Second Combofix log:
ComboFix 10-08-06.03 - HP_Administrator 08/07/2010 10:19:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1254 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.
2010-08-05 18:37 . 2010-08-05 18:37 -------- d-----w- c:\windows\Cache
2010-08-05 18:37 . 2010-08-05 18:37 -------- d-----w- c:\program files\Coupons
2010-08-04 17:15 . 2010-08-04 17:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-04 17:14 . 2010-08-05 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 15:50 . 2010-08-04 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2010-07-30 05:41 . 2010-08-04 17:08 -------- d-----w- c:\program files\Turbo Subs
2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2010-07-29 18:11 . 2010-07-29 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-29 18:11 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-29 18:10 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-28 22:53 . 2010-08-04 17:08 -------- d-----w- c:\program files\Shopmania
2010-07-25 01:51 . 2010-07-25 01:51 -------- d-----w- c:\program files\Wedding Dash - Ready, Aim, Love
2010-07-25 01:12 . 2010-07-25 01:12 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sunbelt Software
2010-07-25 01:10 . 2010-07-25 01:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-24 18:41 . 2010-07-24 18:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-07-23 17:37 . 2010-08-06 19:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 22:33 . 2010-07-16 22:33 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Yahoo
2010-07-16 22:33 . 2010-07-16 22:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2010-07-16 13:08 . 2010-07-16 13:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 23:50 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-15 23:40 . 2010-07-15 23:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 21:32 . 2006-09-13 02:24 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 21:31 . 2006-09-13 02:24 -------- d-----w- c:\program files\Java
2010-08-05 18:39 . 2007-02-22 21:36 -------- d-----w- c:\program files\Lx_cats
2010-08-03 16:03 . 2007-01-15 14:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-03 16:02 . 2009-07-21 13:17 -------- d-----w- c:\program files\Megaplex Madness - Summer Blockbuster
2010-08-02 19:28 . 2009-07-21 13:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MegaplexMadnessSummerBlockbuster
2010-07-30 00:59 . 2009-08-19 16:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2010-07-26 13:22 . 2006-09-13 02:59 -------- d-----w- c:\program files\DivX
2010-07-26 13:21 . 2008-04-09 05:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Move Networks
2010-07-26 13:17 . 2007-01-11 02:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IGN_DLM
2010-07-26 13:17 . 2007-01-11 02:52 -------- d-----w- c:\program files\IGN
2010-07-26 13:16 . 2006-09-13 02:58 -------- d-----w- c:\program files\muvee Technologies
2010-07-26 13:16 . 2006-09-13 02:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 13:12 . 2008-02-29 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-07-26 13:08 . 2009-05-09 00:45 -------- d-----w- c:\program files\PopCap Games
2010-07-26 13:06 . 2006-09-13 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-26 13:05 . 2009-08-29 20:24 -------- d-----w- c:\program files\Graboid
2010-07-26 13:03 . 2009-09-12 01:21 -------- d-----w- c:\program files\Turbine
2010-07-26 13:02 . 2009-07-29 22:36 -------- d-----w- c:\program files\City of Heroes
2010-07-26 13:02 . 2009-08-24 18:36 -------- d-----w- c:\program files\Cryptic Studios
2010-07-26 13:01 . 2010-03-02 15:46 -------- d-----w- c:\program files\Armadillo Run Demo
2010-07-25 01:12 . 2007-02-25 13:25 -------- d-----w- c:\program files\Google
2010-07-17 09:00 . 2010-04-30 13:30 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 14:58 . 2007-03-29 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-16 13:08 . 2009-09-09 13:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:07 . 2009-09-09 13:28 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-16 07:01 . 2009-09-19 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-12 08:55 . 2010-03-14 14:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-03-14 15:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-21 22:25 . 2010-06-21 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MythPeople
2010-06-21 22:24 . 2010-06-21 22:24 -------- d-----w- c:\program files\Miriel's Enchanted Mystery
2010-06-21 19:35 . 2010-06-21 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames
2010-06-16 12:44 . 2008-05-13 14:47 -------- d-----w- c:\program files\Airport Mania - First Flight
2010-06-11 23:36 . 2010-06-11 23:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Hotdog Hotshot
2010-06-09 10:34 . 2008-10-21 00:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2010-06-09 04:00 . 2008-10-21 00:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2010-06-03 13:44 . 2009-09-09 13:28 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2008-02-28 16:24 . 2008-02-28 16:24 0 ----a-w- c:\program files\temp01
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-10-20 1693184]
"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-13 180269]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-23 813584]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-9-12 36903]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-12 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-12 27136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 13:08 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lexmark 3300 Series\\LXCClpx.exe"=
"c:\\WINDOWS\\ehome\\ehshell.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Lexmark 3300 Series\\lxccaiox.exe"=
"c:\\Program Files\\Lexmark 3300 Series\\pheditor.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/14/2010 10:12 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/9/2009 9:28 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/9/2009 9:28 AM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:08 AM 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1352832]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/23/2009 6:19 PM 10384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/23/2010 10:46 AM 135664]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [9/12/2006 10:40 PM 82048]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [7/18/2009 7:22 PM 36224]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]
2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 14:46]
2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 14:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0vc4w2xp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage -
www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-08-07 10:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(536)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(4592)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\lxcccoms.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
**************************************************************************
.
Completion time: 2010-08-07 10:49:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-07 14:48
ComboFix2.txt 2010-08-07 13:53
Pre-Run: 152,833,208,320 bytes free
Post-Run: 152,822,906,880 bytes free
- - End Of File - - 0381D21BC6515439A627A245DCE4DC19