keithg

C:\Documents and Settings\Tobie\Local Settings\temp\oi_kqlN0i0s9P\OIAssistWTD.exe a variant of Win32/OpenInstall application C:\Documents and Settings\Tobie\My Documents\Downloads\WinZip170.exe a variant of Win32/OpenInstall application C:\RECYCLER\S-1-5-21-170095534-1047871289-2450303919-1005\Dc4.exe a variant of Win32/Bundled.Toolbar.Ask application

ALL SEems fine. -0-------------------------------------------- Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.23.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Tobie :: TOBIESLAPTOP [administrator] 3/22/2013 8:18:25 PM mbam-log-2013-03-22 (20-18-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218140 Time elapsed: 7 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:28:31 PM, on 3/22/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\Tobie\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Tobie\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352848561343 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 11570 bytes

no problems. here is report. ----------------------------------------------- ComboFix 13-03-17.01 - Tobie 03/18/2013 4:53.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2180 [GMT -7:00] Running from: c:\documents and settings\Tobie\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tobie\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((( Files Created from 2013-02-18 to 2013-03-18 ))))))))))))))))))))))))))))))) . . 2013-03-14 12:00 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys 2013-03-14 12:00 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-12 13:39 . 2013-03-12 13:41 -------- d-----w- c:\documents and settings\Tobie\Local Settings\Application Data\Deployment 2013-03-01 14:44 . 2012-10-17 11:04 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll 2013-03-01 14:44 . 2012-06-18 15:54 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll 2013-03-01 14:44 . 2012-06-18 15:54 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll 2013-03-01 14:44 . 2012-06-18 15:54 529808 ----a-w- c:\windows\system32\hpinksts5912.dll 2013-03-01 14:44 . 2012-06-18 15:54 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll 2013-03-01 14:44 . 2012-06-18 15:54 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll 2013-03-01 14:44 . 2012-06-18 15:21 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe 2013-02-28 18:30 . 2013-02-28 18:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP 2013-02-26 23:09 . 2013-02-26 23:09 -------- d-----w- C:\spoolerlogs 2013-02-24 15:07 . 2013-02-24 15:07 -------- d-----w- c:\program files\Internet Content Filter 2013-02-24 15:07 . 2012-10-13 09:18 1780776 ----a-w- c:\windows\system32\seinst.dll 2013-02-24 15:07 . 2012-10-13 09:18 1699936 ----a-w- c:\windows\SERecat.exe 2013-02-24 15:07 . 2012-10-13 09:18 341360 ----a-w- c:\windows\system32\ICF.dll 2013-02-24 15:07 . 2012-10-13 09:18 1714856 ----a-w- c:\windows\sediag.exe 2013-02-24 15:07 . 2013-02-24 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Internet Content Filter 2013-02-24 15:06 . 2013-02-24 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2013-02-21 21:31 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe 2013-02-21 21:31 . 