Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2161 [GMT -4:00]
Running from: c:\users\vcare\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Any Video To DVD DB Toolbar\tbHElper.dll
c:\program files (x86)\intellidownload\gunzip.exe
c:\program files (x86)\LP
c:\program files (x86)\LP\C7E9\1093.tmp
c:\program files (x86)\LP\C7E9\10C2.tmp
c:\program files (x86)\LP\C7E9\11CB.tmp
c:\program files (x86)\LP\C7E9\12E4.tmp
c:\program files (x86)\LP\C7E9\1426.tmp
c:\program files (x86)\LP\C7E9\167.tmp
c:\program files (x86)\LP\C7E9\17EC.tmp
c:\program files (x86)\LP\C7E9\18B4.tmp
c:\program files (x86)\LP\C7E9\1A25.tmp
c:\program files (x86)\LP\C7E9\1BC9.tmp
c:\program files (x86)\LP\C7E9\1CE2.tmp
c:\program files (x86)\LP\C7E9\1E0A.tmp
c:\program files (x86)\LP\C7E9\22B5.tmp
c:\program files (x86)\LP\C7E9\2327.tmp
c:\program files (x86)\LP\C7E9\242.tmp
c:\program files (x86)\LP\C7E9\2550.tmp
c:\program files (x86)\LP\C7E9\272E.tmp
c:\program files (x86)\LP\C7E9\2857.tmp
c:\program files (x86)\LP\C7E9\29FC.tmp
c:\program files (x86)\LP\C7E9\2CAA.tmp
c:\program files (x86)\LP\C7E9\2E0D.tmp
c:\program files (x86)\LP\C7E9\2ECF.tmp
c:\program files (x86)\LP\C7E9\30A0.tmp
c:\program files (x86)\LP\C7E9\30C.tmp
c:\program files (x86)\LP\C7E9\3246.tmp
c:\program files (x86)\LP\C7E9\3496.tmp
c:\program files (x86)\LP\C7E9\3986.tmp
c:\program files (x86)\LP\C7E9\3998.tmp
c:\program files (x86)\LP\C7E9\3A05.tmp
c:\program files (x86)\LP\C7E9\3C54.tmp
c:\program files (x86)\LP\C7E9\43D2.tmp
c:\program files (x86)\LP\C7E9\443E.tmp
c:\program files (x86)\LP\C7E9\4623.tmp
c:\program files (x86)\LP\C7E9\4827.tmp
c:\program files (x86)\LP\C7E9\4B1.tmp
c:\program files (x86)\LP\C7E9\4B2.tmp
c:\program files (x86)\LP\C7E9\54EF.tmp
c:\program files (x86)\LP\C7E9\5618.tmp
c:\program files (x86)\LP\C7E9\569A.tmp
c:\program files (x86)\LP\C7E9\5817.tmp
c:\program files (x86)\LP\C7E9\5887.tmp
c:\program files (x86)\LP\C7E9\5A35.tmp
c:\program files (x86)\LP\C7E9\5DB8.tmp
c:\program files (x86)\LP\C7E9\5F53.tmp
c:\program files (x86)\LP\C7E9\6350.tmp
c:\program files (x86)\LP\C7E9\6768.tmp
c:\program files (x86)\LP\C7E9\695.tmp
c:\program files (x86)\LP\C7E9\6C16.tmp
c:\program files (x86)\LP\C7E9\71A6.tmp
c:\program files (x86)\LP\C7E9\7296.tmp
c:\program files (x86)\LP\C7E9\76DD.tmp
c:\program files (x86)\LP\C7E9\7E4A.tmp
c:\program files (x86)\LP\C7E9\820D.tmp
c:\program files (x86)\LP\C7E9\823B.tmp
c:\program files (x86)\LP\C7E9\8729.tmp
c:\program files (x86)\LP\C7E9\8B5E.tmp
c:\program files (x86)\LP\C7E9\8BBC.tmp
c:\program files (x86)\LP\C7E9\8C19.tmp
c:\program files (x86)\LP\C7E9\8C1D.tmp
c:\program files (x86)\LP\C7E9\8C1E.tmp
c:\program files (x86)\LP\C7E9\8C28.tmp
c:\program files (x86)\LP\C7E9\90DA.tmp
c:\program files (x86)\LP\C7E9\9221.tmp
c:\program files (x86)\LP\C7E9\9263.tmp
c:\program files (x86)\LP\C7E9\9356.tmp
c:\program files (x86)\LP\C7E9\950D.tmp
c:\program files (x86)\LP\C7E9\9587.tmp
c:\program files (x86)\LP\C7E9\95C0.tmp
c:\program files (x86)\LP\C7E9\9672.tmp
c:\program files (x86)\LP\C7E9\97BC.tmp
c:\program files (x86)\LP\C7E9\9BAA.tmp
c:\program files (x86)\LP\C7E9\A000.tmp
c:\program files (x86)\LP\C7E9\A153.tmp
c:\program files (x86)\LP\C7E9\A351.tmp
c:\program files (x86)\LP\C7E9\A35F.tmp
c:\program files (x86)\LP\C7E9\A69B.tmp
c:\program files (x86)\LP\C7E9\AB29.tmp
c:\program files (x86)\LP\C7E9\ADA3.tmp
c:\program files (x86)\LP\C7E9\B089.tmp
c:\program files (x86)\LP\C7E9\B1D2.tmp
c:\program files (x86)\LP\C7E9\B2ED.tmp
c:\program files (x86)\LP\C7E9\B73D.tmp
c:\program files (x86)\LP\C7E9\BBF5.tmp
c:\program files (x86)\LP\C7E9\BE31.tmp
c:\program files (x86)\LP\C7E9\BE32.tmp
c:\program files (x86)\LP\C7E9\C44B.tmp
c:\program files (x86)\LP\C7E9\CAB2.tmp
c:\program files (x86)\LP\C7E9\CE04.tmp
c:\program files (x86)\LP\C7E9\CFE2.tmp
c:\program files (x86)\LP\C7E9\D934.tmp
c:\program files (x86)\LP\C7E9\D936.tmp
c:\program files (x86)\LP\C7E9\D9FA.tmp
c:\program files (x86)\LP\C7E9\DA01.tmp
c:\program files (x86)\LP\C7E9\DA06.tmp
c:\program files (x86)\LP\C7E9\DA66.tmp
c:\program files (x86)\LP\C7E9\DAD3.tmp
c:\program files (x86)\LP\C7E9\DB31.tmp
c:\program files (x86)\LP\C7E9\DDC.tmp
c:\program files (x86)\LP\C7E9\E511.tmp
c:\program files (x86)\LP\C7E9\E797.tmp
c:\program files (x86)\LP\C7E9\E7B0.tmp
c:\program files (x86)\LP\C7E9\E8AD.tmp
