ComboFix 12-05-16.02 - Owner 05/16/2012  22:58:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1006 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFscript.txt
AV: Trend Micro AntiVirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Owner\AppData\Local\Temp\msimg32.dll"
"c:\windows\system32\GT891x.dll"
"c:\windows\system32\z800mdfl.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\windows
c:\windows\$NtUninstallKB8191$
c:\windows\$NtUninstallKB8191$\1397690455
c:\windows\$NtUninstallKB8191$\684996395\@
c:\windows\$NtUninstallKB8191$\684996395\cfg.ini
c:\windows\$NtUninstallKB8191$\684996395\Desktop.ini
c:\windows\$NtUninstallKB8191$\684996395\L\qnbwvoto
c:\windows\$NtUninstallKB8191$\684996395\oemid
c:\windows\$NtUninstallKB8191$\684996395\U\00000001.@
c:\windows\$NtUninstallKB8191$\684996395\U\00000002.@
c:\windows\$NtUninstallKB8191$\684996395\U\00000004.@
c:\windows\$NtUninstallKB8191$\684996395\U\80000000.@
c:\windows\$NtUninstallKB8191$\684996395\U\80000004.@
c:\windows\$NtUninstallKB8191$\684996395\U\80000032.@
c:\windows\$NtUninstallKB8191$\684996395\version
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\GT891x.dll
c:\windows\system32\service
c:\windows\system32\service\11012012_TIS17_SfFniAU.log
c:\windows\system32\z800mdfl.dll
D:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cdvp
-------\Service_NwSapAgent
-------\Service_proxyhostdriver
.
.
(((((((((((((((((((((((((   Files Created from 2012-04-17 to 2012-05-17  )))))))))))))))))))))))))))))))
.
.
2012-05-17 06:12 . 2012-05-17 06:12	--------	d-----w-	c:\users\IUSR_NMPR\AppData\Local\temp
2012-05-17 06:12 . 2012-05-17 06:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-14 21:31 . 2012-05-14 21:31	--------	d-----w-	C:\NBRT
2012-05-10 19:26 . 2012-03-20 23:28	53120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-10 19:26 . 2012-03-30 12:39	905600	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-10 19:25 . 2012-02-01 15:11	1218048	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 19:25 . 2012-02-01 15:10	983040	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 19:25 . 2012-02-01 15:10	964608	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 19:25 . 2012-02-01 15:10	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 19:25 . 2012-02-01 15:10	1404928	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-10 19:25 . 2012-02-01 13:58	47104	----a-w-	c:\program files\Windows Journal\PDIALOG.exe
2012-05-10 19:25 . 2012-03-01 14:46	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-05-10 19:25 . 2012-03-01 14:46	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-05-10 19:25 . 2012-02-29 14:08	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-05-10 19:25 . 2012-02-29 13:44	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-05-10 19:25 . 2012-02-29 13:41	1069056	----a-w-	c:\windows\system32\DWrite.dll
2012-05-10 19:24 . 2012-04-03 08:16	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-10 19:24 . 2012-04-03 08:16	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-10 19:24 . 2012-04-02 13:36	2044928	----a-w-	c:\windows\system32\win32k.sys
2012-04-26 02:26 . 2012-04-26 02:26	--------	d-----w-	c:\users\Owner\AppData\Roaming\Blackberry Desktop
2012-04-26 02:20 . 2012-04-26 02:20	--------	d-----w-	c:\users\Owner\AppData\Local\Research In Motion
2012-04-26 02:20 . 2012-04-26 02:21	--------	d-----w-	c:\users\Owner\AppData\Roaming\Research In Motion
2012-04-25 22:44 . 2011-07-20 22:13	35328	----a-w-	c:\windows\system32\drivers\RimSerial.sys
2012-04-25 22:43 . 2012-04-27 18:05	--------	d-----w-	c:\program files\Common Files\Research In Motion
