OK,
Here's the logs you asked for; I don't know how you can keep your sanity and pour over all these logs!
Thanks!!!!!!!!!!!!!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Microsoft Windows XP x86
Ran by Ron on Tue 08/27/2013 at 16:58:45.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\uniblue
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\uniblue
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EE565D9B-7379-4E6A-8E72-08338C88709D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{142503EE-1C67-A6AE-C1D1-246D0D94038B}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\Ron\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\Ron\Application Data\pcpro"
Successfully deleted: [Folder] "C:\Documents and Settings\Ron\Local Settings\Application Data\wiseconvert"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files\wiseconvert"
Successfully deleted: [Folder] "C:\Documents and Settings\Ron\start menu\programs\free registry cleaner"
~~~ FireFox
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\
[email protected]"
Successfully deleted: [Folder] C:\Documents and Settings\Ron\Application Data\mozilla\firefox\profiles\hoeo65rx.default\extensions\
[email protected]~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/27/2013 at 17:02:29.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 13-08-27.02 - Ron 08/27/2013 17:10:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.980 [GMT -8:00]
Running from: c:\documents and settings\Ron\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Guest\Application Data\Toolbar4
c:\documents and settings\Guest\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\6f52dca438370b63146a128c3829cc7e
c:\documents and settings\Guest\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\bbb9c886cf2ba534f4be36c9ba863f2f
c:\documents and settings\Guest\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\include_files\ac140ff056abe0c585708505fd1ede17
c:\documents and settings\Guest\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.png
c:\documents and settings\Ron\WINDOWS
c:\windows\system32\service
c:\windows\system32\service\02012010_TIS17_SfFniAU.log
c:\windows\system32\service\02092009_TIS17_SfFniAU.log
c:\windows\system32\service\26032009_TIS17_SfFniAU.log
c:\windows\system32\SET248.tmp
c:\windows\system32\SET24C.tmp
c:\windows\system32\SET24D.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET29C.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2013-07-28 to 2013-08-28 )))))))))))))))))))))))))))))))
.
.
2013-08-28 00:58 . 2013-08-28 00:58 -------- d-----w- c:\windows\ERUNT
2013-08-28 00:49 . 2013-08-28 00:49 -------- d-sh--w- c:\documents and settings\Ron\IECompatCache
2013-08-27 19:10 . 2013-08-27 19:13 -------- dc----w- C:\AdwCleaner
2013-08-27 18:51 . 2013-08-27 18:51 -------- d-----w- c:\program files\CCleaner
2013-08-27 16:50 . 2013-08-27 16:50 -------- d-----w- c:\documents and settings\Ron\Application Data\Malwarebytes
2013-08-27 16:50 . 2013-08-27 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-27 16:50 . 2013-08-27 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-27 16:50 . 2013-04-04 22:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-27 10:14 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6C8E5B8-5F89-427A-BB04-7F8066360B80}\mpengine.dll
2013-08-26 10:14 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application
Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-24 01:56 . 2013-08-24 01:57 -------- d-----w- c:\program files\Lightspark 0.5.3-git
2013-08-23 04:39 . 2013-08-23 04:39 -------- d-----w- c:\program files\iPod
2013-08-23 04:39 . 2013-08-23 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 19:11 . 2013-08-14 19:11 4774272 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 19:11 . 2013-08-14 19:11 4774272 ----a-w- c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-25 02:39 . 2012-03-31 19:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-25 02:39 . 2011-06-11 16:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:47 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 22:47 . 2013-07-25 22:47 1535608 ----a-w- c:\windows\system32\Codejock.ReportControl.Unicode.v16.2.2.ocx
2013-07-25 22:47 . 2013-07-25 22:47 1138296 ----a-w- c:\windows\system32\Codejock.DockingPane.Unicode.v16.2.2.ocx
2013-07-25 22:47 . 2013-07-25 22:47 1977976 ----a-w- c:\windows\system32\Codejock.Controls.Unicode.v16.2.2.ocx
2013-07-25 15:52 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2013-07-19 13:00 . 2013-07-19 13:00 207872 ----a-w- c:\windows\system32\tx19_ic.dll
2013-07-19 03:01 . 2013-07-19 03:01 1273344 ----a-w- c:\windows\system32\tx19.dll
2013-07-18 09:42 . 2013-07-18 09:42 1223168 ----a-w- c:\windows\system32\tx19_dox.dll
2013-07-16 13:42 . 2013-07-16 13:42 731136 ----a-w- c:\windows\system32\tx19_doc.dll