c:\program files (x86)\LP\C7E9\EE04.tmp
c:\program files (x86)\LP\C7E9\EF2D.tmp
c:\program files (x86)\LP\C7E9\F209.tmp
c:\program files (x86)\LP\C7E9\F30.tmp
c:\program files (x86)\LP\C7E9\F99A.tmp
c:\program files (x86)\LP\C7E9\FA64.tmp
c:\program files (x86)\LP\C7E9\FD70.tmp
c:\program files (x86)\LP\C7E9\FD71.tmp
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\programdata\22cd857d
c:\users\vcare\AppData\Local\assembly\tmp
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{23C24237-1DBE-4A6E-A573-3478C5D7D18A}.xps
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{26BD1A6B-6662-4F31-BD1A-9E356E42C472}.xps
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{623D266F-DEAC-4F58-BE04-5196D36FE3F6}.xps
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D59C01A-A30F-4CF7-BB1A-D6AFD5E7D104}.xps
c:\users\vcare\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EB7A63C8-996E-4574-8A48-5C5CAE7B044B}.xps
c:\users\vcare\AppData\Local\Temp\7zS249E\HPSLPSVC64.DLL
c:\users\vcare\AppData\Roaming\cc352bd1
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}\chrome.manifest
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}\chrome\xulcache.jar
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}\defaults\preferences\xulcache.js
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\extensions\{392fc6ca-6986-4c63-9694-832e9274cef0}\install.rdf
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\searchplugins\bing-zugo.xml
c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\searchplugins\SearchquWebSearch.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 19:11 . 2012-07-10 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-10 17:08 . 2012-07-10 17:08 -------- d-----w- c:\users\vcare\AppData\Roaming\Malwarebytes
2012-07-10 17:08 . 2012-07-10 17:08 -------- d-----w- c:\programdata\Malwarebytes
2012-07-10 16:45 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-10 16:45 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-10 16:34 . 2012-07-10 16:34 -------- d-----w- c:\programdata\HP
2012-07-06 14:24 . 2012-07-10 13:12 -------- d-----w- c:\program files (x86)\TorrentSearch
2012-07-06 14:24 . 2012-07-10 19:11 -------- d-----w- c:\program files (x86)\intellidownload
2012-07-06 14:07 . 2012-07-06 14:12 -------- d-----w- c:\programdata\HitmanPro
2012-07-05 22:46 . 2012-07-05 22:46 172098 ----a-w- C:\torrent.exe
2012-06-27 19:29 . 2012-06-27 19:29 -------- d-----w- c:\windows\PCHEALTH
2012-06-27 19:25 . 2012-06-27 19:25 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-27 19:24 . 2012-06-27 19:24 -------- d-----r- C:\MSOCache
2012-06-26 21:06 . 2012-06-26 21:06 -------- d-----w- c:\programdata\AVG
2012-06-26 20:53 . 2012-06-27 13:04 -------- d-----w- c:\users\vcare\AppData\Roaming\AVG
2012-06-26 20:08 . 2012-06-26 20:08 -------- d-----w- c:\users\vcare\AppData\Roaming\Sierra Wireless
2012-06-26 20:07 . 2010-09-09 16:24 190464 ----a-r- c:\windows\system32\drivers\agnfilt.sys
2012-06-26 20:06 . 2010-09-09 16:24 14848 ----a-w- c:\windows\system32\drivers\avpnnic.sys
2012-06-26 20:06 . 2012-07-06 20:39 -------- d-----w- c:\program files (x86)\AT&T Global Network Client
2012-06-26 20:06 . 2012-06-26 20:06 -------- d-----w- c:\programdata\AGNS
2012-06-26 13:24 . 2012-06-26 13:24 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-21 12:45 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 12:45 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 12:45 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 12:45 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 12:44 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 12:44 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 12:44 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 12:44 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 12:44 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 13:13 . 2012-06-20 13:13 -------- d-----w- c:\windows\en
2012-06-20 13:11 . 2012-06-20 13:11 -------- d-----w- c:\program files\Windows Live
2012-06-20 13:09 . 2012-06-20 13:09 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e86b64d01cd4ee501\DSETUP.dll
2012-06-20 13:09 . 2012-06-20 13:09 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e86b64d01cd4ee501\DXSETUP.exe
2012-06-20 13:09 . 2012-06-20 13:09 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e86b64d01cd4ee501\dsetup32.dll
