ComboFix 13-09-02.02 - Kathie 09/02/2013 9:42.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1088 [GMT -5:00] Running from: c:\documents and settings\Kathie\Desktop\ComboFix.exe AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 Premier Edition *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Kathie\Local Settings\Application Data\BcsKtYcHW.dll c:\documents and settings\Kathie\WINDOWS c:\program files\Internet Explorer\SETA9.tmp c:\windows\EventSystem.log c:\windows\system32\_000005_.tmp.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\AegisI5Installer.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SET68.tmp c:\windows\system32\SET69.tmp c:\windows\system32\SET6F.tmp c:\windows\system32\SET72.tmp c:\windows\system32\SET74.tmp c:\windows\system32\SET75.tmp c:\windows\system32\SET7B.tmp c:\windows\system32\SET7C.tmp c:\windows\system32\SET7D.tmp c:\windows\system32\SET81.tmp c:\windows\system32\SET83.tmp c:\windows\system32\SET85.tmp c:\windows\system32\SET8A.tmp c:\windows\system32\SET8C.tmp c:\windows\system32\SET8D.tmp c:\windows\system32\SET8E.tmp c:\windows\system32\SET8F.tmp c:\windows\system32\SET90.tmp c:\windows\system32\SET95.tmp c:\windows\system32\SET96.tmp c:\windows\system32\SET97.tmp c:\windows\system32\SET98.tmp c:\windows\system32\SET9C.tmp c:\windows\system32\SET9E.tmp c:\windows\system32\SETA0.tmp c:\windows\system32\SETA5.tmp c:\windows\system32\SETA8.tmp c:\windows\system32\Thumbs.db c:\windows\system32\TMP9E8.tmp c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG c:\windows\wininit.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_DEFAULTTABSEARCH . . ((((((((((((((((((((((((( Files Created from 2013-08-02 to 2013-09-02 ))))))))))))))))))))))))))))))) . . 2013-09-02 13:55 . 2013-09-02 13:55 -------- d-----w- c:\documents and settings\Kathie\Local Settings\Application Data\FileTypeAssistant 2013-09-02 13:44 . 2013-09-02 13:44 -------- d-----w- C:\_OTL 2013-09-01 04:09 . 2013-09-01 04:09 -------- d-----w- c:\windows\ERUNT 2013-09-01 04:02 . 2013-09-01 04:02 -------- d-sh--w- c:\documents and settings\Kathie\IECompatCache 2013-09-01 04:00 . 2013-09-01 04:00 -------- d-----w- c:\program files\The Sea App (Internet Explorer) 2013-09-01 03:59 . 2013-09-01 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2013-09-01 03:47 . 2013-09-01 03:50 -------- d-----w- C:\AdwCleaner 2013-08-31 19:33 . 2013-08-31 19:36 -------- d-----w- c:\windows\system32\MRT 2013-08-30 13:15 . 2007-08-07 06:28 28272 ----a-w- c:\windows\system32\NicCo2.dll 2013-08-27 22:32 . 2013-08-27 22:33 -------- d-----w- c:\program files\Flash Player Pro 2013-08-27 22:32 . 2013-08-27 22:33 -------- d-----w- c:\documents and settings\Kathie\Local Settings\Application Data\SySaver 2013-08-26 23:10 . 2013-08-27 23:29 -------- d-----w- c:\program files\PrinterShare 2013-08-26 23:06 . 2013-08-26 23:07 -------- d-----w- c:\program files\wrapper_inst 2013-08-26 23:05 . 2013-08-26 23:05 -------- d-----w- c:\program files\Bonjour 2013-08-26 23:01 . 2013-08-27 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PrinterShare 2013-08-04 21:21 . 2013-08-31 17:15 -------- d-----w- c:\program files\Mozilla Maintenance Service . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-12 17:42 . 2013-03-24 17:55 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-08-12 17:42 . 2013-01-20 18:06 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-12 17:42 . 2011-01-26 05:37 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-12 17:42 . 2008-07-24 23:18 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-08-03 19:18 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-26 02:47 . 2006-04-30 06:56 920064 ----a-w- c:\windows\system32\wininet.dll 2013-07-26 02:47 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll 2013-07-26 02:47 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-07-25 15:52 . 2006-04-30 06:55 385024 ----a-w- c:\windows\system32\html.iec 2013-07-10 10:37 . 2006-04-30 06:56 406016 ----a-w- c:\windows\system32\usp10.dll 2013-07-04 03:03 . 2006-04-30 06:55 2149888 ------w- c:\windows\system32\ntoskrnl.exe 2013-07-04 02:08 . 2004-08-03 22:59 2028544 ------w- c:\windows\system32\ntkrnlpa.exe 2013-07-01 20:14 . 2013-07-01 20:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-01 20:14 . 2013-07-01 20:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-28 00:09 . 2013-06-28 00:09 712264 ----a-w- c:\windows\is-JU18I.exe 2013-06-23 16:08 . 2013-06-23 16:09 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-10 68856] "GoogleChromeAutoLaunch_BA67679302E9B0B9DBD0A56F5991E6C8"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-08-20 844752] "82A65744E4EE70D3AE1EB3EF2EB18B07B2E3ECBB._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-08-20 844752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "TpShocks"="TpShocks.exe" [2007-03-30 181808] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-17 200704] "nwiz"="nwiz.exe" [2007-05-17 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-17 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-31 2618944] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-17 208896] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640] "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416] "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "Virtual Account Numbers"="c:\progra~1\VIRTUA~1\CitiVAN.exe" [2013-03-04 398336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-16 50688] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe -s [2004-11-4 53248] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\File Type Assistant\\tsassist.