ComboFix 12-09-22.02 - Owner 09/22/2012 13:46:18.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2699 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Owner\Application Data\.# c:\windows\system32\_005031_.tmp.dll c:\windows\system32\_005032_.tmp.dll c:\windows\system32\_005033_.tmp.dll c:\windows\system32\_005034_.tmp.dll c:\windows\system32\_005040_.tmp.dll c:\windows\system32\_005041_.tmp.dll c:\windows\system32\_005042_.tmp.dll c:\windows\system32\_005043_.tmp.dll c:\windows\system32\_005044_.tmp.dll c:\windows\system32\_005045_.tmp.dll c:\windows\system32\_005046_.tmp.dll c:\windows\system32\_005047_.tmp.dll c:\windows\system32\_005048_.tmp.dll c:\windows\system32\_005049_.tmp.dll c:\windows\system32\_005050_.tmp.dll c:\windows\system32\_005051_.tmp.dll c:\windows\system32\_005052_.tmp.dll c:\windows\system32\_005053_.tmp.dll c:\windows\system32\_005054_.tmp.dll c:\windows\system32\_005055_.tmp.dll c:\windows\system32\_005056_.tmp.dll c:\windows\system32\_005057_.tmp.dll c:\windows\system32\_005058_.tmp.dll c:\windows\system32\_005059_.tmp.dll c:\windows\system32\_005060_.tmp.dll c:\windows\system32\_005061_.tmp.dll c:\windows\system32\_005062_.tmp.dll c:\windows\system32\_005063_.tmp.dll c:\windows\system32\_005064_.tmp.dll c:\windows\system32\_005065_.tmp.dll c:\windows\system32\_005066_.tmp.dll c:\windows\system32\_005067_.tmp.dll c:\windows\system32\_005068_.tmp.dll c:\windows\system32\_005069_.tmp.dll c:\windows\system32\_005070_.tmp.dll c:\windows\system32\_005071_.tmp.dll c:\windows\system32\_005072_.tmp.dll c:\windows\system32\_005073_.tmp.dll c:\windows\system32\_005074_.tmp.dll c:\windows\system32\_005075_.tmp.dll c:\windows\system32\_005076_.tmp.dll c:\windows\system32\_005077_.tmp.dll c:\windows\system32\_005078_.tmp.dll c:\windows\system32\_005079_.tmp.dll c:\windows\system32\_005080_.tmp.dll c:\windows\system32\_005081_.tmp.dll c:\windows\system32\_005082_.tmp.dll c:\windows\system32\_005083_.tmp.dll c:\windows\system32\_005084_.tmp.dll c:\windows\system32\_005085_.tmp.dll c:\windows\system32\_005086_.tmp.dll c:\windows\system32\_005087_.tmp.dll c:\windows\system32\_005088_.tmp.dll c:\windows\system32\_005089_.tmp.dll c:\windows\system32\_005090_.tmp.dll c:\windows\system32\_005091_.tmp.dll c:\windows\system32\_005092_.tmp.dll c:\windows\system32\_005093_.tmp.dll c:\windows\system32\_005094_.tmp.dll c:\windows\system32\_005095_.tmp.dll c:\windows\system32\_005096_.tmp.dll c:\windows\system32\_005097_.tmp.dll c:\windows\system32\_005098_.tmp.dll c:\windows\system32\_005099_.tmp.dll c:\windows\system32\_005100_.tmp.dll c:\windows\system32\_005101_.tmp.dll c:\windows\system32\_005102_.tmp.dll c:\windows\system32\_005103_.tmp.dll c:\windows\system32\_005104_.tmp.dll c:\windows\system32\_005105_.tmp.dll c:\windows\system32\_005106_.tmp.dll c:\windows\system32\_005107_.tmp.dll c:\windows\system32\_005108_.tmp.dll c:\windows\system32\_005109_.tmp.dll c:\windows\system32\_005110_.tmp.dll c:\windows\system32\_005111_.tmp.dll c:\windows\system32\_005112_.tmp.dll c:\windows\system32\_005113_.tmp.dll c:\windows\system32\_005114_.tmp.dll c:\windows\system32\_005115_.tmp.dll c:\windows\system32\_005116_.tmp.dll c:\windows\system32\_005117_.tmp.dll c:\windows\system32\_005118_.tmp.dll c:\windows\system32\_005119_.tmp.dll c:\windows\system32\_005120_.tmp.dll c:\windows\system32\_005121_.tmp.dll c:\windows\system32\_005122_.tmp.dll c:\windows\system32\_005123_.tmp.dll c:\windows\system32\_005124_.tmp.dll