2012-06-14 12:30 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 12:30 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 12:30 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 12:30 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 12:30 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 12:30 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 12:30 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 12:30 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 12:30 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 12:30 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 12:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 12:29 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 12:29 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 12:29 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 12:29 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 12:29 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 12:29 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"NetSP - restore settings on power failure"="c:\program files (x86)\AT&T Global Network Client\NetSP.exe" [2010-09-09 53600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-11 273544]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
IVANS Remote Access Monitor.lnk - c:\windows\Installer\{007AAB7C-E893-48BD-9DA2-7F417CA16322}\NetGM1_89563E53ECF44E868145468A128BDC83.exe [2012-6-26 91504]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
USB 2.0 Switch.lnk - c:\program files (x86)\USB-Switch\USwitch.exe [2010-10-11 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Gun;Gun;c:\windows\system32\Gun64.sys [2011-02-28 30840]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-10 1255736]
R4 Has4win_Synovate;HealthCare Synergy Synovate CAHPS Export;c:\program files (x86)\hcs\has4win\HealthCareSynergyService.exe [2012-02-17 19608]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 HSICahpsExporter;HealthCare Synergy CAHPS Exporter;c:\program files (x86)\hcs\has4win\HealthCareSynergyCAHPS_Service.exe [2012-02-17 19608]
S2 NetClientSvc;AT&T Global Network Client Service;c:\program files (x86)\AT&T Global Network Client\NetClientSvc.exe [2010-09-09 349536]
S2 NetLogSvc;AT&T Global Network Client Logging Service;c:\program files (x86)\AT&T Global Network Client\NetLogSvc.exe [2010-09-09 79200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75208999-3305582068-911843669-1000Core.job
- c:\users\vcare\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 20:15]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75208999-3305582068-911843669-1000UA.job
- c:\users\vcare\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 20:15]
.
2012-06-29 c:\windows\Tasks\HPCeeScheduleForvcare.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"combofix"="c:\combofix\CF1637.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/anyvideo2dvd/{B0747BBE-F4EF-4F69-8586-50E27D5A7320}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\vcare\AppData\Roaming\Mozilla\Firefox\Profiles\jt1ddxp3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e494aa5&v=7.007.026.001&i=27&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60828
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: AnyVideo To DVD DB Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: We-Care Reminder: wecarereminder@bryan - %profile%\extensions\wecarereminder@bryan
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-RegistryBooster - c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe
Toolbar-10 - (no file)
HKLM-Run-PC-Doctor for Windows localizer - c:\program files\PC-Doctor for Windows\localizer.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=hex:51,66,7a,6c,4c,1d,38,12,70,b9,67,
0d,de,2a,b0,54,cd,b3,a7,77,53,86,d1,87
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98,
37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c5,1e,
a0,e2,37,c6,09,de,93,cc,b9,8c,f1,55,01
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e0,e9,8e,b8,24,51,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\AT&T Global Network Client\netcfgsvr.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-07-10 15:57:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 19:57
.
Pre-Run: 431,708,307,456 bytes free
Post-Run: 432,926,896,128 bytes free
.
- - End Of File - - E9A39DA4C0F288A25E86FD78CD70E892