2013-02-21 21:31 -------- d-----w- C:\_OTL 2013-02-21 01:22 . 2013-03-07 22:53 90112 ----a-w- c:\windows\DUMP6570.tmp 2013-02-21 01:22 . 2013-03-07 22:45 90112 ----a-w- c:\windows\DUMP5a16.tmp 2013-02-21 01:22 . 2013-03-07 22:43 90112 ----a-w- c:\windows\DUMP5071.tmp 2013-02-21 01:22 . 2013-03-07 22:41 90112 ----a-w- c:\windows\DUMP4e03.tmp 2013-02-21 01:22 . 2013-03-07 22:36 90112 ----a-w- c:\windows\DUMP734d.tmp 2013-02-21 01:22 . 2013-03-07 22:31 90112 ----a-w- c:\windows\DUMP7224.tmp 2013-02-21 01:22 . 2013-03-07 22:26 90112 ----a-w- c:\windows\DUMP8abd.tmp 2013-02-21 01:22 . 2013-03-07 22:21 90112 ----a-w- c:\windows\DUMP4e02.tmp 2013-02-21 01:22 . 2013-03-07 22:16 90112 ----a-w- c:\windows\DUMP4af3.tmp 2013-02-21 01:22 . 2013-03-07 22:15 90112 ----a-w- c:\windows\DUMP6d61.tmp 2013-02-21 01:22 . 2013-03-07 22:10 90112 ----a-w- c:\windows\DUMP6821.tmp 2013-02-21 01:22 . 2013-03-07 21:40 90112 ----a-w- c:\windows\DUMP00a8.tmp 2013-02-20 22:38 . 2013-02-20 22:38 -------- d-----w- c:\documents and settings\Tobie\Application Data\Malwarebytes 2013-02-20 22:38 . 2013-02-20 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-02-20 22:38 . 2013-02-21 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-20 22:38 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-20 16:49 . 2013-02-20 16:49 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys 2013-02-20 14:59 . 2013-02-20 14:59 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2013-02-20 14:59 . 2013-02-20 14:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-12 00:32 . 2012-11-14 01:53 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2004-08-05 03:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-05 20:05 . 2006-01-09 18:08 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05 . 2004-08-05 03:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05 . 2004-08-05 03:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53 . 2004-08-05 03:00 385024 ----a-w- c:\windows\system32\html.iec 2013-01-26 03:55 . 2004-08-05 03:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:19 . 2007-02-28 09:53 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:37 . 2007-02-28 09:16 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20 . 2007-03-08 13:47 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2004-08-05 03:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49 . 2004-08-05 03:00 1292288 ----a-w- c:\windows\system32\quartz.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-18 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Preload"="c:\windows\RUNXMLPL.exe" [2007-04-19 20480] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-04-28 84640] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-04-28 26248] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-05-24 475136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2012-11-13 22:19 2803200 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD] 2007-03-02 18:25 208896 ----a-w- c:\acer\Empowering Technology\ePresentation\ePresentation.