c:\windows\system32\_005125_.tmp.dll c:\windows\system32\_005126_.tmp.dll c:\windows\system32\_005127_.tmp.dll c:\windows\system32\_005128_.tmp.dll c:\windows\system32\_005129_.tmp.dll c:\windows\system32\_005130_.tmp.dll c:\windows\system32\_005131_.tmp.dll c:\windows\system32\_005132_.tmp.dll c:\windows\system32\_005133_.tmp.dll c:\windows\system32\_005134_.tmp.dll c:\windows\system32\_005135_.tmp.dll c:\windows\system32\_005136_.tmp.dll c:\windows\system32\_005137_.tmp.dll c:\windows\system32\_005138_.tmp.dll c:\windows\system32\_005139_.tmp.dll c:\windows\system32\_005140_.tmp.dll c:\windows\system32\_005141_.tmp.dll c:\windows\system32\_005142_.tmp.dll c:\windows\system32\_005143_.tmp.dll c:\windows\system32\_005144_.tmp.dll c:\windows\system32\_005145_.tmp.dll c:\windows\system32\_005146_.tmp.dll c:\windows\system32\_005147_.tmp.dll c:\windows\system32\_005148_.tmp.dll c:\windows\system32\_005149_.tmp.dll c:\windows\system32\_005150_.tmp.dll c:\windows\system32\_005151_.tmp.dll c:\windows\system32\_005152_.tmp.dll c:\windows\system32\_005153_.tmp.dll c:\windows\system32\_005154_.tmp.dll c:\windows\system32\_005155_.tmp.dll c:\windows\system32\_005156_.tmp.dll c:\windows\system32\_005157_.tmp.dll c:\windows\system32\_005158_.tmp.dll c:\windows\system32\_005159_.tmp.dll c:\windows\system32\_005160_.tmp.dll c:\windows\system32\_005161_.tmp.dll c:\windows\system32\_005162_.tmp.dll c:\windows\system32\_005163_.tmp.dll c:\windows\system32\_005164_.tmp.dll c:\windows\system32\_005165_.tmp.dll c:\windows\system32\_005166_.tmp.dll c:\windows\system32\_005167_.tmp.dll c:\windows\system32\_005168_.tmp.dll c:\windows\system32\_005169_.tmp.dll c:\windows\system32\_005170_.tmp.dll c:\windows\system32\_005171_.tmp.dll c:\windows\system32\_005172_.tmp.dll c:\windows\system32\_005173_.tmp.dll c:\windows\system32\_005174_.tmp.dll c:\windows\system32\_005175_.tmp.dll c:\windows\system32\_005176_.tmp.dll c:\windows\system32\_005177_.tmp.dll c:\windows\system32\_005178_.tmp.dll c:\windows\system32\_005179_.tmp.dll c:\windows\system32\_005180_.tmp.dll c:\windows\system32\_005181_.tmp.dll c:\windows\system32\_005182_.tmp.dll c:\windows\system32\_005183_.tmp.dll c:\windows\system32\_005184_.tmp.dll c:\windows\system32\_005185_.tmp.dll c:\windows\system32\_005186_.tmp.dll c:\windows\system32\_005187_.tmp.dll c:\windows\system32\_005188_.tmp.dll c:\windows\system32\_005189_.tmp.dll c:\windows\system32\_005190_.tmp.dll c:\windows\system32\_005191_.tmp.dll c:\windows\system32\_005192_.tmp.dll c:\windows\system32\_005193_.tmp.dll c:\windows\system32\_005194_.tmp.dll c:\windows\system32\_005195_.tmp.dll c:\windows\system32\_005196_.tmp.dll c:\windows\system32\_005197_.tmp.dll c:\windows\system32\_005198_.tmp.dll c:\windows\system32\_005199_.tmp.dll c:\windows\system32\_005200_.tmp.dll c:\windows\system32\_005201_.tmp.dll c:\windows\system32\_005202_.tmp.dll c:\windows\system32\_005203_.tmp.dll c:\windows\system32\_005204_.tmp.dll c:\windows\system32\_005205_.tmp.dll c:\windows\system32\_005206_.tmp.dll c:\windows\system32\_005207_.tmp.dll c:\windows\system32\_005208_.tmp.dll c:\windows\system32\_005209_.tmp.dll c:\windows\system32\_005210_.tmp.dll c:\windows\system32\_005211_.tmp.dll c:\windows\system32\_005212_.tmp.dll c:\windows\system32\_005213_.tmp.dll c:\windows\system32\_005214_.tmp.dll c:\windows\system32\_005215_.tmp.dll c:\windows\system32\_005216_.tmp.dll c:\windows\system32\_005217_.tmp.dll c:\windows\system32\_005218_.tmp.dll c:\windows\system32\_005219_.tmp.dll