She thinks may have it !!!!
Chief:
Please post below.
John: I was able to go into safe mode and have run combofix with the script as requested. The Log follows:
ComboFix 12-03-09.05 - New 03/12/2012 13:57:50.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1777 [GMT -5:00]
Running from: c:\documents and settings\New\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\New\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cerc6
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-07-05 00:53 . 2012-07-05 00:53 -------- d-----w- c:\documents and settings\New\Application Data\Malwarebytes
2012-07-05 00:53 . 2012-07-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-05 00:53 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 18:17 . 2012-07-04 18:17 -------- d-----w- c:\documents and settings\NHPA
2012-07-04 17:46 . 2012-07-04 17:46 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-03 21:11 . 2012-07-03 21:11 -------- d-----w- c:\documents and settings\New\Application Data\DriverCure
2012-07-03 21:11 . 2012-07-03 21:11 -------- d-----w- c:\documents and settings\New\Application Data\SpeedMaxPc
2012-07-03 21:11 . 2012-07-03 21:11 -------- d-----w- c:\program files\Common Files\SpeedMaxPc
2012-07-03 21:11 . 2012-07-03 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-07-03 21:11 . 2012-07-03 21:11 -------- d-----w- c:\program files\SpeedMaxPc
2012-07-03 16:40 . 2012-07-03 16:40 -------- d-sh--w- c:\documents and settings\New\IECompatCache
2012-07-03 15:26 . 2009-06-12 11:18 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-03 15:26 . 2010-08-27 07:38 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-03 15:25 . 2012-07-03 15:25 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2012-07-03 15:25 . 2012-07-03 15:25 -------- d-----w- c:\program files\NortonInstaller
2012-07-03 15:07 . 2012-07-03 15:07 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-07-03 15:07 . 2012-07-03 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-07-02 19:58 . 2012-07-03 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-02 19:58 . 2012-07-02 19:58 -------- d-----w- c:\program files\AVAST Software
2012-07-02 19:48 . 2012-07-02 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2012-07-02 19:18 . 2012-07-02 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND
2012-07-02 15:17 . 2012-07-03 15:25 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2012-07-01 21:10 . 2012-07-02 19:47 -------- d-----w- c:\program files\Common Files\Symantec Shared(2)
2012-07-01 21:09 . 2012-07-02 19:47 -------- d-----w- c:\windows\system32\drivers\N360(2)
2012-07-01 21:09 . 2012-07-02 19:48 -------- d-----w- c:\program files\Norton Security Suite(2)
2012-07-01 13:29 . 2012-07-01 13:29 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Symantec
2012-06-30 23:58 . 2012-06-30 23:58 -------- d-----w- c:\documents and settings\New\Application Data\Tific
2012-06-30 23:56 . 2012-06-30 23:56 -------- d-----w- c:\program files\Windows Sidebar
2012-06-30 23:19 . 2012-07-04 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-06-30 23:19 . 2012-07-02 19:50 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\NPE
2012-06-30 12:56 . 2012-06-30 12:56 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2012-06-30 12:42 . 2012-07-02 19:50 -------- d-s---w- c:\documents and settings\Administrator
2012-06-30 04:08 . 2012-06-30 04:08 -------- d-----w- C:\spoolerlogs
2012-06-28 13:21 . 2012-06-28 13:21 -------- d-----w- C:\e
2012-06-28 04:36 . 2012-06-28 04:36 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\FileTypeAssistant
2012-06-28 04:28 . 2012-07-02 19:50 -------- d-----w- c:\documents and settings\New\Application Data\FreeFileViewer
2012-06-28 04:26 . 2012-07-02 19:50 -------- d-----w- c:\program files\File Type Assistant
2012-06-28 04:26 . 2012-06-28 04:26 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\I Want This
2012-06-28 04:26 . 2012-07-02 19:50 -------- d-----w- c:\program files\I Want This
2012-06-28 04:26 . 2012-07-02 19:50 -------- d-----w- c:\program files\FreeFileViewer
2012-06-28 04:26 . 2012-06-28 04:26 -------- d-----w- c:\program files\Freeze.com
2012-06-28 04:26 . 2012-07-02 19:50 -------- d-----w- c:\program files\Yahoo!
2012-06-28 04:26 . 2012-06-28 04:26 -------- d-----w- c:\documents and settings\New\Application Data\Yahoo!