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot] 2006-03-16 05:12 579584 ----a-w- c:\acer\Empowering Technology\ePower\Boot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2007-03-30 19:52 342528 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC] 2007-05-24 19:18 475136 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] 2006-06-01 21:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-06-14 18:21 850704 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000] 2012-11-13 22:19 3805184 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2013 9:52 PM 106656] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 3:19 PM 161536] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - COMHOST *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-13 09:46 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-18 13:55] . 2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-18 13:55] . 2013-03-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Tobie.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-04-28 00:08] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-18 04:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(988) c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll c:\windows\system32\ATSC70.DLL c:\windows\system32\ATSC70PBA.dll . - - - - - - - > 'explorer.exe'(3164) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-03-18 05:00:10 ComboFix-quarantined-files.txt 2013-03-18 12:00 ComboFix2.txt 2013-03-16 15:20 ComboFix3.txt 2013-03-05 18:49 ComboFix4.txt 2013-02-26 18:47 . Pre-Run: 33,088,053,248 bytes free Post-Run: 33,141,186,560 bytes free . - - End Of File - - 80D260604D5AF7F20BC0ED19A8959F7A

all still seems fine...no issues to report. ----------------------------------------------------- ComboFix 13-03-16.02 - Tobie 03/16/2013 8:07.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2162 [GMT -7:00] Running from: c:\documents and settings\Tobie\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2013-02-16 to 2013-03-16 ))))))))))))))))))))))))))))))) . . 2013-03-14 12:00 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys 2013-03-14 12:00 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-12 13:39 . 2013-03-12 13:41 -------- d-----w- c:\documents and settings\Tobie\Local Settings\Application Data\Deployment 2013-03-01 14:44 . 2012-10-17 11:04 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll 2013-03-01 14:44 . 2012-06-18 15:54 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll 2013-03-01 14:44 . 2012-06-18 15:54 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll 2013-03-01 14:44 . 2012-06-18 15:54 529808 ----a-w- c:\windows\system32\hpinksts5912.dll 2013-03-01 14:44 . 2012-06-18 15:54 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll 2013-03-01 14:44 . 2012-06-18 15:54 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll 2013-03-01 14:44 . 2012-06-18 15:21 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe 2013-02-28 18:30 . 2013-02-28 18:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP 2013-02-26 23:09 . 2013-02-26 23:09 -------- d-----w- C:\spoolerlogs 2013-02-24 15:07 . 2013-02-24 15:07 -------- d-----w- c:\program files\Internet Content Filter 2013-02-24 15:07 . 2012-10-13 09:18 1780776 ----a-w- c:\windows\system32\seinst.dll 2013-02-24 15:07 . 