2012-04-25 22:12 . 2009-06-12 11:18	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-04-25 22:11 . 2012-04-25 22:11	--------	d-----w-	c:\windows\system32\drivers\NBRTWizard
2012-04-25 22:11 . 2012-04-25 22:11	--------	d-----w-	c:\program files\Norton Bootable Recovery Tool Wizard
2012-04-25 22:11 . 2012-05-10 15:33	--------	d-----w-	c:\users\Owner\AppData\Local\CrashDumps
2012-04-25 19:56 . 2012-04-25 19:56	--------	d-----w-	c:\users\Owner\AppData\Roaming\FixZeroAccess
2012-04-25 18:11 . 2012-04-25 18:11	336	----a-w-	c:\program files\temp995.bat
2012-04-25 17:52 . 2012-04-25 17:52	--------	d-----w-	c:\users\Owner\AppData\Local\Seven Zip
2012-04-25 17:40 . 2012-04-25 17:40	46640	----a-w-	c:\windows\system32\msln.exe
2012-04-25 17:39 . 2012-04-25 17:40	101150	----a-w-	c:\windows\system32\drivers\SMR250.dat
2012-04-25 16:18 . 2012-04-25 16:18	83064	----a-w-	c:\windows\system32\drivers\SMR250.SYS
2012-04-25 16:18 . 2012-05-12 20:58	--------	d-----w-	c:\users\Owner\AppData\Local\NPE
2012-04-23 22:34 . 2012-05-10 16:43	--------	d-----w-	c:\windows\system32\drivers\NAV\1307000.009
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 23:04 . 2009-09-11 01:45	72192	----a-w-	c:\windows\system32\drivers\tdx.sys
2012-05-09 22:59 . 2011-06-16 03:28	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2012-04-12 20:20 . 2012-04-12 20:20	141944	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-13 10:03 . 2012-03-13 10:03	161792	----a-w-	c:\windows\system32\msls31.dll
2012-03-13 10:03 . 2012-03-13 10:03	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-03-13 10:03 . 2012-03-13 10:03	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-03-13 10:03 . 2012-03-13 10:03	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-03-13 10:03 . 2012-03-13 10:03	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-03-13 10:03 . 2012-03-13 10:03	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-03-13 10:03 . 2012-03-13 10:03	367104	----a-w-	c:\windows\system32\html.iec
2012-03-13 10:03 . 2012-03-13 10:03	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-03-13 10:03 . 2012-03-13 10:03	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-13 10:03 . 2012-03-13 10:03	152064	----a-w-	c:\windows\system32\wextract.exe
2012-03-13 10:03 . 2012-03-13 10:03	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-03-13 10:03 . 2012-03-13 10:03	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-03-13 10:03 . 2012-03-13 10:03	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-03-13 10:03 . 2012-03-13 10:03	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-03-13 10:03 . 2012-03-13 10:03	11776	----a-w-	c:\windows\system32\mshta.exe
2012-03-13 10:03 . 2012-03-13 10:03	101888	----a-w-	c:\windows\system32\admparse.dll
2012-03-13 10:03 . 2012-03-13 10:03	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-03-08 22:38 . 2011-08-29 06:41	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 19:49 . 2010-06-01 15:30	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-29 15:11 . 2012-04-11 10:14	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-11 10:14	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-11 10:14	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-11 10:14	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-11 10:14	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-11 10:14	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 10:14	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-11 10:14	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2007-07-31 23:16 . 2007-07-31 23:16	1329304	----a-w-	c:\program files\sfdrvup.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-16 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"Webroot Desktop Firewall"="c:\program files\Webroot\Webroot Desktop Firewall\WDF.exe" [2008-07-31 2401672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"CenturyLinkTouchPointAgent"="c:\program files\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" [2012-03-08 46720]