2012-06-26 13:44 . 2012-07-02 19:50 -------- d-----w- c:\windows\system32\NtmsData
2012-06-25 03:41 . 2012-07-02 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-06-25 03:39 . 2012-07-02 19:49 -------- d-----w- c:\documents and settings\New\Application Data\GetRightToGo
2012-06-24 17:02 . 2012-06-24 17:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-06-24 12:40 . 2012-06-24 12:40 -------- d--h--w- c:\documents and settings\New\InstallAnywhere
2012-06-24 12:40 . 2012-06-25 20:11 -------- d-----w- c:\documents and settings\New\Desktop END OF YEAR
2012-06-24 12:30 . 2012-06-24 12:45 -------- d-----w- c:\documents and settings\New\Carbonite Restored OLD User Settings
2012-06-24 12:30 . 2012-06-25 20:08 -------- d-----w- c:\documents and settings\New\.jbidwatcher
2012-06-23 18:06 . 2012-06-23 18:06 -------- d-sh--w- c:\documents and settings\New\PrivacIE
2012-03-12 16:06 . 2005-04-06 03:18 135168 ----a-w- c:\windows\system32\igfxres.dll
2012-03-09 15:23 . 2012-03-09 15:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-03-09 15:18 . 2012-03-09 15:18 388096 ----a-r- c:\documents and settings\New\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-09 15:18 . 2012-03-09 15:18 -------- d-----w- c:\program files\Trend Micro
2012-03-09 15:05 . 2008-04-14 07:00 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-03-09 15:05 . 2008-04-14 07:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-09 15:05 . 2008-04-14 07:00 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-03-09 15:05 . 2008-04-14 07:00 64512 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-03-09 15:05 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-03-09 15:05 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-09 15:05 . 2011-05-09 22:48 62592 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-03-09 15:05 . 2011-05-09 22:48 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-09 15:05 . 2008-04-14 07:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-03-09 15:05 . 2008-04-14 07:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-23 14:40 . 2012-02-23 14:40 -------- d-sh--w- c:\documents and settings\New\IETldCache
2012-02-23 09:06 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-23 09:05 . 2011-12-18 20:46 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-23 09:05 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-23 09:05 . 2011-12-17 19:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-23 09:05 . 2011-12-17 19:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-23 09:05 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-23 09:05 . 2011-12-17 19:46 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-23 09:05 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-23 09:04 . 2012-02-23 09:05 -------- dc-h--w- c:\windows\ie8
2012-02-23 09:01 . 2012-02-23 09:09 -------- d-----w- c:\windows\SxsCaPendDel
2012-02-23 07:05 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-23 07:05 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-02-22 14:26 . 2012-02-22 14:26 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-21 03:16 . 2012-02-21 03:16 -------- d-----w- C:\Restored from Carbonite
2012-02-21 02:55 . 2012-06-25 19:30 -------- d-----w- c:\program files\Quicken
2012-02-21 02:48 . 2012-02-21 02:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-02-21 02:48 . 2012-02-21 02:48 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Temp
2012-02-21 02:47 . 2012-06-24 12:52 -------- d-----w- c:\documents and settings\New\.housecall6.6
2012-02-21 02:47 . 2012-06-24 12:52 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2012-02-21 02:47 . 2012-02-21 02:47 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}
2012-02-21 02:47 . 2012-02-21 02:47 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\ApplicationHistory
2012-02-21 02:47 . 2012-02-21 02:47 -------- d-----w- c:\documents and settings\Default User\Application Data\Symantec
2012-02-21 02:47 . 2012-02-21 02:47 -------- d-----w- c:\documents and settings\Default User\Application Data\Sonic
2012-02-21 02:47 . 2012-02-21 02:47 -------- d-----w- c:\documents and settings\Default User\Application Data\SampleView
2012-02-21 02:47 . 2012-02-21 02:47 -------- d-----w- c:\documents and settings\Default User\Application Data\interMute
2012-02-21 02:42 . 2012-06-24 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SBSI
2012-02-21 02:42 . 2012-02-21 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2012-02-21 02:42 . 2012-02-21 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2012-02-21 02:42 . 2012-06-24 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Napster
2012-02-21 02:42 . 2012-02-21 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2012-02-21 02:42 . 2012-06-24 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2012-02-21 02:41 . 2012-06-24 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-02-21 02:41 . 2012-02-21 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-21 02:41 . 2012-02-21 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-02-21 02:41 . 2012-06-24 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7(2)
2012-02-21 02:41 . 2012-02-21 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-02-20 19:42 . 2012-03-12 16:07 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Google
2012-02-20 19:42 . 2012-03-12 12:56 -------- d-----w- c:\program files\Google
2012-02-20 19:26 . 2012-02-20 19:26 -------- d-----w- c:\program files\Carbonite
2012-02-20 19:26 . 2012-02-20 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Carbonite
2012-02-19 23:05 . 2012-02-19 23:05 -------- d-----w- c:\documents and settings\New\Application Data\OpenOffice.org
2012-02-19 22:57 . 2012-02-19 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2012-02-19 22:50 . 2012-02-19 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2012-02-19 22:50 . 2012-06-24 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2012-02-19 22:50 . 2012-02-19 22:50 -------- d-----w- c:\program files\Common Files\HP
2012-02-19 22:50 . 2012-02-19 22:50 -------- d-----w- c:\program files\Hewlett-Packard