2012-10-13 09:18 1699936 ----a-w- c:\windows\SERecat.exe 2013-02-24 15:07 . 2012-10-13 09:18 341360 ----a-w- c:\windows\system32\ICF.dll 2013-02-24 15:07 . 2012-10-13 09:18 1714856 ----a-w- c:\windows\sediag.exe 2013-02-24 15:07 . 2013-02-24 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Internet Content Filter 2013-02-24 15:06 . 2013-02-24 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2013-02-21 21:31 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe 2013-02-21 21:31 . 2013-02-21 21:31 -------- d-----w- C:\_OTL 2013-02-21 01:22 . 2013-03-07 22:53 90112 ----a-w- c:\windows\DUMP6570.tmp 2013-02-21 01:22 . 2013-03-07 22:45 90112 ----a-w- c:\windows\DUMP5a16.tmp 2013-02-21 01:22 . 2013-03-07 22:43 90112 ----a-w- c:\windows\DUMP5071.tmp 2013-02-21 01:22 . 2013-03-07 22:41 90112 ----a-w- c:\windows\DUMP4e03.tmp 2013-02-21 01:22 . 2013-03-07 22:36 90112 ----a-w- c:\windows\DUMP734d.tmp 2013-02-21 01:22 . 2013-03-07 22:31 90112 ----a-w- c:\windows\DUMP7224.tmp 2013-02-21 01:22 . 2013-03-07 22:26 90112 ----a-w- c:\windows\DUMP8abd.tmp 2013-02-21 01:22 . 2013-03-07 22:21 90112 ----a-w- c:\windows\DUMP4e02.tmp 2013-02-21 01:22 . 2013-03-07 22:16 90112 ----a-w- c:\windows\DUMP4af3.tmp 2013-02-21 01:22 . 2013-03-07 22:15 90112 ----a-w- c:\windows\DUMP6d61.tmp 2013-02-21 01:22 . 2013-03-07 22:10 90112 ----a-w- c:\windows\DUMP6821.tmp 2013-02-21 01:22 . 2013-03-07 21:40 90112 ----a-w- c:\windows\DUMP00a8.tmp 2013-02-20 22:38 . 2013-02-20 22:38 -------- d-----w- c:\documents and settings\Tobie\Application Data\Malwarebytes 2013-02-20 22:38 . 2013-02-20 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-02-20 22:38 . 2013-02-21 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-20 22:38 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-20 16:49 . 2013-02-20 16:49 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys 2013-02-20 14:59 . 2013-02-20 14:59 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2013-02-20 14:59 . 2013-02-20 14:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-12 00:32 . 2012-11-14 01:53 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2004-08-05 03:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-05 20:05 . 2006-01-09 18:08 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05 . 2004-08-05 03:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05 . 2004-08-05 03:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53 . 2004-08-05 03:00 385024 ----a-w- c:\windows\system32\html.iec 2013-01-26 03:55 . 2004-08-05 03:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:19 . 2007-02-28 09:53 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:37 . 2007-02-28 09:16 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20 . 2007-03-08 13:47 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2004-08-05 03:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49 . 2004-08-05 03:00 1292288 ----a-w- c:\windows\system32\quartz.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-18 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Preload"="c:\windows\RUNXMLPL.exe" [2007-04-19 20480] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-04-28 84640] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-04-28 26248] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-05-24 475136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2012-11-13 22:19 2803200 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD] 2007-03-02 18:25 208896 ----a-w- c:\acer\Empowering Technology\ePresentation\ePresentation.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot] 2006-03-16 05:12 579584 ----a-w- c:\acer\Empowering Technology\ePower\Boot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2007-03-30 19:52 342528 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC] 2007-05-24 19:18 475136 ----a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] 2006-06-01 21:40 413696 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-06-14 18:21 850704 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000] 2012-11-13 22:19 3805184 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2013 9:52 PM 106656] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 3:19 PM 161536] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - COMHOST *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-13 09:46 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-18 13:55] . 2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-18 13:55] . 2013-03-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Tobie.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-04-28 00:08] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-eLockMonitor - c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-16 08:17 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(988) c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll c:\windows\system32\ATSC70.DLL c:\windows\system32\ATSC70PBA.dll . - - - - - - - > 'explorer.exe'(2300) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe c:\windows\system32\agrsmsvc.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wbem\wmiapsrv.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\windows\system32\wbem\unsecapp.exe c:\docume~1\Tobie\LOCALS~1\Temp\RtkBtMnt.exe . ************************************************************************** . Completion time: 2013-03-16 08:20:09 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-16 15:20 ComboFix2.txt 2013-03-05 18:49 ComboFix3.txt 2013-02-26 18:47 . Pre-Run: 32,740,069,376 bytes free Post-Run: 33,177,075,712 bytes free . - - End Of File - - D4F0D7D88E89FCC94693757AA96BDEA1

yes, that worked. i wonder why the normal windows restore didn't work? ------------------------------------- it did NOT create a restore.log

28.2M Mar 7 21:17 /mnt/sda2/WINDOWS/system32/config/SOFTWARE 6.8M Mar 7 22:53 /mnt/sda2/WINDOWS/system32/config/SYSTEM 28.5M Feb 14 10:00 /sda2/~/RP110/~SOFTWARE 28.2M Feb 24 23:07 /sda2/~/RP121/~SOFTWARE 25.7M Dec 30 19:26 /sda2/~/RP69/~SOFTWARE 28.5M Feb 4 11:42 /sda2/~/RP100/~SOFTWARE 28.5M Feb 5 15:34 /sda2/~/RP101/~SOFTWARE 28.5M Feb 6 17:10 /sda2/~/RP102/~SOFTWARE 28.5M Feb 7 17:42 /sda2/~/RP103/~SOFTWARE 28.5M Feb 8 17:42 /sda2/~/RP104/~SOFTWARE 28.5M Feb 9 18:42 /sda2/~/RP105/~SOFTWARE 28.5M Feb 10 19:42 /sda2/~/RP106/~SOFTWARE 28.5M Feb 11 20:44 /sda2/~/RP107/~SOFTWARE 28.5M Feb 12 21:08 /sda2/~/RP108/~SOFTWARE 28.5M Feb 13 22:10 /sda2/~/RP109/~SOFTWARE 