"QuickCare"="c:\program files\CenturyLink\QuickCare\bin\sprtcmd.exe" [2011-06-07 206120]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WkCalRem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-17 21504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-11 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk \0SsiEfr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-336559941-1480386105-577895080-1001]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-336559941-1480386105-577895080-500]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
qbfcservice
CXTUNE
rkhdrv31
avgfwsrv
richvideo
svv
rp32service
stirusb
autocomplete
umwdf
isdrv122
ersvc
symc810
lxct_device
NICSer_WPC300N
rpcnet
hSONYPVh
Appn
streamloadservice
nvata
AsDsm
U2SP
sprtsvc_smartagent
vmnetdhcp
lvckap
SaiNtSub
M2500
FA312
atixsaudio
OneCareMP
lgsnd_filter
dlcq_device
se26unic
WaveFDE
nvrd32
lmimaint
tb2launch
motoswitchservice
InCDsrvR
FET5X86V
mysqlinventime
vstor2
mf
cebdaldr
wlancfg
savscan
asc3350p
smartwiservice
aliadwdm
SE2Emgmt
psdvdisk
incdfs
USBDeviceService
websenseuserservice
iomdisk
cdfsvc
rsvchost
pdframe
cimnotify
idebusdr
bdselfpr
ghoststartservice
ZDCNDIS5
apache
alim1541
CX23880
veteboot
mcontrol
{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
sansaservice
nimcdldu
ibmsmbus
mvserver
EpmShd
axskbus
dac960nt
AlteraByteBlaster
qkbfiltr
ctxcpusched
eSettingsService
msftesql
vhidmini
procdd
tfsnudfa
EAWDMFD
senfilt
pae_1394
rbfilter
sfusvc
umxfwhlp
XilinxPC4Driver
vaiomediaplatform-integratedserver-http
fips
F700imd
EL90X
mksupdateint
WUSB54GCSVC
govsrv
teefer2
tvtfilter
ROOTUSB
smwdm
cbidf
fsdfwd
usbmate
pdlnebas
iaimfp4
SE2Emdm
roxmediadb
WINIO
w810mgmt
elbycdio
nwlnkspx
ssdiagn
symidsco
SymIMMP
ageremodemaudio
lemsgt
licenseservice
roammgr
nbservice
cqmgstor
vulfntrs
omniserv
antivirscheduler
SE27bus
thinkpadmodemservice
wm
OEM02Vfx
LHidKe
PhilCam8116
IPSECSHM
evteng
dnserver32
se45nd5
DcCam
TdmService
acdservice
btdriver
sqlagent$pinnaclesys
ibmfilter
RESMGR
ati2mpaa
mgabg
Wpsnuio
tandpl
GTPTSER
ATMsrvc
HFACSVC
WSIMD
intcazaudaddservice
w550mgmt
netdevio
awlegacy
VNUSB
ovsecurityserver
soma
pnrouter
VAIOMediaPlatform-PhotoServer-UPnP
pacsptisvr
nvlddmkm
pxfhbus
caisafe
hsf_msft
hsfhwbs2
dcfssvc
WimFltr
pchost
Defrag32
qmofiltr
lxcg_device
NVENET
avgascln
pnkbstra
sfhlp01
wap3gx
slssvc
MA8032M
atirage3
lcs
wacommousefilter
AVRec
VX1000
mpfirewl
ooclevercacheagent
emu10k
milshieldcleaner
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
cwcpsvc20
pnmsrv
ikfilesec
LHidFilt
hwdatacard
mssqlserveradhelper
avg7alrt
amoagent
haspnt
ownershipprotocol
CTDevice_Srv
efs
AR5416
elosystemservice
dlcj_device
NeroMediaHomeService.4
tga
3combootp
appnnode
XTrapD12
ESDCR
msdv
NIPALK
DivisCTP
3comtftp
oracleformsserver-forms60server-oraform
cxlpt
vaiomediaplatform-musicserver-appserver
iaimfp0
oraclewebassistant
avidsdmservice
msmpsvc
CTMSHD
mod7700
dot4scan
VCAM
wencrservice
Ndismeetro
tsircsrv
df5serv
eamon
ZTEusbmdm6k
fcprintservice
USA49W2KP
SE2Dmdfl
logmein
Amsmpu4p
RTSTOR
MobilePreInstallerService
profos
ABVPN2K
ipsecmon
CoachAud
Bcim
gtndis5
SunkFilt39
dm1service
was
ifxspmgtsrv
regmanserv
softfax
purgeieservice
DKbFltr
pav_service
elservice
tzontservice
Sntnlusb
cqmgserv
PSSdk21
CT20XUT.DLL
RTHDMIAzAudService
KLOGNT
pdlndint
wg6n
hcmon
cdrbsdrv
pavreport
utilman
nmwcd
retinaengine
Hotkey
zebrsce
U81xmgmt
MpFilter
nvpvrmon
SQTECH905C
svcwmu
com4qlb
se45mgmt
dktknsrv
kbfiltr
lxrjd31d
k56
dmio
giveio
tifm
uscbs108
ROB_V
