ComboFix 12-01-04.03 - Administrator 01/04/2012 21:36:52.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.692 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\0d8246kotq_o\us_sres.data c:\documents and settings\Administrator\g2mdlhlpx.exe c:\documents and settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67} c:\documents and settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67}\chrome.manifest c:\documents and settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67}\chrome\content\_cfg.js c:\documents and settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67}\chrome\content\overlay.xul c:\documents and settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67}\install.rdf c:\program files\epson12766.exe c:\program files\olk1004.exe c:\program files\Shared c:\program files\Shared\lib.sig c:\windows\$NtUninstallKB39818$ c:\windows\$NtUninstallKB39818$\852194802 c:\windows\system32\drivers\1028_DELL_XPS_MXC051 .MRK c:\windows\system32\drivers\DELL_XPS_MXC051 .MRK c:\windows\system32\drivers\RKHit.sys c:\windows\system32\ijl11.dll c:\windows\system32\SETDA.tmp c:\windows\system32\SETDC.tmp c:\windows\system32\SETDF.tmp c:\windows\system32\winlogon.bak . c:\windows\system32\drivers\afd.sys was missing Restored copy from - c:\windows\system32\dllcache\afd.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_RKHIT -------\Service_.afd -------\Service_RkHit . . ((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 ))))))))))))))))))))))))))))))) . . 2012-01-05 02:52 . 2012-01-05 02:52 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2012-01-05 02:49 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys 2012-01-04 21:29 . 2012-01-04 21:29 -------- d--h--w- c:\windows\system32\GroupPolicy 2012-01-04 21:05 . 2012-01-04 21:05 -------- d-----w- C:\_OTL 2011-12-30 03:23 . 2012-01-05 02:52 -------- d-----w- c:\program files\PCSafeDoctor . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-19 02:48 . 2010-12-23 19:03 3766 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2011-11-24 00:28 . 2006-02-28 12:00 26112 ----a-w- c:\windows\system32\userinit.exe 2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-06 17:49 . 2011-07-16 15:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:33 . 2006-02-28 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2008-08-01 14:59 692736 ----a-w- c:\windows\system32\inetcomm.dll 2010-06-27 07:49 . 2011-08-10 20:25 330400 ----a-w- c:\program files\Common Files\MediaOrganizer.dll 2010-06-27 07:45 . 2011-08-10 20:25 31392 ----a-w- c:\program files\Common Files\FlickrProvider.dll 2010-06-27 07:45 . 2011-08-10 20:25 401056 ----a-w- c:\program files\Common Files\facebook.dll 2010-06-27 07:45 . 2011-08-10 20:25 128672 ----a-w- c:\program files\Common Files\PluginCommon.dll 2010-06-27 07:44 . 2011-08-10 20:25 463520 ----a-w- c:\program files\Common Files\AppFramework.dll 2008-11-06 04:11 . 2008-11-06 04:11 67167528 -c--a-w- c:\program files\iTunes801Setup.exe 2011-11-10 14:38 . 2011-05-31 03:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-08 5247624] "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-27 526992] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856] "eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912] "VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992] "StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008] "EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304] "Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-29 105632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "pcsafedoctor.exe"="c:\program files\PCSafeDoctor\pcsafedoctor.exe" [2011-12-13 2052608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-8-2 629248] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 00:35 87352 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/7/2010 10:10 AM 64288] R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 11:47 AM 202048] S1 MpKsl14d3b8f2;MpKsl14d3b8f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7172394E-5FF0-481D-AD08-52D0DF003CAA}\MpKsl14d3b8f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7172394E-5FF0-481D-AD08-52D0DF003CAA}\MpKsl14d3b8f2.sys [?] S1 MpKsl1702735a;MpKsl1702735a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91B1DD9D-428C-4362-A331-913E9D5782C6}\MpKsl1702735a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91B1DD9D-428C-4362-A331-913E9D5782C6}\MpKsl1702735a.sys [?] S1 MpKsl1d8dab63;MpKsl1d8dab63;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3F9CF8A-215A-430C-A590-F0FFA7C5B58A}\MpKsl1d8dab63.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3F9CF8A-215A-430C-A590-F0FFA7C5B58A}\MpKsl1d8dab63.sys [?] S1 MpKsl2e0b7e06;MpKsl2e0b7e06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F44B4082-C995-4DC8-9F56-FEACC3070C25}\MpKsl2e0b7e06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F44B4082-C995-4DC8-9F56-FEACC3070C25}\MpKsl2e0b7e06.sys [?] S1 MpKsl33b3c30e;MpKsl33b3c30e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A32759D0-F0FF-43AF-A965-757CEBE2CC5E}\MpKsl33b3c30e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A32759D0-F0FF-43AF-A965-757CEBE2CC5E}\MpKsl33b3c30e.sys [?] S1 MpKsl3e0d5bc4;MpKsl3e0d5bc4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89D3BC93-F30B-4981-9D7E-51BA3C392E51}\MpKsl3e0d5bc4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{89D3BC93-F30B-4981-9D7E-51BA3C392E51}\MpKsl3e0d5bc4.sys [?] S1 MpKsl3eab379a;MpKsl3eab379a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A68BB4E8-37F7-48E4-9563-8595D112DDAC}\MpKsl3eab379a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A68BB4E8-37F7-48E4-9563-8595D112DDAC}\MpKsl3eab379a.sys [?] S1 MpKsl515223d1;MpKsl515223d1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC92DE91-034A-4864-BDE4-9B98CACD3EF0}\MpKsl515223d1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC92DE91-034A-4864-BDE4-9B98CACD3EF0}\MpKsl515223d1.sys [?] S1 MpKsl5829ed70;MpKsl5829ed70;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{30B22360-0458-40B0-9110-468A1F5C6439}\MpKsl5829ed70.