ComboFix 13-04-27.04 - User 04/27/2013 17:54:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1331 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\combofix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\ZeoBIT
c:\documents and settings\All Users\Application Data\ZeoBIT\PCKeeper\installer0.exe0.llog
c:\documents and settings\All Users\Application Data\ZeoBIT\PCKeeper\installer0.exe1.llog
c:\documents and settings\All Users\Application Data\ZeoBIT\PCKeeper\PCKeeper Installer[1].exe0.llog
c:\documents and settings\All Users\Application Data\ZeoBIT\PCKeeper\PCKeeper Installer[1].exe1.llog
c:\documents and settings\User\My Documents\~WRL2286.tmp
c:\documents and settings\User\My Documents\~WRL3502.tmp
c:\documents and settings\User\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\SET91.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA8.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))
.
.
2013-04-26 06:27 . 2013-04-26 06:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2013-04-26 06:27 . 2013-04-26 06:28 -------- d-----w- c:\program files\Google
2013-04-26 06:27 . 2013-04-26 06:27 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment
2013-04-24 06:15 . 2013-04-24 06:15 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-23 05:33 . 2013-04-23 05:33 -------- d-----w- c:\program files\CCleaner
2013-04-22 00:23 . 2013-04-22 00:33 -------- d-----w- c:\program files\PCPitstop
2013-04-21 10:05 . 2013-04-21 10:05 -------- d-----w- C:\TMRescueDisk
2013-04-21 10:00 . 2012-07-11 08:35 90808 ----a-w- c:\windows\system32\drivers\tmeext.sys
2013-04-21 10:00 . 2012-07-06 03:33 171064 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2013-04-21 10:00 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2013-04-21 10:00 . 2012-08-24 13:06 38328 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2013-04-21 10:00 . 2012-07-12 10:30 94200 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2013-04-21 10:00 . 2012-07-12 10:29 75624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2013-04-21 10:00 . 2012-07-12 10:29 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-04-21 09:59 . 2013-04-21 09:59 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2013-04-20 06:23 . 2013-03-12 08:10 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-20 06:03 . 2013-04-20 06:03 -------- d-----w- c:\program files\Microsoft Download Manager
2013-04-20 05:56 . 2000-01-04 14:39 212992 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-04-20 05:56 . 2013-04-20 05:56 -------- d-----w- C:\DCT53
2013-04-19 23:50 . 2013-04-19 23:50 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-04-19 23:50 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\rt61.sys
2013-04-19 23:50 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys
2013-04-19 23:50 . 2005-10-20 22:00 243328 ----a-w- c:\windows\system32\rt2500.sys
2013-04-19 23:50 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2013-04-19 23:50 . 2003-09-26 06:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2013-04-19 23:50 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\bcm42rly.sys
2013-04-19 23:50 . 2013-04-19 23:50 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2013-04-19 03:41 . 2012-08-22 17:19 11832 ----a-w- c:\windows\acpimof.dll
2013-04-06 06:22 . 2013-04-06 06:22 -------- d-----w- c:\documents and settings\User\Application Data\AVG2013
2013-04-06 06:22 . 2013-04-06 06:22 -------- d-----w- c:\documents and settings\User\Application Data\TuneUp Software
2013-04-06 06:17 . 2013-04-21 09:55 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Avg2013
2013-04-06 06:17 . 2013-04-21 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-04-06 06:17 . 2013-04-06 06:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 23:37 . 2012-03-31 23:20 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-14 23:37 . 2011-05-18 03:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-23 08:22 . 2012-02-10 06:40 1869600 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-23 08:22 . 2007-12-19 03:55 7536640 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-23 08:22 . 2005-06-15 09:20 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
2013-03-23 08:22 . 2005-06-15 09:20 12653120 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-03-23 08:22 . 2013-03-23 08:22 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-23 08:22 . 2013-03-23 08:22 1010464 ----a-w- c:\windows\system32\nvdispco3230790.dll
2013-03-23 08:22 . 2012-02-10 06:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-23 08:22 . 2005-06-15 09:20 4494720 ----a-w- c:\windows\system32\nv4_disp.dll
2013-03-23 08:22 . 2013-03-23 08:22 893728 ----a-w- c:\windows\system32\nvdispgenco3230790.dll
2013-03-23 08:22 . 2007-12-29 22:46 2392064 ----a-w- c:\windows\system32\nvapi.dll
2013-03-23 08:22 . 2012-02-10 06:40 2582816 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 03:17 . 2013-02-25 00:48 9842040 ----a-w- c:\program files\Common Files\wruninstall.exe
2013-03-07 01:32 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2006-01-07 17:03 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-23 03:34 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-03 07:46 . 2012-07-11 04:16 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-03 07:46 . 2010-04-22 03:45 782240 ----a-w- c:\windows\system32\deployJava1.dll
2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2013-01-26 03:55 552448 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
c:\windows\System32\drivers\atapi.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-15 1103216]
"PCShowServer"="c:\documents and settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-07-20 524976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2006-11-17 577536]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"****** EPM tray"="c:\program files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-13 492912]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-2-24 9842040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Frostwire\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*
isabled:Windows Remote Management
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/10/2007 11:21 PM 685816]
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [4/21/2013 3:00 AM 38328]
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [4/21/2013 3:00 AM 90808]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/21/2013 3:00 AM 75624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/23/2013 10:42 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/23/2013 10:42 PM 701512]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2/12/2010 8:10 AM 57840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/23/2013 10:42 PM 22856]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [4/18/2013 8:41 PM 7680]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2/11/2010 3:34 AM 1964528]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [4/21/2013 3:00 AM 171064]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/21/2013 2:59 AM 221264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/1/2013 12:25 AM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/1/2013 12:25 AM 9160]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2/12/2010 8:09 AM 1574408]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
*NewlyCreated* - NTIOLIB_1_0_4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-26 06:28 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
.
2013-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 06:27]
.
2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-26 06:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 76.14.96.13 76.14.96.14 76.14.0.9
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-04-27 18:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
.
[HKEY_USERS\S-1-5-21-73586283-1972579041-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-04-27 18:02:27
ComboFix-quarantined-files.txt 2013-04-28 01:02
.
Pre-Run: 183,063,797,760 bytes free
Post-Run: 183,499,460,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Windows XP/2003"
.
- - End Of File - - 39935C2190BC9553EF1B970742EAD4BB
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:10:05 PM, on 4/27/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [SW20] "C:\WINDOWS\system32\sw20.exe"
O4 - HKLM\..\Run: [SW24] "C:\WINDOWS\system32\sw24.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [****** EPM tray] C:\Program Files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
O4 - HKLM\..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\Download Manager\dlm.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [PCShowServer] "C:\Documents and Settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -
http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11804 bytes