My wife had shut down my computer during a ComboFix scan and when I went to turn it back on the operating system would not reload. I started it in safe mode and restored to 4/26 so I reinstalled ComboFix and did another scan here are the results; do you want me to continue with the suggestions above or do you see something different now?
ComboFix 13-05-01.03 - User 05/02/2013 20:51:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1327 [GMT -7:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\ZeoBIT
c:\documents and settings\User\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-03 to 2013-05-03 )))))))))))))))))))))))))))))))
.
.
2013-05-03 03:11 . 2013-05-03 03:11 -------- d-----w- c:\windows\system32\wbem\Repository
2013-05-03 03:07 . 2013-05-03 03:07 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2013-05-01 09:55 . 2013-05-01 09:55 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\BUTTON.JS
2013-05-01 09:55 . 2013-05-01 09:55 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(2)\CHECKBOX.JS
2013-04-29 05:01 . 2013-04-29 05:01 -------- d-----w- C:\Linksys Driver
2013-04-26 06:27 . 2013-05-03 03:29 -------- d-----w- c:\program files\Google
2013-04-26 06:27 . 2013-04-26 06:29 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Google
2013-04-26 06:27 . 2013-04-26 06:27 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment
2013-04-24 06:15 . 2013-04-24 06:15 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-24 05:42 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-24 05:42 . 2013-04-24 05:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-23 05:33 . 2013-04-23 05:33 -------- d-----w- c:\program files\CCleaner
2013-04-22 00:23 . 2013-04-22 00:33 -------- d-----w- c:\program files\PCPitstop
2013-04-21 10:05 . 2013-04-21 10:05 -------- d-----w- C:\TMRescueDisk
2013-04-21 10:00 . 2012-07-11 08:35 90808 ----a-w- c:\windows\system32\drivers\tmeext.sys
2013-04-21 10:00 . 2012-07-06 03:33 171064 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2013-04-21 10:00 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2013-04-21 10:00 . 2012-08-24 13:06 38328 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2013-04-21 10:00 . 2012-07-12 10:30 94200 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2013-04-21 10:00 . 2012-07-12 10:29 75624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2013-04-21 10:00 . 2012-07-12 10:29 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-04-21 09:59 . 2013-04-21 09:59 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2013-04-20 06:23 . 2013-03-12 08:10 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-20 06:03 . 2013-04-20 06:03 -------- d-----w- c:\program files\Microsoft Download Manager
2013-04-20 05:56 . 2000-01-04 14:39 212992 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-04-20 05:56 . 2013-04-20 05:56 -------- d-----w- C:\DCT53
2013-04-19 23:50 . 2013-04-19 23:50 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-04-19 23:50 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\rt61.sys
2013-04-19 23:50 . 2005-10-27 22:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys
2013-04-19 23:50 . 2005-10-20 22:00 243328 ----a-w- c:\windows\system32\rt2500.sys
2013-04-19 23:50 . 2003-10-13 22:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2013-04-19 23:50 . 2003-09-26 06:28 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2013-04-19 23:50 . 2003-09-26 05:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2013-04-19 23:50 . 2005-02-02 01:18 17992 ----a-w- c:\windows\bcm42rly.sys
2013-04-19 23:50 . 2013-04-19 23:50 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2013-04-19 03:41 . 2012-08-22 17:19 11832 ----a-w- c:\windows\acpimof.dll
2013-04-06 06:22 . 2013-04-06 06:22 -------- d-----w- c:\documents and settings\User\Application Data\AVG2013
2013-04-06 06:22 . 2013-04-06 06:22 -------- d-----w- c:\documents and settings\User\Application Data\TuneUp Software
2013-04-06 06:17 . 2013-04-21 09:55 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Avg2013
2013-04-06 06:17 . 2013-04-21 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-04-06 06:17 . 2013-04-06 06:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 23:37 . 2012-03-31 23:20 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-14 23:37 . 2011-05-18 03:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-23 08:22 . 2012-02-10 06:40 1869600 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-23 08:22 . 2007-12-19 03:55 7536640 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-23 08:22 . 2005-06-15 09:20 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
2013-03-23 08:22 . 2005-06-15 09:20 12653120 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-03-23 08:22 . 2013-03-23 08:22 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-23 08:22 . 2013-03-23 08:22 1010464 ----a-w- c:\windows\system32\nvdispco3230790.dll
2013-03-23 08:22 . 2012-02-10 06:40 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-23 08:22 . 2005-06-15 09:20 4494720 ----a-w- c:\windows\system32\nv4_disp.dll
2013-03-23 08:22 . 2013-03-23 08:22 893728 ----a-w- c:\windows\system32\nvdispgenco3230790.dll
2013-03-23 08:22 . 2007-12-29 22:46 2392064 ----a-w- c:\windows\system32\nvapi.dll
2013-03-23 08:22 . 2012-02-10 06:40 2582816 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-08 08:36 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 03:17 . 2013-02-25 00:48 9842040 ----a-w- c:\program files\Common Files\wruninstall.exe
2013-03-07 01:32 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-04 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2006-01-07 17:03 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-23 03:34 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-03 07:46 . 2012-07-11 04:16 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-03 07:46 . 2010-04-22 03:45 782240 ----a-w- c:\windows\system32\deployJava1.dll
2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2013-01-26 03:55 552448 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
c:\windows\System32\drivers\atapi.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-16 454784]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-15 1103216]
"PCShowServer"="c:\documents and settings\User\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-07-20 524976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2006-11-17 577536]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-04-20 1169744]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2007-04-20 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-20 149024]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"****** EPM tray"="c:\program files\******\****** Partition Master 9.2.1 Home Edition\bin\EpmNews.exe" [2012-11-29 2086984]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-13 492912]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe [2013-2-24 9842040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Frostwire\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*
isabled:Windows Remote Management
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/10/2007 11:21 PM 685816]
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [4/21/2013 3:00 AM 38328]
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [4/21/2013 3:00 AM 90808]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/21/2013 3:00 AM 75624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/23/2013 10:42 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/23/2013 10:42 PM 701512]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2/12/2010 8:10 AM 57840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/23/2013 10:42 PM 22856]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [4/18/2013 8:41 PM 7680]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2/11/2010 3:34 AM 1964528]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [4/21/2013 3:00 AM 171064]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/21/2013 2:59 AM 221264]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/1/2013 12:25 AM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/1/2013 12:25 AM 9160]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2/12/2010 8:09 AM 1574408]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:37]
.
2013-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 76.14.96.13 76.14.96.14 76.14.0.9
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-05-02 20:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,ca,76,38,f0,e7,9f,42,b0,7f,92,\
.
[HKEY_USERS\S-1-5-21-73586283-1972579041-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-05-02 20:59:23
ComboFix-quarantined-files.txt 2013-05-03 03:59
ComboFix2.txt 2013-05-01 10:13
ComboFix3.txt 2013-04-28 01:02
.
Pre-Run: 182,753,644,544 bytes free
Post-Run: 182,685,552,640 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Windows XP/2003"
.
- - End Of File - - 1B368396E7C3BE8D84F9CF264C678BBD