Sierra Wireless
2012-06-26 20:07 . 2010-09-09 16:24 190464 ----a-r- c:\windows\system32\drivers\agnfilt.sys
2012-06-26 20:06 . 2010-09-09 16:24 14848 ----a-w- c:\windows\system32\drivers\avpnnic.sys
2012-06-26 20:06 . 2012-07-06 20:39 -------- d-----w- c:\program files (x86)\AT&T Global Network Client
2012-06-26 20:06 . 2012-06-26 20:06 -------- d-----w- c:\programdata\AGNS
2012-06-26 13:24 . 2012-06-26 13:24 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-21 12:45 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 12:45 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 12:45 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 12:45 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 12:44 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 12:44 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 12:44 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 12:44 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 12:44 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 13:13 . 2012-06-20 13:13 -------- d-----w- c:\windows\en
2012-06-20 13:11 . 2012-06-20 13:11 -------- d-----w- c:\program files\Windows Live
2012-06-20 13:09 . 2012-06-20 13:09 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e86b64d01cd4ee501\DSETUP.dll
2012-06-20 13:09 . 2012-06-20 13:09 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e86b64d01cd4ee501\DXSETUP.exe
2012-06-20 13:09 . 2012-06-20 13:09 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e86b64d01cd4ee501\dsetup32.dll
2012-06-14 12:30 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 12:30 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 12:30 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 12:30 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 12:30 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 12:30 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 12:30 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 12:30 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 12:30 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 12:30 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 12:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 12:29 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 12:29 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 12:29 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 12:29 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 12:29 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 12:29 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"NetSP - restore settings on power failure"="c:\program files (x86)\AT&T Global Network Client\NetSP.exe" [2010-09-09 53600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-11 273544]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
IVANS Remote Access Monitor.lnk - c:\windows\Installer\{007AAB7C-E893-48BD-9DA2-7F417CA16322}\NetGM1_89563E53ECF44E868145468A128BDC83.exe [2012-6-26 91504]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
USB 2.0 Switch.lnk - c:\program files (x86)\USB-Switch\USwitch.exe [2010-10-11 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Gun;Gun;c:\windows\system32\Gun64.sys [2011-02-28 30840]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-10 1255736]
R4 Has4win_Synovate;HealthCare Synergy Synovate CAHPS Export;c:\program files (x86)\hcs\has4win\HealthCareSynergyService.exe [2012-02-17 19608]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 HSICahpsExporter;HealthCare Synergy CAHPS Exporter;c:\program files (x86)\hcs\has4win\HealthCareSynergyCAHPS_Service.exe [2012-02-17 19608]
S2 NetClientSvc;AT&T Global Network Client Service;c:\program files (x86)\AT&T Global Network Client\NetClientSvc.exe [2010-09-09 349536]
S2 NetLogSvc;AT&T Global Network Client Logging Service;c:\program files (x86)\AT&T Global Network Client\NetLogSvc.exe [2010-09-09 79200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75208999-3305582068-911843669-1000Core.job
- c:\users\vcare\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 20:15]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75208999-3305582068-911843669-1000UA.job
- c:\users\vcare\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 20:15]
.
2012-06-29 c:\windows\Tasks\HPCeeScheduleForvcare.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"combofix"="c:\combofix\CF1637.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{B0747BBE-F4EF-4F69-8586-50E27D5A7320}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e494aa5&v=7.007.026.001&i=27&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60828
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: AnyVideo To DVD DB Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: We-Care Reminder: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-RegistryBooster - c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe
Toolbar-10 - (no file)
HKLM-Run-PC-Doctor for Windows localizer - c:\program files\PC-Doctor for Windows\localizer.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=hex:51,66,7a,6c,4c,1d,38,12,70,b9,67,
0d,de,2a,b0,54,cd,b3,a7,77,53,86,d1,87
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c5,1e,
a0,e2,37,c6,09,de,93,cc,b9,8c,f1,55,01
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e0,e9,8e,b8,24,51,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\AT&T Global Network Client\netcfgsvr.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-07-10 15:57:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 19:57
.
Pre-Run: 431,708,307,456 bytes free
Post-Run: 432,926,896,128 bytes free
.
- - End Of File - - E9A39DA4C0F288A25E86FD78CD70E892
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP