ComboFix 12-08-13.01 - Randy Pierce 08/13/2012 13:23:59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.253 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\6F638BFE7C65D9DE00090A167B07D287
c:\documents and settings\All Users\Application Data\6F638BFE7C65D9DE00090A167B07D287\6F638BFE7C65D9DE00090A167B07D287
c:\documents and settings\All Users\Application Data\6F638BFE7C65D9DE00090A167B07D287\6F638BFE7C65D9DE00090A167B07D287.exe
c:\documents and settings\All Users\Application Data\6F638BFE7C65D9DE00090A167B07D287\6F638BFE7C65D9DE00090A167B07D287.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Randy Pierce\My Documents\$APC.tmp
c:\documents and settings\Randy Pierce\Recent\Thumbs.db
c:\documents and settings\Randy Pierce\Start Menu\Programs\Live Security Platinum
c:\documents and settings\Randy Pierce\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\documents and settings\Randy Pierce\WINDOWS
c:\windows\system32\SET973.tmp
c:\windows\system32\SET975.tmp
c:\windows\system32\SET983.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-12 22:10 . 2012-08-12 22:10 58368 ---ha-w- c:\windows\system32\chkddlin.dll
2012-08-11 22:49 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{606284F5-33EA-485B-B504-0A5CFFA46547}\mpengine.dll
2012-08-10 22:38 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 15:17 . 2012-07-20 15:17 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 14:49 . 2012-04-29 19:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 14:49 . 2011-06-16 14:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2009-03-26 00:06 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 22:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2009-03-26 00:06 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-21 23:06 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-10-21 23:06 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2007-05-07 23:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2007-05-07 23:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-05-07 23:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-10-21 23:06 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2007-05-07 23:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2007-05-07 23:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-21 23:06 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2007-05-07 23:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2007-05-07 23:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2012-03-03 18:09 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2012-03-03 18:09 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2012-03-03 18:09 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2006-11-30 20:35 . 2007-05-12 10:59 1259960 ----a-w- c:\program files\winzip8.0.exe
2012-07-19 22:25 . 2012-02-11 20:49 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Randy Pierce\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office 2010\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [7/30/2010 5:51 PM 103552]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 13:48]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 13:48]
.
2012-08-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://myitlab.pearsoned.com/Pegasus/frmLogin.aspx?s=3uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI7967~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI7967~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: facebook.com\www
Trusted Zone: freerealms.com
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
Trusted Zone: researchnavigator.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} -
hxxp://www3.authentium.com/cssrelease/bin/wizard.exeDPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} -
hxxp://141.238.49.9/activex/AMC.cabFF - ProfilePath - c:\documents and settings\Randy Pierce\Application Data\Mozilla\Firefox\Profiles\uz7uj9nk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://us.lrd.yahoo.com/_ylt=AnozJDXUMrwVU_WFKvCStuqxulI6/SIG=1193ackbe/EXP=1330370489/**http%3A//www.yahoo.com/.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-08-13 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-13 13:40:00
ComboFix-quarantined-files.txt 2012-08-13 17:39
.
Pre-Run: 27,283,640,320 bytes free
Post-Run: 27,793,125,376 bytes free
.
- - End Of File - - 2C768D655710339B37074E92F95196EE