symsecureport
SunkFilt
kbstuff
SECYPUSB
symdns
samfilt
DeviceScanner
AsusACPI
NETw3x32
aha154x
lhidusb
askernel
RR2IOMod
BrScnUsb
vetfddnt
win32sl
vwlogger
NuidFltr
zpnodecollector
VAIOMediaPlatform-MusicServer-HTTP
nvsmu
minilog
ossrv
winproxy
se58obex
epson_pm_rpcv2_02
st330service
mwspollserver
wlancig
emclisrv
symredrv
pdlndtdl
psadd
adiusbaw
nmservice
rwbackupsrv
MQAC
TUWinStylerThemeSvc
rismxdp
transarcafsdaemon
oraclexeclragent
oracleservicelocalora
snoopfree
F700iob
LCcfltr
VRcore
icam4usb
MSW_USB
mnmsrvc
se2End5
epoxusdm
tpsrv
swmsflt
eliservice
lktimesync
ss_bus
ctxhttp
iaimtv0
NVR0Dev
dlbt_device
A88xEnc
isdrv120
rchost
maya70docserver
ELhid
starwindservice
ZD1211BU(ZyDAS)
MREMP50a64
iwebmsg
ageresoftmodem
hap16v2k
Sk99202k
nidomainservice
stacsv
bthidmgr
UBHelper
dimension4
viagfx
akshasp
agnfilt
trackcam4
dptrackerd
getPlusHelper
symantecantibotfilter
SE2Dmgmt
cq_mem
Via4in1
trioservice
sonywbms
nimdbgk
emupia
atiavpci
z525bus
oraclesnmppeerencapsulator
UsbserFilt
transbaseservice
msvsmon90
messenger
vmware
VC6SecS
lckfldservice
z525obex
s125obex
mxnic
awecho
datasvr2
W55U01
sp_rssrv
rnadiagnosticsservice
jobserver_report
psasrv
IPFilter
sandboxu
rtm
nv4
ntcharge
mafwboot
mwsarcpkt
mfehidk
ivscheduler
ccevtmgr
mssql$pinnaclesys
SE2Bmdm
cdralw2k
XFX_program
symfw
USIUDF
padfsvr
SE2Bmdfl
cpqfws2e
msk80service
pdlnsx25
aolavupd
mssql$microsoftbcm
SaiNtBus
MRENDIS5
dlabmfsm
netdetect
wusb54gv2svc
jconfigd
atfsd
nipsvc
utscsi
U81xmdfl
Intels51
SWNC8U20
dlapoolm
PolarUSB
int15
SSFS0BB9
passthru
3dkeybd
tfsnudf
dot4print
RioS30
TryAndDecideService
adiloader
EIO
gmer
nvgts
nmap
cmudau
ROCKEYNT
avgclean
MSIRCOMM
nicconfigsvc
Afc
s716unic
MailService
ELkbd
elnkfwppservice
s616mgmt
EMATCORE
mcredirector
Epfwndis
osanbm
hpconfig
tsmapip
earthlinksafeconnectagent
dcpflics
ltxred
ATSWPDRV
cwafadmincontroller
owstimer
oracleorahome92pagingserver
interactivelogon
dcevt32
SaiClass
digirefresh
ndiscm
nsm1mdfl
UMAXPCLS
SABProcEnum
clientservice
mfesmfk
cfgwzsvc
msvad_simple
RMSvc
elbydelay
tphdexlgsvc
bobo
btwhid
co_mon
sysmonlog
appdrv
lockmgr
tnbrlds
atinrvxx
ccproxy
spcstb
naiavfilter1
hpn
L8042Kbd
WNCPKT
wudfpf
vmodem
websensecommunicationagent
kraidsvc
mcafeeframework
StkScan
amdk77
LMouFilt
NOWMEMDF
ativraxx
MXOFX
vet-filt
AMDPCI
roxliveshare9
digictrl
ErrDev
snapman380
agnwifi
GTWModem
pcnet
cltnetcnservice
pshost
npkcmsvc
lbtserv
webdriveservice
DNE
s217mgmt
pfmodnt
spkrmon
ASFWHide
acsvc
npkcsvc
SE2Bobex
lilsgt
LMS
lvcomser
smserial
Evian
wlluc48
rrrspy
SMCB000
iap
mctskshd.exe
bgs_sdservice
AVerBDA
mdm
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-08 06:42]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 18:34]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-02 18:34]
.
2012-05-17 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mycenturylink.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5438
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Qwest Personal Digital Vault - c:\program files\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe
MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\CenturyLink\QuickCare\bin\sprtsvc.exe
c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
c:\program files\CenturyLink\QuickCare\bin\tgsrvc.exe
c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\zHotkey.exe
c:\windows\ModPS2Key.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
.
**************************************************************************
.
Completion time: 2012-05-16  23:22:21 - machine was rebooted
ComboFix-quarantined-files.txt  2012-05-17 06:22
.
Pre-Run: 212,480,073,728 bytes free
Post-Run: 215,967,490,048 bytes free
.
- - End Of File - - CE9127CADBBFC2FC68705BF0D9E68C93