Hi Broni,
Because of the way the Uni works and I work 9-5 they have someone else in over night who seems to have worked on the laptop but not left any info on what he has done... I do apologize for this but unfortunately that is the way the uni is run.
The internet seems to have stopped working on the laptop as well but I think this has happened since using the app remover and running the scan programs.
I have followed your instructions though, removed AVG, run both scans and the log files will be pasted in.
I only did the update as following the instructions in the 7 part step guide:
Keeping up with system updates:
The following updates should be current. If they are not, your system may be vulnerable. Please update as needed:
Microsoft Download Site You should get All updates marked Critical and the current SP updates: Windows XP SP3, Vista SP2.
Here's the log files:
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-10 12:12:18
-----------------------------
12:12:18.687 OS Version: Windows 6.0.6001 Service Pack 1
12:12:18.687 Number of processors: 2 586 0x170A
12:12:18.703 ComputerName: PEDROGÓMEZ UserName:
12:12:21.370 Initialze error 0
12:13:33.185 AVAST engine defs: 11081000
12:15:38.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:15:38.734 Disk 0 Vendor: FUJITSU_ 8909 Size: 305245MB BusType: 3
12:15:38.749 Disk 0 MBR read successfully
12:15:38.749 Disk 0 MBR scan
12:15:38.765 Disk 0 Windows VISTA default MBR code
12:15:38.765 Disk 0 scanning sectors +625141760
12:15:38.812 Disk 0 scanning C:\windows\system32\drivers
12:15:38.812 Service scanning
12:15:39.701 Modules scanning
12:15:40.325 Disk 0 trace - called modules:
12:15:40.341 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys iastor.sys
12:15:40.341 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87055648]
12:15:40.341 3 CLASSPNP.SYS[82613745] -> nt!IofCallDriver -> [0x87055c48]
12:15:40.356 5 hpdskflt.sys[8b3c9f92] -> nt!IofCallDriver -> [0x85b681f8]
12:15:40.356 7 acpi.sys[806916a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85bc5028]
12:15:40.450 AVAST engine scan C:\windows
12:15:40.465 AVAST engine scan C:\windows\system32
12:15:40.465 AVAST engine scan C:\windows\system32\drivers
12:15:40.481 AVAST engine scan C:\Users\Pedro Gómez
12:15:40.481 AVAST engine scan C:\ProgramData
12:15:40.481 Scan finished successfully
12:15:57.017 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
12:15:57.033 The log file has been saved successfully to "G:\aswMBR.txt"
ComboFix 11-08-10.01 - Pedro Gómez 10/08/2011 14:08:22.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.34.3082.18.3035.1992 [GMT 1:00]
Running from: c:\users\Pedro Gómez\Desktop\ComboFi.exe
AV: Antivirus de Trend Micro OfficeScan *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Antispyware de Trend Micro OfficeScan *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\system32\drivers\RKHit.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))
.
.
2011-08-10 13:13 . 2011-08-10 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-10 10:32 . 2011-08-10 10:32 -------- d-----w- c:\program files\iPod
2011-08-10 10:32 . 2011-08-10 10:33 -------- d-----w- c:\program files\iTunes
2011-08-10 10:18 . 2011-08-10 10:18 -------- d-----w- c:\program files\Apple Software Update
2011-08-10 10:14 . 2011-08-10 10:14 -------- d-----w- c:\programdata\HP Product Assistant
2011-08-09 19:08 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 16:46 . 2011-08-10 10:16 -------- d-----w- c:\users\Pedro Gómez\AppData\Roaming\HpUpdate
2011-08-09 15:58 . 2011-08-09 15:58 -------- d-----w- c:\users\Pedro Gómez\AppData\Local\Solid State Networks
2011-08-09 12:56 . 2011-08-09 12:56 -------- d-----w- c:\windows\CheckSur
2011-08-06 17:56 . 2011-08-06 17:56 -------- d-----w- c:\windows\system32\EventProviders
2011-08-06 17:56 . 2011-08-06 18:13 -------- d-----w- C:\d6d6cfd83b6ec7052bab0ee67a26eb
2011-08-05 14:09 . 2011-08-05 14:09 -------- d-----w- c:\users\Pedro Gómez\AppData\Roaming\Malwarebytes
2011-08-05 14:09 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-05 14:09 . 2011-08-05 14:09 -------- d-----w- c:\programdata\Malwarebytes
2011-08-05 14:09 . 2011-08-05 14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-05 14:09 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-05 13:30 . 2011-08-05 20:46 -------- d-----w- c:\program files\PCSafeDoctor
2011-08-04 19:30 . 2011-08-04 19:30 0 ---ha-w- c:\users\Pedro Gómez\AppData\Local\BIT9215.tmp
2011-08-04 16:58 . 2011-08-04 16:58 -------- d-----w- C:\$AVG
2011-08-04 15:16 . 2011-08-10 11:40 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-03 14:00 . 2011-08-03 14:00 -------- d-----w- c:\programdata\boost_interprocess
2011-08-03 13:42 . 2011-08-03 13:42 -------- d-----w- c:\windows\Sun
2011-08-03 13:40 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D79A60AB-3D70-4F7D-B588-E30E9ECE19B1}\mpengine.dll
2011-08-03 13:35 . 2011-08-03 13:35 65536 --sha-r- c:\windows\system32\ir32_326.dll
2011-08-03 13:09 . 2011-08-03 13:09 -------- d-----w- c:\users\Pedro Gómez\AppData\Local\Ilivid Player
2011-08-03 09:14 . 2011-08-03 09:14 -------- d-----w- c:\users\Pedro Gómez\AppData\Local\PackageAware