28.5M Feb 15 10:01 /sda2/~/RP111/~SOFTWARE 28.5M Feb 16 10:06 /sda2/~/RP112/~SOFTWARE 28.5M Feb 17 11:06 /sda2/~/RP113/~SOFTWARE 28.5M Feb 18 12:06 /sda2/~/RP114/~SOFTWARE 28.5M Feb 19 16:11 /sda2/~/RP115/~SOFTWARE 28.5M Feb 20 18:04 /sda2/~/RP116/~SOFTWARE 28.5M Feb 20 18:17 /sda2/~/RP117/~SOFTWARE 27.6M Feb 21 19:10 /sda2/~/RP118/~SOFTWARE 27.6M Feb 24 13:14 /sda2/~/RP119/~SOFTWARE 28.2M Feb 24 22:11 /sda2/~/RP120/~SOFTWARE 28.2M Feb 24 23:19 /sda2/~/RP122/~SOFTWARE 28.2M Feb 25 23:56 /sda2/~/RP123/~SOFTWARE 28.2M Feb 27 00:47 /sda2/~/RP124/~SOFTWARE 28.2M Feb 28 01:45 /sda2/~/RP125/~SOFTWARE 28.2M Feb 28 16:42 /sda2/~/RP126/~SOFTWARE 28.2M Feb 28 17:41 /sda2/~/RP127/~SOFTWARE 28.2M Mar 1 20:13 /sda2/~/RP128/~SOFTWARE 28.2M Mar 2 20:28 /sda2/~/RP129/~SOFTWARE 28.2M Mar 3 20:29 /sda2/~/RP130/~SOFTWARE 28.2M Mar 4 21:06 /sda2/~/RP131/~SOFTWARE 25.7M Dec 16 17:12 /sda2/~/RP55/~SOFTWARE 25.7M Dec 17 17:37 /sda2/~/RP56/~SOFTWARE 25.7M Dec 18 18:29 /sda2/~/RP57/~SOFTWARE 25.7M Dec 19 20:58 /sda2/~/RP58/~SOFTWARE 25.7M Dec 20 22:53 /sda2/~/RP59/~SOFTWARE 25.7M Dec 21 10:00 /sda2/~/RP60/~SOFTWARE 25.7M Dec 22 10:27 /sda2/~/RP61/~SOFTWARE 25.7M Dec 23 11:27 /sda2/~/RP62/~SOFTWARE 25.7M Dec 24 12:27 /sda2/~/RP63/~SOFTWARE 25.7M Dec 25 13:57 /sda2/~/RP64/~SOFTWARE 25.7M Dec 26 14:42 /sda2/~/RP65/~SOFTWARE 25.7M Dec 27 15:42 /sda2/~/RP66/~SOFTWARE 25.7M Dec 28 19:07 /sda2/~/RP67/~SOFTWARE 25.7M Dec 29 19:16 /sda2/~/RP68/~SOFTWARE 25.7M Dec 31 19:31 /sda2/~/RP70/~SOFTWARE 25.7M Jan 1 21:04 /sda2/~/RP71/~SOFTWARE 25.7M Jan 2 21:53 /sda2/~/RP72/~SOFTWARE 25.7M Jan 3 22:02 /sda2/~/RP73/~SOFTWARE 25.7M Jan 4 10:00 /sda2/~/RP74/~SOFTWARE 25.7M Jan 5 10:46 /sda2/~/RP75/~SOFTWARE 25.7M Jan 6 10:47 /sda2/~/RP76/~SOFTWARE 25.7M Jan 7 11:47 /sda2/~/RP77/~SOFTWARE 25.7M Jan 8 16:19 /sda2/~/RP78/~SOFTWARE 25.7M Jan 9 10:00 /sda2/~/RP79/~SOFTWARE 25.9M Jan 10 10:28 /sda2/~/RP80/~SOFTWARE 25.9M Jan 11 11:28 /sda2/~/RP81/~SOFTWARE 25.9M Jan 12 11:28 /sda2/~/RP82/~SOFTWARE 25.9M Jan 13 12:28 /sda2/~/RP83/~SOFTWARE 25.9M Jan 14 13:28 /sda2/~/RP84/~SOFTWARE 25.9M Jan 15 14:52 /sda2/~/RP85/~SOFTWARE 25.9M Jan 16 10:00 /sda2/~/RP86/~SOFTWARE 25.9M Jan 17 13:26 /sda2/~/RP87/~SOFTWARE 25.9M Jan 18 14:39 /sda2/~/RP88/~SOFTWARE 25.9M Jan 19 16:16 /sda2/~/RP89/~SOFTWARE 25.9M Jan 20 16:56 /sda2/~/RP90/~SOFTWARE 25.9M Jan 21 16:58 /sda2/~/RP91/~SOFTWARE 25.9M Jan 22 18:55 /sda2/~/RP92/~SOFTWARE 25.9M Jan 29 21:07 /sda2/~/RP93/~SOFTWARE 27.6M Jan 30 21:46 /sda2/~/RP94/~SOFTWARE 27.6M Jan 31 05:14 /sda2/~/RP95/~SOFTWARE 27.6M Feb 1 05:45 /sda2/~/RP96/~SOFTWARE 27.6M Feb 1 10:00 /sda2/~/RP97/~SOFTWARE 28.5M Feb 2 10:33 /sda2/~/RP98/~SOFTWARE 28.5M Feb 3 10:42 /sda2/~/RP99/~SOFTWARE 6.7M Feb 14 10:00 /sda2/~/RP110/~SYSTEM 6.7M Feb 24 23:07 /sda2/~/RP121/~SYSTEM 6.7M Dec 30 19:26 /sda2/~/RP69/~SYSTEM 6.7M Feb 4 11:42 /sda2/~/RP100/~SYSTEM 6.7M Feb 5 15:34 /sda2/~/RP101/~SYSTEM 6.7M Feb 6 17:10 /sda2/~/RP102/~SYSTEM 6.7M Feb 7 17:42 /sda2/~/RP103/~SYSTEM 6.7M Feb 8 17:42 /sda2/~/RP104/~SYSTEM 6.7M Feb 9 18:42 /sda2/~/RP105/~SYSTEM 6.7M Feb 10 19:42 /sda2/~/RP106/~SYSTEM 6.7M Feb 11 20:44 /sda2/~/RP107/~SYSTEM 6.7M Feb 12 21:08 /sda2/~/RP108/~SYSTEM 6.7M Feb 13 