1. ComboFix Log:ComboFix 13-03-15.01 - Administrator 03/15/2013 13:39:46.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.508 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-15 to 2013-03-15 )))))))))))))))))))))))))))))))
.
.
2013-03-15 15:45 . 2013-03-15 15:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Motorola
2013-03-15 04:49 . 2013-02-07 20:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E3093B2E-12E3-4C0B-89FE-5AAA32A225F3}\mpengine.dll
2013-03-15 04:47 . 2013-03-15 04:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2013-03-15 04:11 . 2013-03-15 04:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-03-14 18:56 . 2013-03-14 18:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman Kodak Company
2013-03-14 18:20 . 2013-03-14 18:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Intuit
2013-03-14 18:20 . 2013-03-14 18:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\OnlineArmor
2013-03-14 18:20 . 2013-03-14 18:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2013-03-14 18:19 . 2013-03-14 18:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Motorola
2013-03-14 18:13 . 2013-03-14 18:13 -------- d-----w- c:\documents and settings\Eric Emminger\Local Settings\Application Data\Identities
2013-03-14 18:13 . 2013-03-14 18:13 -------- d-----w- c:\documents and settings\Eric Emminger\Application Data\Windows Desktop Search
2013-03-14 18:13 . 2013-03-14 18:13 -------- d-----w- c:\documents and settings\Eric Emminger\Application Data\OnlineArmor
2013-03-14 17:22 . 2013-03-14 17:22 -------- d-----w- c:\program files\ImgBurn
2013-03-14 17:20 . 2013-03-14 17:20 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-03-14 17:20 . 2013-03-14 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Strongvault Online Backup
2013-03-14 17:20 . 2013-03-14 17:21 -------- d-----w- c:\program files\Strongvault Online Backup
2013-03-14 17:19 . 2013-03-14 17:20 -------- d-----w- C:\AI_RecycleBin
2013-03-14 17:17 . 2013-03-14 17:18 -------- d-----w- c:\program files\Deal Spy
2013-03-14 04:28 . 2013-03-14 04:32 -------- d-----w- C:\RK_Quarantine
2013-03-14 04:27 . 2013-02-07 20:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-13 15:34 . 2013-03-13 17:52 -------- d-----w- c:\program files\Auslogics
2013-03-12 22:10 . 2013-03-12 22:10 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-03-12 22:08 . 2013-03-12 22:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-03-12 22:08 . 2013-03-12 22:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-03-12 22:08 . 2013-03-12 22:08 -------- d-----w- c:\documents and settings\All Users\Microsoft
2013-03-12 22:06 . 2013-03-12 22:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-03-12 22:04 . 2013-03-12 22:04 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-03-12 22:03 . 2013-03-12 22:16 -------- d-----w- c:\windows\SHELLNEW
2013-03-12 22:00 . 2013-03-12 22:00 -------- d-----r- C:\MSOCache
2013-03-12 21:54 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2013-03-12 21:54 . 2013-03-12 21:54 -------- d-----w- c:\program files\MagicDisc
2013-03-12 21:24 . 2013-03-12 21:24 -------- d-----w- c:\program files\Elaborate Bytes
2013-03-11 03:48 . 2013-03-11 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2013-03-11 03:46 . 2012-10-02 19:03 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2013-03-11 03:46 . 2012-10-02 19:02 31920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2013-03-11 03:46 . 2012-10-02 19:02 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2013-03-11 03:46 . 2012-10-02 19:02 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2013-03-11 03:45 . 2013-03-14 05:27 -------- d-----w- c:\program files\Online Armor
2013-03-11 03:40 . 2013-01-30 10:53 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-03-11 03:38 . 2013-03-11 03:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 03:23 . 2013-03-11 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
2013-03-11 02:42 . 2013-03-11 02:42 -------- d-----w- c:\program files\Common Files\Java
2013-03-11 02:42 . 2013-03-11 02:41 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-11 02:42 . 2013-03-11 02:41 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 22:07 . 2013-03-10 22:07 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 04:31 . 2012-05-24 16:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 04:31 . 2012-01-19 19:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 02:41 . 2012-10-19 21:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-11 02:41 . 2012-01-17 02:11 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-05 20:05 . 2008-08-21 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2008-08-21 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2008-08-21 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2008-08-21 12:00 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2008-08-21 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 19:59 . 2013-01-20 19:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16 . 2008-08-21 12:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2008-04-14 00:01 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2008-08-21 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-08-21 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-08-21 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-16 12:23 . 2008-08-21 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-10-27 18:04 . 2012-10-27 18:03 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{25DA541F-6ACF-4052-A8AA-1D58284729C7}]