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{30B22360-0458-40B0-9110-468A1F5C6439}\MpKsl5829ed70.sys [?] S1 MpKsl8172f1d8;MpKsl8172f1d8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E51865A6-464A-4804-9BA7-9475E0CF6F82}\MpKsl8172f1d8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E51865A6-464A-4804-9BA7-9475E0CF6F82}\MpKsl8172f1d8.sys [?] S1 MpKsl85bfd748;MpKsl85bfd748;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C40D689-CC23-4E33-8B5F-A38B0C1FF218}\MpKsl85bfd748.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C40D689-CC23-4E33-8B5F-A38B0C1FF218}\MpKsl85bfd748.sys [?] S1 MpKsl91706ee0;MpKsl91706ee0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{857D3B99-67A0-4367-A8BF-3B47149CFC54}\MpKsl91706ee0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{857D3B99-67A0-4367-A8BF-3B47149CFC54}\MpKsl91706ee0.sys [?] S1 MpKsl94bb7d72;MpKsl94bb7d72;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2678FA07-0DFC-41D4-B117-7BFB3307C9FC}\MpKsl94bb7d72.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2678FA07-0DFC-41D4-B117-7BFB3307C9FC}\MpKsl94bb7d72.sys [?] S1 MpKslaae13235;MpKslaae13235;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2EE9454B-8B11-4DCC-8728-85085267EB1C}\MpKslaae13235.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2EE9454B-8B11-4DCC-8728-85085267EB1C}\MpKslaae13235.sys [?] S1 MpKsld419fcf7;MpKsld419fcf7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E51865A6-464A-4804-9BA7-9475E0CF6F82}\MpKsld419fcf7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E51865A6-464A-4804-9BA7-9475E0CF6F82}\MpKsld419fcf7.sys [?] S1 MpKsle25d0f83;MpKsle25d0f83;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63641507-D011-4A4D-900D-A51134750B70}\MpKsle25d0f83.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63641507-D011-4A4D-900D-A51134750B70}\MpKsle25d0f83.sys [?] S1 MpKslf59a3b47;MpKslf59a3b47;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F44B4082-C995-4DC8-9F56-FEACC3070C25}\MpKslf59a3b47.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F44B4082-C995-4DC8-9F56-FEACC3070C25}\MpKslf59a3b47.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:18 AM 135664] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?] S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [10/1/2009 3:51 PM 318464] S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [10/1/2009 3:51 PM 51456] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [9/16/2010 9:00 PM 6016] S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;"c:\program files\Clearwire\Connection Manager\RcAppSvc.exe" /n "CLEARWIRERcAppSvc" --> c:\program files\Clearwire\Connection Manager\RcAppSvc.exe [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:18 AM 135664] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/5/2010 10:35 AM 19968] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [9/16/2010 8:59 PM 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [9/16/2010 9:00 PM 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [9/16/2010 9:00 PM 9472] S3 NET8511;Compaq 10/100 Ethernet USB Adapter;c:\windows\system32\drivers\NET8511.SYS [8/1/2008 10:13 AM 24555] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:18] . 2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 13:18] . 2009-03-03 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job - c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = localhost;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\us9zlbb6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Ctefu - c:\windows\wderms.dll HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe HKLM-Run-PDFServiceEngine - c:\program files\PDF Suite\PDFServiceEngine.exe HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe HKLM-Run-Ckuxicu - c:\windows\eqekekibehav.dll HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe AddRemove-MotoHelper - c:\program files\Motorola\MotoHelper\uninstall.exe AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE} AddRemove-{D32470A1-B10C-4059-BA53-CF0486F68EBC} - c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_cbc7f\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-04 21:52 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-299502267-1645522239-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,3b,a3,cf,a8,39,30,48,bf,86,59,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,3b,a3,cf,a8,39,30,48,bf,86,59,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,f8,3d,93,e4,de,12,4c,aa,a3,21,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\LMIinit.dll c:\windows\System32\BCMLogon.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3140) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll c:\program files\Microsoft Office\Office10\msohev.dll c:\windows\system32\wpdshext.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2012-01-04 22:06:27 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-05 03:06 . Pre-Run: 27,894,378,496 bytes free Post-Run: 29,460,865,024 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - A720ABBA392EC6176E83D239482B1A05