Here is the Combofix log
ComboFix 12-07-21.01 - Hal 07/22/2012 22:24:04.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1561 [GMT -6:00]
Running from: c:\users\Hal\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\ShOPathometoolbar.dll
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\ToOLbar32.dll
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\users\Hal\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\Hal\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\windows\system\CW3215.DLL
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 04:41 . 2012-07-23 04:42 -------- d-----w- c:\users\Hal\AppData\Local\temp
2012-07-23 04:41 . 2012-07-23 04:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-23 04:41 . 2012-07-23 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 03:57 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3205BF1C-B83C-498C-B1EA-23F94AA3D5C5}\mpengine.dll
2012-07-20 19:52 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 19:28 . 2012-07-20 19:28 100864 ----a-w- C:\pwldipow.sys
2012-07-11 12:15 . 2012-07-11 12:15 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-11 11:36 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:34 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-11 11:34 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-11 11:34 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-11 11:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-11 11:11 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-11 11:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-11 11:11 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-11 08:22 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 08:22 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-11 08:22 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 08:22 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 08:22 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:22 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 08:21 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 08:21 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 08:21 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 08:21 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-07-11 08:21 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-07-11 08:21 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-07-10 14:23 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-07-10 14:23 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-07-10 14:23 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-07-10 14:23 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-07-10 14:23 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-07-10 14:23 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-07-10 14:23 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-07-10 14:23 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-07-10 14:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-07-10 14:21 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-07-10 14:21 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-07-10 14:21 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-07-10 14:21 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-07-10 14:21 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-10 14:21 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-10 14:21 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-10 14:21 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-07-10 14:20 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-07-10 14:08 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-10 13:49 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-10 13:49 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-10 13:49 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-10 13:49 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-10 13:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-10 13:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-10 13:49 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-10 13:49 . 2012-06-02 21:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-10 13:49 . 2012-06-02 21:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-10 02:26 . 2012-07-10 02:26 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-10 02:26 . 2012-07-10 02:26 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-10 02:26 . 2012-07-10 02:26 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-07-10 02:26 . 2012-07-10 02:26 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-07-10 02:26 . 2012-07-10 02:26 2873344 ----a-w- c:\windows\system32\mf.dll
2012-07-10 02:26 . 2012-07-10 02:26 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-10 02:23 . 2012-07-10 02:23 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-10 02:23 . 2012-07-10 02:23 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-10 02:23 . 2012-07-10 02:23 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-10 02:23 . 2012-07-10 02:23 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-10 02:23 . 2012-07-10 02:23 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-10 02:23 . 2012-07-10 02:23 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-10 02:23 . 2012-07-10 02:23 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\ca-ES
2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\eu-ES
2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\vi-VN
2012-07-10 01:46 . 2012-07-10 01:46 -------- d-----w- c:\windows\system32\SPReview
2012-07-10 01:13 . 2009-04-11 05:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-07-10 01:13 . 2009-04-11 05:27 57856 ----a-w- c:\windows\system32\compcln.exe
2012-07-10 01:01 . 2009-04-11 05:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2012-07-10 01:00 . 2009-04-11 05:28 378368 ----a-w- c:\windows\system32\imapi2.dll
2012-07-10 00:59 . 2009-04-11 05:28 558080 ----a-w- c:\windows\system32\sysmain.dll
2012-07-10 00:58 . 2009-04-11 05:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-07-10 00:44 . 2012-07-10 00:44 -------- d-----w- c:\windows\system32\EventProviders
2012-07-09 18:28 . 2012-07-09 18:28 -------- d-----w- c:\users\Hal\AppData\Local\ElevatedDiagnostics
2012-07-04 04:19 . 2012-02-10 16:52 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51FD3E7C-6804-4C49-975C-E06D1799C958}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 19:07 . 2012-04-03 14:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 19:07 . 2011-07-26 04:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-10 02:23 . 2012-07-10 02:23 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-10 01:54 . 2007-03-24 07:35 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-10 01:54 . 2007-03-24 07:35 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-03 19:46 . 2011-03-03 05:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 23:53 . 2009-12-17 23:34 214167816 ----a-w- c:\program files\Nero-9.4.26.0_trial.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-07 39408]
"Spotify"="c:\users\Hal\AppData\Roaming\Spotify\Spotify.exe" [2012-06-09 9478320]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Hal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-09 932528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-28 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 1838592]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"CTXFIREG"="CTxfiReg.exe" [2006-11-28 44032]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-11-28 20480]
"CTHelper"="CTHELPER.EXE" [2006-11-28 19456]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-25 129560]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-27 202256]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start
http://www.avg.com/ww.special-unins...VgyMDEwKzItRjEwTTEwRCsy&prod=92&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-11-28 28672]
.
c:\users\Hal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2643686760-567394002-1274692540-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 21:49]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 21:49]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2643686760-567394002-1274692540-1000Core1cb6f1766cf05cd.job
- c:\users\Hal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 05:25]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2643686760-567394002-1274692540-1000UA.job
- c:\users\Hal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 05:25]
.
2012-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2643686760-567394002-1274692540-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://
www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{d4330680-c0ae-4226-8a21-0afe2fd1ac24} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - (no file)
HKLM-Run-NBAgent - c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
HKLM-Run-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
AddRemove-Artdeco_is1 - e:\art deco fonts\unins000.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-07-22 22:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,83,aa,c1,33,fc,4f,42,bb,d5,19,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(776)
c:\windows\system32\igfxsrvc.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-07-22 22:52:19
ComboFix-quarantined-files.txt 2012-07-23 04:52
.
Pre-Run: 13,384,421,376 bytes free
Post-Run: 13,326,000,128 bytes free
.
- - End Of File - - CC86B282DC7B0EB541F567627095CB29