ComboFix 12-06-13.04 - RICHARD 13/06/2012 19:34:34.1.2 - x86
MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.1.1033.18.3061.1901 [GMT 1:00]
Running from: c:\users\RICHARD\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\TotalRecipeSearch_14EI
c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\14EIPlug.dll
c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\14EZSETP.dll
c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISb.dll
c:\program files\WeatherBlinkEI
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc106C.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc124D.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc155.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc17C0.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1877.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc18A.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc19CD.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1C3D.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F88.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1FF1.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2687.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc26A7.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc28EE.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BD9.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2DE5.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F25.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc30B7.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3362.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3528.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc363F.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3DA.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc41E8.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4211.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4545.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc456.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc47D0.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4829.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49AF.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CEE.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D76.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D81.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5044.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5202.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5369.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5410.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5D6E.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc62C.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6386.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc659A.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6B72.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F77.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc780A.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7BE6.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C43.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8104.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8114.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8336.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc84BC.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc892E.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc89D0.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc90C.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc910B.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9687.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc96C7.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9719.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9761.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc977B.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99B2.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99C4.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9A71.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9D8.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA02.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA114.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA2D6.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA309.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA39A.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA529.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAE.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAEB8.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB119.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBC4A.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBDB6.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC39F.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC785.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7F3.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC9C8.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB7B.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE9A.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF17.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD34A.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD53B.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD54B.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD779.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDE93.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF53.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE26F.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE314.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE3B5.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE406.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE63E.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE8AE.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE967.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE9B6.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccED19.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF184.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF357.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF807.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9C.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB80.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC6A.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFCC9.tmp
c:\users\RICHARD\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDB9.tmp
c:\users\SUE\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4B8.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 18:49 . 2012-06-13 18:4956200----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1946C83C-7A9B-4833-A717-DDBB63CEF31C}\offreg.dll
2012-06-13 18:42 . 2012-06-13 18:54--------d-----w-c:\users\RICHARD\AppData\Local\temp
2012-06-13 18:42 . 2012-06-13 18:42--------d-----w-c:\users\SUE\AppData\Local\temp
2012-06-13 18:42 . 2012-06-13 18:42--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-13 18:42 . 2012-06-13 18:42--------d-----w-c:\users\charlotte\AppData\Local\temp
2012-06-13 03:40 . 2012-06-13 03:42--------d-----w-C:\FRST
2012-06-10 08:25 . 2012-06-10 10:3740776----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-10 08:25 . 2012-06-10 08:25--------d-----w-c:\users\charlotte\AppData\Roaming\Malwarebytes
2012-06-10 05:00 . 2012-06-10 04:59713784----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A515B6D2-1A8D-4FD9-BBB7-D9B7CF27A78F}\gapaengine.dll
2012-06-10 05:00 . 2012-05-08 08:406737808----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1946C83C-7A9B-4833-A717-DDBB63CEF31C}\mpengine.dll
2012-06-10 04:55 . 2012-06-10 04:56--------d-----w-c:\program files\Microsoft Security Client
2012-06-08 09:26 . 2012-06-08 09:26--------d-----w-c:\programdata\Trusteer
2012-06-07 07:18 . 2012-06-07 07:18--------d-----w-c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-06-06 07:06 . 2012-06-06 07:06--------d-sh--w-c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 14:56 . 2008-12-21 16:1422344----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-11 10:233602816----a-w-c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 10:233550080----a-w-c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-11 10:232044928----a-w-c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-11 10:24914304----a-w-c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2012-05-11 10:2431232----a-w-c:\windows\system32\drivers\tcpipreg.sys
2012-03-20 23:28 . 2012-05-11 10:2453120----a-w-c:\windows\system32\drivers\partmgr.sys
2012-03-20 19:44 . 2012-03-20 19:4474112----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44171064----a-w-c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2011-05-26 1590144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
backup=c:\windows\pss\Lotus Organizer EasyClip.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=c:\windows\pss\Lotus QuickStart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SmartCenter.lnk
backup=c:\windows\pss\Lotus SmartCenter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SuiteStart.lnk
backup=c:\windows\pss\Lotus SuiteStart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^SUE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\SUE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2008-04-01 13:2161440----a-r-c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 11:13152872----a-w-c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2011-07-25 10:17290112----a-w-c:\users\RICHARD\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 07:221089536------r-c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 16:5786016------w-c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 22:33125952----a-w-c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-08-24 19:54154136----a-w-c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-08-24 19:54141848----a-w-c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 22:0546368----a-w-c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-11-29 02:1755824----a-w-c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 17:11565008----a-w-c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 17:152407184----a-w-c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 14:56462408----a-w-c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2012-03-08 17:504280184----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 08:27570664----a-w-c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 11:0279400----a-w-c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-09 22:0729984----a-w-c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-03-20 14:321312256----a-w-c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-08-24 19:54129560----a-w-c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 08:01328992----a-w-c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28421888----a-w-c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint]
2008-01-09 12:32789008----a-w-c:\program files\Logitech\SetPoint\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:281233920----a-w-c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03210472----a-w-c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-03 18:05185872----a-w-c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 22:381008184----a-w-c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 22:33202240----a-w-c:\program files\Windows Media Player\wmpnscfg.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-09 15:49]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 20:49]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 20:49]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110811073132
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
FF - ProfilePath - c:\users\RICHARD\AppData\Roaming\Mozilla\Firefox\Profiles\5o4wx3be.default\
FF - prefs.js: browser.startup.homepage - hxxp://
www.google.co.uk/ig?hl=en
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
Toolbar-10 - (no file)
WebBrowser-{DA21BD13-CA22-42E3-A071-98F08F1CA1E7} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
MSConfigStartUp-MMTray - c:\progra~1\MUSICM~1\MUSICM~2\mm_tray.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-Schedule_d - c:\program files\DVBT Application\Schedule_d.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-WeatherBlink Browser Plugin Loader - c:\progra~1\WEATHE~2\bar\1.bin\gcbrmon.exe
MSConfigStartUp-WeatherBlink Search Scope Monitor - c:\progra~1\WEATHE~2\bar\1.bin\gcsrchmn.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-BitTorrent - c:\users\RICHARD\Program Files\BitTorrent\BitTorrent.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(11612)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcupdate.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Completion time: 2012-06-13 20:03:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 19:03
.
Pre-Run: 25,108,545,536 bytes free
Post-Run: 28,835,381,248 bytes free
.
- - End Of File - - 40CEC6924E5813CF1FD2E0F1C73444F2