c:\windows\system32\_005220_.tmp.dll c:\windows\system32\_005221_.tmp.dll c:\windows\system32\_005222_.tmp.dll c:\windows\system32\_005223_.tmp.dll c:\windows\system32\_005224_.tmp.dll c:\windows\system32\_005225_.tmp.dll c:\windows\system32\_005226_.tmp.dll c:\windows\system32\_005227_.tmp.dll c:\windows\system32\_005228_.tmp.dll c:\windows\system32\_005229_.tmp.dll c:\windows\system32\_005230_.tmp.dll c:\windows\system32\_005231_.tmp.dll c:\windows\system32\_005232_.tmp.dll c:\windows\system32\_005233_.tmp.dll c:\windows\system32\_005234_.tmp.dll c:\windows\system32\_005235_.tmp.dll c:\windows\system32\_005236_.tmp.dll c:\windows\system32\_005237_.tmp.dll c:\windows\system32\_005238_.tmp.dll c:\windows\system32\_005239_.tmp.dll c:\windows\system32\_005240_.tmp.dll c:\windows\system32\_005241_.tmp.dll c:\windows\system32\_005242_.tmp.dll c:\windows\system32\_005243_.tmp.dll c:\windows\system32\_005244_.tmp.dll c:\windows\system32\_005245_.tmp.dll c:\windows\system32\_005246_.tmp.dll c:\windows\system32\_005247_.tmp.dll c:\windows\system32\_005248_.tmp.dll c:\windows\system32\_005250_.tmp.dll c:\windows\system32\_005251_.tmp.dll c:\windows\system32\_005252_.tmp.dll c:\windows\system32\_005253_.tmp.dll c:\windows\system32\_005254_.tmp.dll c:\windows\system32\_005255_.tmp.dll c:\windows\system32\_005256_.tmp.dll c:\windows\system32\_005257_.tmp.dll c:\windows\system32\_005258_.tmp.dll c:\windows\system32\_005259_.tmp.dll c:\windows\system32\_005260_.tmp.dll c:\windows\system32\_005262_.tmp.dll c:\windows\system32\_005263_.tmp.dll c:\windows\system32\_005264_.tmp.dll c:\windows\system32\_005265_.tmp.dll c:\windows\system32\_005266_.tmp.dll c:\windows\system32\_005267_.tmp.dll c:\windows\system32\_005268_.tmp.dll c:\windows\system32\_005269_.tmp.dll c:\windows\system32\_005270_.tmp.dll c:\windows\system32\_005271_.tmp.dll c:\windows\system32\_005272_.tmp.dll c:\windows\system32\_005273_.tmp.dll c:\windows\system32\_005275_.tmp.dll c:\windows\system32\_005276_.tmp.dll c:\windows\system32\_005277_.tmp.dll c:\windows\system32\_005278_.tmp.dll c:\windows\system32\_005280_.tmp.dll c:\windows\system32\_005282_.tmp.dll c:\windows\system32\_005283_.tmp.dll c:\windows\system32\_005284_.tmp.dll c:\windows\system32\_005285_.tmp.dll c:\windows\system32\_005286_.tmp.dll c:\windows\system32\_005287_.tmp.dll c:\windows\system32\_005288_.tmp.dll c:\windows\system32\_005289_.tmp.dll c:\windows\system32\_005291_.tmp.dll c:\windows\system32\_005292_.tmp.dll c:\windows\system32\_005293_.tmp.dll c:\windows\system32\_005294_.tmp.dll c:\windows\system32\_005295_.tmp.dll c:\windows\system32\_005296_.tmp.dll c:\windows\system32\_005297_.tmp.dll c:\windows\system32\_005298_.tmp.dll c:\windows\system32\_005299_.tmp.dll c:\windows\system32\_005300_.tmp.dll c:\windows\system32\_005301_.tmp.dll c:\windows\system32\_005302_.tmp.dll c:\windows\system32\_005303_.tmp.dll c:\windows\system32\_005304_.tmp.dll c:\windows\system32\_005305_.tmp.dll c:\windows\system32\_005306_.tmp.dll c:\windows\system32\_005307_.tmp.dll c:\windows\system32\_005309_.tmp.dll c:\windows\system32\_005310_.tmp.dll c:\windows\system32\_005311_.tmp.dll c:\windows\system32\_005312_.tmp.dll c:\windows\system32\_005314_.tmp.dll c:\windows\system32\_005316_.tmp.dll c:\windows\system32\_005317_.tmp.dll c:\windows\system32\_005318_.tmp.dll c:\windows\system32\_005319_.tmp.dll c:\windows\system32\_005320_.tmp.dll c:\windows\system32\_005321_.tmp.dll c:\windows\system32\_005322_.tmp.dll c:\windows\system32\_005323_.tmp.dll c:\windows\system32\_005325_.tmp.dll c:\windows\system32\_005326_.tmp.dll c:\windows\system32\_005327_.tmp.dll c:\windows\system32\_005328_.tmp.dll c:\windows\system32\_005329_.tmp.dll c:\windows\system32\_005330_.tmp.dll c:\windows\system32\_005331_.tmp.dll c:\windows\system32\_005332_.tmp.dll c:\windows\system32\_005334_.tmp.dll c:\windows\system32\_005335_.tmp.dll c:\windows\system32\_005336_.tmp.dll c:\windows\system32\_005337_.tmp.dll c:\windows\system32\_005340_.tmp.dll c:\windows\system32\_005341_.tmp.dll c:\windows\system32\_005345_.tmp.dll c:\windows\system32\_005346_.tmp.dll c:\windows\system32\_005348_.tmp.dll c:\windows\system32\_005350_.tmp.dll c:\windows\system32\_005351_.tmp.dll c:\windows\system32\_005353_.tmp.dll c:\windows\system32\_005354_.tmp.dll c:\windows\system32\_005355_.tmp.dll c:\windows\system32\_005356_.tmp.dll c:\windows\system32\_005359_.tmp.dll c:\windows\system32\_005360_.tmp.dll c:\windows\system32\_005361_.tmp.dll c:\windows\system32\_005362_.tmp.dll c:\windows\system32\_005363_.tmp.dll c:\windows\system32\_005368_.tmp.dll c:\windows\system32\_005370_.tmp.dll c:\windows\system32\_005371_.tmp.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE . . ((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 ))))))))))))))))))))))))))))))) . . 2012-09-22 20:03 . 2012-09-22 20:03 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2012-09-22 20:02 . 2012-09-22 20:02 -------- d-----w- C:\_OTL 2012-09-22 06:21 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F86BF1BE-5FA9-4EB6-A6F8-E0CCAEAD076A}\mpengine.dll 2012-09-21 06:28 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-15 20:07 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-15 20:07 . 2012-09-15 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-15 19:58 . 2012-08-21 20:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-15 19:53 . 2012-09-15 19:53 -------- d-----w- c:\program files\iPod 2012-09-15 19:53 . 2012-09-15 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-15 19:53 . 2012-09-15 19:58 -------- d-----w- c:\program files\iTunes 2012-09-15 19:52 . 2012-09-15 19:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2012-09-15 19:51 . 2012-09-15 19:51 -------- d-----w- c:\program files\Bonjour 2012-09-15 19:50 . 2012-09-15 19:53 -------- d-----w- c:\program files\Common Files\Apple 2012-09-07 21:19 . 2012-06-14 18:04 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys 2012-09-04 15:47 . 2012-09-04 15:47 -------- d-----w- c:\windows\Hewlett-Packard 2012-09-02 19:28 . 2012-09-16 21:35 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate 2012-09-01 20:21 . 2012-09-01 20:21 -------- d-----w- c:\windows\system32\wbem\Repository 2012-09-01 20:06 . 2012-09-02 19:20 -------- d-----w- C:\CP1520_Series_Full_Solution 2012-08-29 20:46 . 2012-08-29 20:46 -------- d-----w- c:\program files\Common Files\Java 2012-08-29 20:45 . 2012-09-02 18:48 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-29 20:45 . 2012-09-02 18:48 477168 ----a-w- c:\windows\system32\npdeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-21 10:44 . 2012-08-09 19:44 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-21 10:44 . 2011-08-11 01:05 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-02 18:48 . 2010-05-07 21:36 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 15:14 . 2004-08-10 20:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2004-08-10 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2004-08-10 20:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-10 20:00 385024 ----a-w- c:\windows\system32\html.iec 2012-08-21 20:01 . 