2012-02-19 22:49 . 2012-02-19 22:49 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-02-19 22:49 . 2008-04-14 06:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-02-19 22:49 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-02-19 22:49 . 2007-05-02 09:01 675840 ----a-r- c:\windows\system32\hpowiax5.dll
2012-02-19 22:49 . 2007-05-02 09:00 303104 ----a-r- c:\windows\system32\hpovst12.dll
2012-02-19 22:49 . 2007-05-02 08:56 954368 ----a-r- c:\windows\system32\hpotiop5.dll
2012-02-19 22:48 . 2012-06-24 00:00 -------- d-----w- c:\program files\HP
2012-02-19 22:45 . 2012-06-24 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2012-02-19 22:44 . 2007-05-02 10:03 267864 ----a-r- c:\windows\system32\hpzids01.dll
2012-02-19 22:44 . 2007-03-15 21:32 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2012-02-19 22:44 . 2007-03-15 21:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2012-02-19 22:44 . 2006-10-31 19:49 94208 ----a-w- c:\windows\system32\HPJIPX1U.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-18 19:16 . 2012-01-18 19:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-18 19:16 . 2012-01-18 19:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2012-01-18 19:10 . 2012-01-18 19:18 29480 ----a-w- c:\windows\system32\msxml3a.dll
2012-01-18 19:10 . 2012-01-18 19:18 505128 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-18 19:10 . 2012-01-18 19:18 353576 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-12 16:53 . 2008-04-14 07:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-12-17 19:46 . 2008-04-14 07:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 07:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 07:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 07:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-09_15.11.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-12 19:03 . 2012-03-12 19:03 16384 c:\windows\temp\Perflib_Perfdata_7fc.dat
+ 2012-03-12 19:03 . 2012-03-12 19:03 16384 c:\windows\temp\Perflib_Perfdata_73c.dat
+ 2008-04-14 07:00 . 2012-03-12 12:07 58596 c:\windows\system32\perfc009.dat
- 2008-04-14 07:00 . 2012-03-09 15:12 58596 c:\windows\system32\perfc009.dat
+ 2012-01-18 19:02 . 2012-03-12 12:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-18 19:02 . 2012-06-25 05:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-18 19:02 . 2012-06-25 05:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-18 19:02 . 2012-03-12 12:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2012-01-18 19:02 . 2012-06-25 05:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-03-09 15:23 . 2012-03-12 12:53 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 07:00 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
- 2008-04-14 07:00 . 2012-03-09 15:12 392296 c:\windows\system32\perfh009.dat
+ 2008-04-14 07:00 . 2012-03-12 12:07 392296 c:\windows\system32\perfh009.dat
- 2008-04-14 07:00 . 2009-03-08 10:33 726528 c:\windows\system32\jscript.dll
+ 2008-04-14 07:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2012-01-18 18:41 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2008-04-14 07:00 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 07:00 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 07:00 . 2009-03-08 10:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2012-03-09 15:23 . 2012-03-09 15:23 192112 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z0SB3DWO\GoogleToolbar_32_CDBADE383FE745C2[1].dll
+ 2012-03-09 15:23 . 2012-03-09 15:09 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-03-12 14:47 . 2012-07-05 00:46 246800 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2012-03-10 09:00 . 2009-03-08 10:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2012-03-10 09:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2012-03-10 09:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2012-03-10 09:00 . 2009-03-08 10:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2012-03-10 09:00 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2012-03-10 09:00 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2012-03-10 09:00 . 2009-03-08 10:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2012-03-09 15:18 . 2012-03-09 15:18 1094656 c:\windows\Installer\97834.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-02-03 22:24 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-02-03 22:24 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-02-03 22:24 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-01-18 149280]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 868352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-02-03 1059472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\New\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-9-4 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-13 04:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/4/2012 7:53 PM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/4/2012 7:53 PM 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2012 9:43 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2012 9:43 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 02:42]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 02:42]
.
2012-07-07 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2011-12-12 22:43]
.
2012-07-03 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2011-12-12 22:43]
.
2012-07-07 c:\windows\Tasks\SpeedMaxPc.job
- c:\program files\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2011-12-22 00:31]
.
2012-07-07 c:\windows\Tasks\WebReg Photosmart C7200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 03:27]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-03-12 14:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2548)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-03-12 14:07:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-12 19:07
ComboFix2.txt 2012-03-09 15:13
.
Pre-Run: 132,737,101,824 bytes free
Post-Run: 132,669,505,536 bytes free
.
- - End Of File - - CABD9F4C26009B8EA05F6C40D2B09036
Was able to use the cd/rw microsoft program and I now have the cd/rw drive.
Thanks again for your patience John. Is there anything further I need to do?
Karen Cantrell
Somersworth Police Dept
12 Lilac Lane
Somersworth, NH 03878
[email protected]