2010-03-18 18:09 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-20 296056]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"Conime"="c:\windows\system32\conime.exe" [2008-08-21 27648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-10-02 2415104]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SMessaging"="c:\documents and settings\user\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe" [2012-04-04 31664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5940056]
NETGEAR WNDA3100v2 Genie.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-10-29 8453376]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2011-11-9 1178984]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-10-02 366440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOPrinterTools.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Inkjet.AdminUtility.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinter64Util.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHostDirector.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOTransfer.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\EKAiOHostService.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.010\ccSetx86.sys [1/18/2012 2:22 AM 132744]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/3/2012 12:07 PM 89792]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/10/2013 11:46 PM 208320]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/10/2013 11:46 PM 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/10/2013 11:46 PM 31920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 7:38 PM 116608]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [6/16/2011 11:40 PM 87368]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [10/19/2012 3:51 PM 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [10/15/2012 12:58 PM 779200]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/3/2012 12:07 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/3/2012 10:37 AM 151880]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 5:00 PM 214896]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [1/18/2012 2:22 AM 138760]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [3/10/2013 11:45 PM 216072]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [11/9/2011 11:59 AM 1248256]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/3/2012 12:07 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/3/2012 12:07 PM 83856]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [3/10/2013 11:46 PM 44992]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [3/10/2013 11:45 PM 4463864]
S2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [10/29/2012 6:17 PM 303360]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [10/29/2012 6:18 PM 1034240]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2/28/2012 10:33 PM 6016]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/3/2012 12:07 PM 57600]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/3/2012 12:07 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/3/2012 12:07 PM 87656]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2/28/2012 10:33 PM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/28/2012 10:33 PM 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/28/2012 10:33 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2/28/2012 10:33 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2/28/2012 10:33 PM 11008]
S4 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [1/22/2011 2:58 AM 189968]
S4 atiide;atiide;c:\windows\system32\drivers\atiide.sys [1/22/2011 2:58 AM 6016]
S4 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [1/22/2011 2:58 AM 29184]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1/22/2011 2:58 AM 17968]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 63516716
*NewlyCreated* - 66934085
*Deregistered* - 63516716
*Deregistered* - 66934085
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 22:08 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 04:31]
.
2013-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 15:17]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 15:17]
.
2013-03-15 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
2012-11-25 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2013-03-15 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-11-25 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2013-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1873647745-624764526-1125205251-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2013-03-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1873647745-624764526-1125205251-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-63516716.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-03-15 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-03-15 13:49:39
ComboFix-quarantined-files.txt 2013-03-15 17:49
ComboFix2.txt 2013-03-15 04:47
ComboFix3.txt 2013-03-14 05:45
.
Pre-Run: 40,916,262,912 bytes free
Post-Run: 40,904,380,416 bytes free
.
- - End Of File - - 5ED6BA7381E5E13FED41A27FEC2CFECC
2. No known issues or problems!3. Computer seems to be running great!!! A lot faster too!! I'm going to reboot the computer now to see how quickly it Windows comes back... ALSO, after I re-boot... I'm going to go into my Control Panel, Add and Remove Programs, and Uninstall a Program to see if it is still causing any major issues...