2012-08-21 20:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2012-07-06 13:58 . 2004-08-10 20:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2009-10-11 22:29 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2009-10-11 22:29 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-08-25 00:02 . 2011-12-29 20:20 134112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-09-22 13003448] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200] "WD Quick View"="c:\program files\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128] "ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\csiInstaller\\5C069542-CA13-4f1b-B90C-28C6430F4992\\Installer\\hpbcsiInstaller.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [7/25/2012 1:46 AM 1326176] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [7/25/2012 1:46 AM 681056] R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [8/31/2012 7:02 AM 2754984] R2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [6/14/2012 11:04 AM 1151424] R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [6/14/2012 10:57 AM 248248] R2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [6/14/2012 11:04 AM 1177536] R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [8/11/2011 8:18 PM 20504] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [9/7/2012 2:19 PM 11520] S1 MpKsl7a38eac1;MpKsl7a38eac1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F86BF1BE-5FA9-4EB6-A6F8-E0CCAEAD076A}\MpKsl7a38eac1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F86BF1BE-5FA9-4EB6-A6F8-E0CCAEAD076A}\MpKsl7a38eac1.sys [?] S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [10/25/2010 2:53 PM 145920] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/9/2012 12:44 PM 250288] S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2/20/2002 2:34 AM 72576] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 10:44] . 2012-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1677128483-725345543-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-03 17:16] . 2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1677128483-725345543-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-03 17:16] . 2012-09-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03] . 2012-09-03 c:\windows\Tasks\System Restore.job - c:\windows\system32\Restore\rstrui.exe [2007-04-12 12:42] . 2012-09-22 c:\windows\Tasks\User_Feed_Synchronization-{20B31508-B4EE-4E4A-A0E0-5C0677C82715}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\x8j0nmoe.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-dlink-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - ORPHANS REMOVED - - - - . AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-22 13:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3368) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\RTHDCPL.EXE c:\program files\TeamViewer\Version7\TeamViewer.exe c:\windows\system32\igfxsrvc.exe c:\windows\eHome\ehmsas.exe c:\program files\TeamViewer\Version7\tv_w32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe . ************************************************************************** . Completion time: 2012-09-22 14:09:40 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-22 21:09 . Pre-Run: 273,872,199,680 bytes free Post-Run: 273,597,939,712 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 4F929553B874C910E2EFA73EC8845750