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] ""= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1403000.024\symds.sys [2/26/2013 10:27 PM 367704] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1403000.024\symefa.sys [2/26/2013 10:27 PM 934488] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 8:47 PM 19760] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [7/16/2013 6:08 PM 1002072] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1403000.024\ccsetx86.sys [2/26/2013 10:27 PM 134304] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1403000.024\ironx86.sys [2/26/2013 10:27 PM 175264] R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [10/21/2010 1:37 PM 99896] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672] R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\20.3.0.36\ccsvchst.exe [2/26/2013 10:26 PM 144520] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe [11/10/2009 3:42 PM 123320] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe [11/10/2009 3:42 PM 126392] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 4:11 PM 569344] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2013 6:40 PM 108120] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130830.001\IDSXpx86.sys [8/30/2013 7:14 PM 380832] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [11/16/2007 11:35 AM 81280] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 3:42 PM 35264] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 4:04 PM 25824] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568] S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [11/8/2012 11:39 AM 174176] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408] . Contents of the 'Scheduled Tasks' folder . 2013-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34] . 2013-09-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-16 21:22] . 2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 07:13] . 2008-10-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01] . 2008-10-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2007-08-31 19:13] . . ------- Supplementary Scan ------- . uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130835,20029,0,8,0 uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\ FF - prefs.js: browser.startup.homepage - hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20130835,20031,0,8,0 FF - prefs.js: keyword.URL - FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20130835,20030,0,8,0 FF - ExtSQL: 2013-08-03 23:00; gystqfr@ylgga.com; c:\documents and settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\gystqfr@ylgga.com FF - ExtSQL: 2013-08-25 21:17; {53c4024f-5a2e-4f2a-b33e-e8784d730938}; c:\documents and settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{53c4024f-5a2e-4f2a-b33e-e8784d730938} FF - ExtSQL: 2013-08-27 17:33; ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org; c:\documents and settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org FF - ExtSQL: !HIDDEN! 2010-10-21 13:47; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - ExtSQL: !HIDDEN! 2011-01-07 18:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Notify-ACNotify - ACNotify.dll HKLM_ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe AddRemove-Driver Genius_is1 - c:\program files\Driver-Soft\DriverGenius\unins000.exe AddRemove-GetSavin - c:\documents and settings\Kathie\Local Settings\Application Data\getsavin\uninst.exe AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\setup.exe AddRemove-Google Chrome Frame - c:\program files\Google\Chrome Frame\Application\27.0.1453.116\Installer\setup.exe AddRemove-Lexmark 640 Series - c:\windows\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE AddRemove-showlyrics@superstrsoft.co - c:\program files\Show-Lyrics\uninstall.exe AddRemove-sl-adk - c:\program files\OApps\sl-adk_uninstall.exe AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_80ACC8E3971CD605.exe AddRemove-Define Ext - c:\documents and settings\Kathie\Local Settings\Application Data\DefineExt\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-02 10:19 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360] "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.3.0.36\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.3.0.36\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.1.246\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2742438380-270914250-3487169969-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1424) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . - - - - - - - > 'lsass.exe'(1480) c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll . - - - - - - - > 'explorer.exe'(5756) c:\windows\system32\WININET.dll c:\windows\system32\nview.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\corel\Graphics8\programs\CMFFld80.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre7\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\lenovo\system update\suservice.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\TpShocks.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\windows\system32\rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe c:\windows\system32\OBroker.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Memeo\AutoBackup\InstantBackup.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe . ************************************************************************** . Completion time: 2013-09-02 10:27:21 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-02 15:27 . Pre-Run: 18,471,706,624 bytes free Post-Run: 18,619,764,736 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 9060567D6C1680BFFC98116636D2AE3E 602F584DEC14BE7E0C1D0787729C68CB