Reply to thread

Message: <blockquote data-quote="Timmytour" data-source="post: 66618" data-attributes="member: 2008">Many thanks Jack.Computer up and running. I uninstalled Microssoft Security Essentials before running Combofix (as was apparently still operating though I understood it wasn't) and am now re-installing. Computer seems fine.Log as follows...   ComboFix 12-08-05.02 - User1 06/08/2012   0:33.1.2 - x86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3036.1800 [GMT 1:00]Running from: c:\documents and settings\User1\Desktop\ComboFix.exe..(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledgec:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnkc:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnkc:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnkc:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnkc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc10.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc11.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc12.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc13.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc14.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc14E.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc15.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc16.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc17.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc18.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc19.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc1A.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc1B.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc4.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc7.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc8.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mcc9.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mccA.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mccB.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mccD.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mccE.tmpc:\documents and settings\User2\Local Settings\Temporary Internet Files\mccF.tmpc:\documents and settings\User1\Application Data\PriceGongc:\documents and settings\User1\Application Data\PriceGong\Data\1.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\a.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\b.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\c.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\d.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\e.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\f.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\g.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\h.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\i.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\j.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\k.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\l.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\m.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\n.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\o.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\p.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\q.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\r.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\s.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\t.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\u.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\v.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\w.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\x.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\y.xmlc:\documents and settings\User1\Application Data\PriceGong\Data\z.xmlc:\documents and settings\User1\Local Settings\Application Data\assembly\tmpc:\documents and settings\User1\Start Menu\Programs\Live Security Platinumc:\documents and settings\User1\Start Menu\Programs\Live Security Platinum\Live Security Platinum Support Site.urlc:\documents and settings\User1\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnkc:\documents and settings\User1\Start Menu\Programs\Live Security Platinum\Uninstall.lnkc:\program files\RelevantKnowledgec:\program files\RelevantKnowledge\asmcf.datc:\program files\RelevantKnowledge\chrome.manifestc:\program files\RelevantKnowledge\components\rlxg.dllc:\program files\RelevantKnowledge\components\rlxh.dllc:\program files\RelevantKnowledge\components\rlxi.dllc:\program files\RelevantKnowledge\components\rlxj.dllc:\program files\RelevantKnowledge\components\rlxk.dllc:\program files\RelevantKnowledge\install.rdfc:\program files\RelevantKnowledge\ncncf.datc:\program files\RelevantKnowledge\nscf.datc:\program files\RelevantKnowledge\rlcm.crxc:\program files\RelevantKnowledge\rlcm.txtc:\program files\RelevantKnowledge\rloci.binc:\program files\RelevantKnowledge\rlph.dllc:\program files\RelevantKnowledge\rlxf.dllc:\windows\Installer\{f4ad979f-8f25-7b00-a14f-1acc97b24fff}\@c:\windows\Installer\{f4ad979f-8f25-7b00-a14f-1acc97b24fff}\U\00000001.@c:\windows\system32\URTTempc:\windows\system32\URTTemp\regtlib.exe..(((((((((((((((((((((((((   Files Created from 2012-07-05 to 2012-08-05  )))))))))))))))))))))))))))))))..2012-08-03 08:48 . 