2011-08-02 10:13 . 2011-08-02 10:13 -------- d-----w- c:\users\Pedro Gómez\AppData\Roaming\MEGA5_5110426
2011-08-02 10:12 . 2011-08-02 10:12 -------- d-----w- c:\program files\MEGA5
2011-07-27 09:52 . 2011-07-27 09:52 -------- d-----w- c:\users\Pedro Gómez\AppData\Roaming\PeerNetworking
2011-07-13 17:56 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 17:56 . 2011-05-02 12:00 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-13 17:56 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 17:56 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 19:30 . 2011-08-04 19:30 0 ---ha-w- c:\users\Pedro Gómez\AppData\Local\BIT9215.tmp
2011-08-04 19:30 . 2011-08-04 19:30 0 ---ha-w- c:\users\Pedro Gómez\AppData\Local\BIT9215.tmp
2011-07-05 17:37 . 2011-07-05 17:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 17:37 . 2011-07-05 17:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-05-24 18:14 . 2009-11-02 09:28 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-13 17:57 . 2011-05-13 17:57 14392 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
2011-05-13 17:57 . 2008-08-27 16:52 25656 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2011-05-13 17:57 . 2008-08-27 16:52 26168 ----a-w- c:\windows\system32\hpservice.exe
2011-05-13 17:57 . 2008-08-07 09:33 16952 ----a-w- c:\windows\system32\accelerometerdll.DLL
2011-05-13 17:57 . 2011-05-13 17:57 35896 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-27 298536]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-02-11 355896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-01-28 24848]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-03-10 506936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-01-14 11223040]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WatchDog"="c:\program files\InterVideo\DVD8SESD\DVDCheck.exe" [2009-03-04 200848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"pcsafedoctor.exe"="c:\program files\PCSafeDoctor\pcsafedoctor.exe" [2011-07-29 2052608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-18 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Inicio r*pido de Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2009-11-12 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2008-08-06 13:23 69632 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 0061031253173103mcinstcleanup;McAfee Application Installer Cleanup (0061031253173103);c:\users\PEDROG~1\AppData\Local\Temp\006103~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet: NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2008-08-06 32256]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2008-08-06 349432]
R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-02-11 45056]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
R3 VM650FVM11;UMAX AstraSlim Scanner ProdID x0104;c:\windows\system32\Drivers\USB650C.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-27 185896]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-10-03 1185016]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-10-01 256544]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-01-14 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-08-08 777240]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-23 3715072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Bioscrypt REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-09 14:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 19:46]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=92&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
IE: Convertir a PDF de Adobe - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir a PDF existente - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo a PDF existente - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo en archivo PDF de Adobe - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a archivo PDF existente - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir selección a PDF de Adobe - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir vínculos seleccionados a PDF de Adobe - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir vínculos seleccionados a PDF existente - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Pedro Gómez\AppData\Roaming\Mozilla\Firefox\Profiles\oujbb230.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q=
FF - prefs.js: network.proxy.ftp - ftp.ncbi.nih.gov
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Conduit Engine :
engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: softonic.com4 Community Toolbar: {0974848a-b5bc-49f2-9778-307742b4a55d} - %profile%\extensions\{0974848a-b5bc-49f2-9778-307742b4a55d}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0974848a-b5bc-49f2-9778-307742b4a55d} - (no file)
Toolbar-10 - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-OfficeScanNT - c:\program files\Trend Micro\OfficeScan Client\ntrmv.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3468)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-08-10 14:22:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-10 13:22
.
Pre-Run: 191,047,643,136 bytes libres
Post-Run: 191,003,873,280 bytes libres
.
- - End Of File - - 3C9813CAFA9F8796C02773E16238C510
Hope these help and again, any help is much appreciated.
Doug