2013-07-16 13:42 . 2013-07-16 13:42 612352 ----a-w- c:\windows\system32\tx19_rtf.dll
2013-07-16 12:04 . 2013-07-16 12:04 893440 ----a-w- c:\windows\system32\tx19_htm.dll
2013-07-15 12:05 . 2013-07-15 12:05 291840 ----a-w- c:\windows\system32\tx19_tls.dll
2013-07-15 09:42 . 2013-07-15 09:42 680960 ----a-w- c:\windows\system32\tx19_pdf.dll
2013-07-10 10:37 . 2004-08-04 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-19 05:50 . 2009-12-02 23:23 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-04 07:23 . 2004-08-04 12:00 562688 ------w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe" [2007-04-27 312848]
"EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19876456]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 995176]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
"EPSON Stylus C88 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\documents and settings\Ron\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
PowerAlert Status.lnk - c:\program files\TrippLite\PowerAlert\console\pastatus.exe [2009-3-26 364032]
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-556 revA\wirelesscm.exe [2012-6-30 505152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, EjdernOfzeyc.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Acronis\\TrueImageHome\\TrueImage.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10803:UDP"= 10803:UDP:UDP 10803
"23034:UDP"= 23034:UDP:UDP 23034
"22868:TCP"= 22868:TCP:TCP 22868
"10400:TCP"= 10400:TCP:TCP 10400
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
AllowInboundEchoRequest"= 1 (0x1)
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/27/2013 8:50 AM 418376]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/14/2013 11:10 AM 3291008]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [6/30/2012 2:44 PM 20480]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [6/30/2012 2:44 PM 57440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/27/2013 8:50 AM 22856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/27/2013 8:50 AM 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 10:57 AM 162408]
S3 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [9/22/2008 10:49 PM 138616]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\D-Link\DWA-556 revA\jswpsapi.exe [6/30/2012 2:44 PM 356433]
S3 KAMG54LDR;BUFFALO WLI-U2-KAMG54 Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [6/8/2005 7:18 PM 43392]
S3 PctrlsInjectService;PctrlsInjectService;
S3 PowerAlert Agent;PowerAlert Agent;c:\program files\TrippLite\PowerAlert\engine\pal.exe [3/26/2009 10:52 AM 1575936]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [11/9/2007 7:48 PM 11520]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [9/8/2008 5:26 PM 12288]
S3 U2KAMG54;BUFFALO WLI-U2-KAMG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\ar5523.sys [6/8/2005 7:15 PM 288448]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WLSVC;WLSVC;c:\program files\D-Link\DWA-556 revA\WLSVC.exe [6/30/2012 2:44 PM 167936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 22:49 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ------w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:39]
.
2013-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2013-08-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2010-08-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]
.
2013-08-28 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-04 00:07]
.
2013-08-25 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2010-06-11 04:25]
.
2013-08-27 c:\windows\Tasks\User_Feed_Synchronization-{AE75DECB-C98F-407D-830B-CFCED4BC66B0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://privatelee.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\
FF - ExtSQL: 2013-08-22 20:00;
[email protected]; c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\extensions\
[email protected]FF - ExtSQL: 2013-08-25 17:29; {b6e6de87-0e24-48af-b68c-c1a6a067e45f}; c:\program files\LyriXeeker\130.xpi
FF - ExtSQL: 2013-08-25 23:54; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Eusing Free Registry Cleaner - c:\progra~1\EUSING~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-08-27 17:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5
977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,fa,13,7d,26,35,eb,43,80,47,08,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839
E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,fa,13,7d,26,35,eb,43,80,47,08,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1516)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(392)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-08-27 17:24:14 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-28 01:24
.
Pre-Run: 15,463,792,640 bytes free
Post-Run: 15,487,082,496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 34BC3E5D0C76ACC8E29A1ED36EEE9191
8F558EB6672622401DA993E1E865C861