2012-08-03 08:48    9231560    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe2012-08-01 08:32 . 2012-08-01 08:32    --------    d-----w-    c:\program files\ESET2012-07-30 23:42 . 2012-07-30 23:17    883616    ----a-w-    C:\FixExec.exe2012-07-30 22:42 . 2012-07-30 22:42    --------    d-----w-    c:\documents and settings\A.N. Other\Local Settings\Application Data\PCHealth2012-07-30 22:31 . 2012-07-30 22:31    --------    d-----w-    c:\documents and settings\Administrator.REINSURA-BD52A52012-07-30 06:35 . 2012-08-01 05:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\036DFF6168D59C9E61EA5A017B07D2872012-07-22 11:50 . 2012-07-22 11:50    --------    d-----w-    c:\documents and settings\LocalService\Application Data\Roxio2012-07-19 18:33 . 2012-07-19 18:33    --------    d-----w-    c:\documents and settings\User1\Local Settings\Application Data\Help...((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-08-03 08:48 . 2012-03-29 05:47    426184    ----a-w-    c:\windows\system32\FlashPlayerApp.exe2012-08-03 08:48 . 2011-09-10 00:42    70344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-13 13:19 . 2006-02-28 11:00    1866112    ----a-w-    c:\windows\system32\win32k.sys2012-06-05 15:50 . 2009-08-19 16:07    1372672    ----a-w-    c:\windows\system32\msxml6.dll2012-06-05 15:50 . 2006-02-28 11:00    1172480    ----a-w-    c:\windows\system32\msxml3.dll2012-06-04 16:35 . 2011-09-09 11:53    210968    ----a-w-    c:\windows\system32\wuweb.dll2012-06-04 16:35 . 2011-09-10 00:11    222448    ----a-w-    c:\windows\system32\muweb.dll2012-06-04 04:32 . 2006-02-28 11:00    152576    ----a-w-    c:\windows\system32\schannel.dll2012-06-02 14:19 . 2009-08-06 18:24    22040    ----a-w-    c:\windows\system32\wucltui.dll.mui2012-06-02 14:19 . 2011-09-09 11:53    329240    ----a-w-    c:\windows\system32\wucltui.dll2012-06-02 14:19 . 2011-09-09 11:53    219160    ----a-w-    c:\windows\system32\wuaucpl.cpl2012-06-02 14:19 . 2009-08-06 18:24    15384    ----a-w-    c:\windows\system32\wuaucpl.cpl.mui2012-06-02 14:19 . 2011-09-09 11:53    35864    ----a-w-    c:\windows\system32\wups.dll2012-06-02 14:19 . 2011-09-09 11:53    53784    ----a-w-    c:\windows\system32\wuauclt.exe2012-06-02 14:19 . 2009-08-06 18:24    45080    ----a-w-    c:\windows\system32\wups2.dll2012-06-02 14:19 . 2009-08-06 18:24    15384    ----a-w-    c:\windows\system32\wuapi.dll.mui2012-06-02 14:19 . 2006-02-28 11:00    97304    ----a-w-    c:\windows\system32\cdm.dll2012-06-02 14:19 . 2009-08-06 18:24    17944    ----a-w-    c:\windows\system32\wuaueng.dll.mui2012-06-02 14:19 . 2011-09-09 11:53    577048    ----a-w-    c:\windows\system32\wuapi.dll2012-06-02 14:19 . 2011-09-09 11:53    1933848    ----a-w-    c:\windows\system32\wuaueng.dll2012-06-02 14:18 . 2011-09-10 00:11    275696    ----a-w-    c:\windows\system32\mucltui.dll2012-06-02 14:18 . 2011-09-10 00:11    17136    ----a-w-    c:\windows\system32\mucltui.dll.mui2012-05-31 13:22 . 2006-02-28 11:00    599040    ----a-w-    c:\windows\system32\crypt32.dll2012-05-16 15:08 . 2006-02-28 11:00    916992    ----a-w-    c:\windows\system32\wininet.dll2012-05-11 14:42 . 2006-02-28 11:00    43520    ------w-    c:\windows\system32\licmgr10.dll2012-05-11 14:42 . 2006-02-28 11:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl2012-05-11 11:38 . 2006-02-28 11:00    385024    ------w-    c:\windows\system32\html.iec2001-11-21 08:10 . 2001-11-21 08:10    18330960    ----a-w-    c:\program files\Oxpsp1.exe..(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2012-01-03 16:31    1514152    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-02-08 00:49    22376    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MoeMonitor.exe"="c:\documents and settings\User1\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2011-10-01 1315152]"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-06-07 3491264]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"BitTorrent"="c:\documents and settings\User1\My Documents\Downloads\Programs\BitTorrent-7.2.1.exe" [2012-05-18 6379888]"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-02 367128]"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-05-08 77616]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]"coreworks"="c:\program files\HPQ\HP Connection Manager 1.1\bin\gbxapp.exe" [2008-06-12 780776]"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-04-21 1090840]"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2008-05-14 10244096]"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-02-27 3387904]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080].c:\documents and settings\User2\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-24 142848].c:\documents and settings\User1\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-24 142848]OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]SonicWALL Global VPN Client.lnk - c:\windows\Installer\{40624553-811E-400E-B69B-38D8926A66BD}\_A408D8C4509665C152B13E.exe [N/A].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2011-9-9 197904]Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]2007-05-15 15:08    112640    ----a-w-    c:\windows\system32\ackpbsc.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]2007-05-15 15:08    281088    ----a-w-    c:\program files\ActivIdentity\ActivClient\acunlock.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]2008-04-21 10:48    69632    ----a-w-    c:\windows\system32\DeviceNP.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]2008-06-02 12:06    112400    ----a-w-    c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]2011-10-01 18:17    21840    ----a-w-    c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\system32\APSHook.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Documents and Settings\\User1\\My Documents\\Downloads\\Programs\\BitTorrent-7.2.1.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [05/06/2008 17:08 109184]R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [05/06/2008 17:08 51376]R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [05/06/2008 17:08 12928]R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [05/03/2012 16:45 24064]R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [14/09/2011 11:20 108448]R1 networx;networx;c:\windows\system32\drivers\networx.sys [25/09/2011 13:52 51976]R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [21/03/2008 22:54 39712]R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [05/06/2008 17:08 12496]R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 16:08 182576]R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 12:00 14336]R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 12:00 14336]R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [15/05/2008 15:11 1176824]R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [10/06/2008 11:13 18944]R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [05/06/2008 17:07 256512]R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [09/09/2011 18:01 77824]R2 mdvsrv;HP Connection Manager Service;c:\program files\HPQ\HP Connection Manager 1.1\bin\mdvsrv.exe [12/06/2008 13:19 575976]R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [09/09/2011 17:58 576024]R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [09/06/2008 09:06 345336]R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE [09/09/2011 17:15 2058776]R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [01/10/2011 19:17 44880]R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [15/05/2008 13:29 475520]R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [09/09/2011 17:33 193840]R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [09/09/2011 17:28 244368]R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [09/09/2011 18:00 44800]R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [01/10/2011 19:17 9040]R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [01/10/2011 19:17 19408]R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [09/09/2011 17:27 47616]S2 crd;crd;c:\docume~1\ELLAAN~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe --> c:\docume~1\ELLAAN~1\LOCALS~1\Temp\IXP001.TMP\poststp.exe [?]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/04/2012 11:37 158856]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 06:47 250056]S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [09/09/2011 18:01 32256]S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [21/04/2008 13:27 349432]S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [09/09/2011 17:30 5248]S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [09/09/2011 17:30 112640]S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [09/09/2011 17:30 103680]S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 13:12 1112560]S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]Cognizance    REG_MULTI_SZ       ASBroker ASChannelHPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-03-17 16:56    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:48].2012-08-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-REINSURA-BD52A5-User2.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-07 03:44].2012-08-04 c:\windows\Tasks\AdobeAAMUpdater-1.0-REINSURA-BD52A5-User1.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-07 03:44].2012-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57].2012-08-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 16:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.co.uk/uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localIE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.htmlIE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.1.254DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab.- - - - ORPHANS REMOVED - - - -.BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (no file)Toolbar-10 - (no file)WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)HKCU-Run-kdx - c:\program files\Kontiki\KHost.exeHKLM-Run-DATAMNGR - c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXESafeBoot-WudfPfSafeBoot-WudfRdAddRemove-BitTorrent - c:\documents and settings\User1\My Documents\Downloads\Programs\BitTorrent.exeAddRemove-Remove on Reboot Shell Extension_is1 - c:\program files\Remove on Reboot\unins000.exeAddRemove-Searchqu 406 MediaBar - c:\program files\Windows iLivid Toolbar\uninstall.exeAddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-08-06 00:46Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ...  .scanning hidden autostart entries ... .HKLM\Software\Microsoft\Windows\CurrentVersion\Run  Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@ .scanning hidden files ...  .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1715567821-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*, \OpenWithList]@Class="Shell".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1040)c:\windows\system32\ackpbsc.dllc:\windows\system32\aclog.dllc:\windows\system32\ACLIBEAY.dllc:\windows\system32\acevtsub.dllc:\windows\system32\asphat32.dllc:\windows\system32\acerrmes.dllc:\windows\system32\aspcom.dllc:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dllc:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dllc:\windows\system32\Ati2evxx.dllc:\program files\Hewlett-Packard\IAM\Bin\ASWlnPkg.DLLc:\program files\Hewlett-Packard\IAM\bin\ItMsg.dllc:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dllc:\program files\Hewlett-Packard\IAM\bin\brand.dllc:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dllc:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dllc:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dllc:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dllc:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dllc:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dllc:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dllc:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dllc:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dllc:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dllc:\windows\system32\acomx.dllc:\windows\system32\acbsi21.dllc:\program files\ActivIdentity\ActivClient\acunlock.dllc:\windows\system32\aipingui.dllc:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dllc:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dllc:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dllc:\windows\system32\DeviceNP.dllc:\windows\system32\SSREGLIB.dllc:\program files\Hewlett-Packard\DeviceAccessManager\0009\PTDMLiteResource.dllc:\windows\system32\flcdlmsg.dllc:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dllc:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLLc:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dllc:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll.- - - - - - - > 'explorer.exe'(12260)c:\windows\system32\WININET.dllc:\windows\system32\APSHook.dllc:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\program files\Internet Download Manager\IDMShellExt.dllc:\program files\Internet Download Manager\IDMNetMon.DLLc:\windows\system32\btmmhook.dllc:\program files\Windows Desktop Search\deskbar.dllc:\program files\Windows Desktop Search\en-us\dbres.dll.muic:\program files\Windows Desktop Search\dbres.dllc:\program files\Windows Desktop Search\wordwheel.dllc:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.muic:\program files\Windows Desktop Search\msnlExtRes.dllc:\windows\system32\ieframe.dllc:\program files\Internet Download Manager\idmmkb.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\btncopy.dllc:\documents and settings\User1\Local Settings\Application Data\Microsoft\Live Mesh\Bin\WLCShell.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exec:\program files\Intel\WiFi\bin\S24EvMon.exec:\program files\ActivIdentity\ActivClient\acevents.exec:\windows\system32\Ati2evxx.exec:\windows\System32\SCardSvr.exec:\windows\system32\agrsmsvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Intel\WiFi\bin\EvtEng.exec:\program files\Flip Video\FlipShare\FlipShareService.exec:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\windows\system32\ifxtcs.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Intel\AMT\LMS.exec:\windows\system32\IfxPsdSv.exec:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exec:\windows\system32\SearchIndexer.exec:\program files\Hewlett-Packard\Shared\hpqWmiEx.exec:\windows\system32\wbem\unsecapp.exec:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exec:\windows\system32\wscntfy.exec:\program files\ActivIdentity\ActivClient\acevents.exec:\program files\hpq\hp connection manager 1.1\bin\gbx4log.exec:\program files\Hewlett-Packard\Shared\HpqToaster.exec:\windows\system32\wbem\unsecapp.exec:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exec:\windows\system32\spool\drivers\w32x86\3\WrtProc.exec:\program files\iPod\bin\iPodService.exec:\program files\Internet Download Manager\IEMonitor.exec:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEc:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exec:\windows\System32\rundll32.exec:\program files\PC Connectivity Solution\ServiceLayer.exec:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exec:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exec:\windows\System32\wudfhost.exec:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe.**************************************************************************.Completion time: 2012-08-06  00:52:51 - machine was rebootedComboFix-quarantined-files.txt  2012-08-05 23:52.Pre-Run: 18,186,305,536 bytes freePost-Run: 19,291,430,912 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 3BE5B06B611B59882C07A41143D99037</blockquote>

Verification

Top