22:10 /sda2/~/RP109/~SYSTEM 6.7M Feb 15 10:01 /sda2/~/RP111/~SYSTEM 6.7M Feb 16 10:06 /sda2/~/RP112/~SYSTEM 6.7M Feb 17 11:06 /sda2/~/RP113/~SYSTEM 6.7M Feb 18 12:06 /sda2/~/RP114/~SYSTEM 6.7M Feb 19 16:11 /sda2/~/RP115/~SYSTEM 10.0M Feb 20 18:04 /sda2/~/RP116/~SYSTEM 10.0M Feb 20 18:17 /sda2/~/RP117/~SYSTEM 6.7M Feb 21 19:10 /sda2/~/RP118/~SYSTEM 6.7M Feb 24 13:14 /sda2/~/RP119/~SYSTEM 6.7M Feb 24 22:11 /sda2/~/RP120/~SYSTEM 6.7M Feb 24 23:19 /sda2/~/RP122/~SYSTEM 6.7M Feb 25 23:57 /sda2/~/RP123/~SYSTEM 6.7M Feb 27 00:47 /sda2/~/RP124/~SYSTEM 6.7M Feb 28 01:45 /sda2/~/RP125/~SYSTEM 6.7M Feb 28 16:42 /sda2/~/RP126/~SYSTEM 6.7M Feb 28 17:41 /sda2/~/RP127/~SYSTEM 6.7M Mar 1 20:13 /sda2/~/RP128/~SYSTEM 6.7M Mar 2 20:28 /sda2/~/RP129/~SYSTEM 6.7M Mar 3 20:29 /sda2/~/RP130/~SYSTEM 6.7M Mar 4 21:06 /sda2/~/RP131/~SYSTEM 6.7M Dec 16 17:12 /sda2/~/RP55/~SYSTEM 6.7M Dec 17 17:37 /sda2/~/RP56/~SYSTEM 6.7M Dec 18 18:29 /sda2/~/RP57/~SYSTEM 6.7M Dec 19 20:58 /sda2/~/RP58/~SYSTEM 6.7M Dec 20 22:53 /sda2/~/RP59/~SYSTEM 6.7M Dec 21 10:00 /sda2/~/RP60/~SYSTEM 6.7M Dec 22 10:27 /sda2/~/RP61/~SYSTEM 6.7M Dec 23 11:27 /sda2/~/RP62/~SYSTEM 6.7M Dec 24 12:27 /sda2/~/RP63/~SYSTEM 6.7M Dec 25 13:57 /sda2/~/RP64/~SYSTEM 6.7M Dec 26 14:42 /sda2/~/RP65/~SYSTEM 6.7M Dec 27 15:42 /sda2/~/RP66/~SYSTEM 6.7M Dec 28 19:07 /sda2/~/RP67/~SYSTEM 6.7M Dec 29 19:16 /sda2/~/RP68/~SYSTEM 6.7M Dec 31 19:31 /sda2/~/RP70/~SYSTEM 6.7M Jan 1 21:04 /sda2/~/RP71/~SYSTEM 6.7M Jan 2 21:53 /sda2/~/RP72/~SYSTEM 6.7M Jan 3 22:02 /sda2/~/RP73/~SYSTEM 6.7M Jan 4 10:00 /sda2/~/RP74/~SYSTEM 6.7M Jan 5 10:46 /sda2/~/RP75/~SYSTEM 6.7M Jan 6 10:47 /sda2/~/RP76/~SYSTEM 6.7M Jan 7 11:47 /sda2/~/RP77/~SYSTEM 6.7M Jan 8 16:19 /sda2/~/RP78/~SYSTEM 6.7M Jan 9 10:00 /sda2/~/RP79/~SYSTEM 6.7M Jan 10 10:28 /sda2/~/RP80/~SYSTEM 6.7M Jan 11 11:28 /sda2/~/RP81/~SYSTEM 6.7M Jan 12 11:28 /sda2/~/RP82/~SYSTEM 6.7M Jan 13 12:28 /sda2/~/RP83/~SYSTEM 6.7M Jan 14 13:28 /sda2/~/RP84/~SYSTEM 6.7M Jan 15 14:52 /sda2/~/RP85/~SYSTEM 6.7M Jan 16 10:00 /sda2/~/RP86/~SYSTEM 6.7M Jan 17 13:26 /sda2/~/RP87/~SYSTEM 6.7M Jan 18 14:39 /sda2/~/RP88/~SYSTEM 6.7M Jan 19 16:16 /sda2/~/RP89/~SYSTEM 6.7M Jan 20 16:56 /sda2/~/RP90/~SYSTEM 6.7M Jan 21 16:58 /sda2/~/RP91/~SYSTEM 6.7M Jan 22 18:55 /sda2/~/RP92/~SYSTEM 6.7M Jan 29 21:07 /sda2/~/RP93/~SYSTEM 6.7M Jan 30 21:46 /sda2/~/RP94/~SYSTEM 6.7M Jan 31 05:14 /sda2/~/RP95/~SYSTEM 6.7M Feb 1 05:45 /sda2/~/RP96/~SYSTEM 6.7M Feb 1 10:00 /sda2/~/RP97/~SYSTEM 6.7M Feb 2 10:33 /sda2/~/RP98/~SYSTEM 6.7M Feb 3 10:42 /sda2/~/RP99/~SYSTEM

Fri Mar 8 16:14:04 UTC 2013 Driver report for /mnt/sda2/Qoobox/Quarantine/C/WINDOWS/system32/drivers

ok...so i booted choosing recovery console. and it boots for a while then asks what windows i want to log in to...i choose c:/windows...then it says type administrator password...which i never had one...so i click enter. then it loads for about a minute or two. and puts me at a c:/windows prompt. what am i supposed to do next?

i have no idea . it was working fine. then about an hour before your post it went blank while in windows and shut down. i thought nothing of it, since it does have a tendency to overheat when on carpet. so after i received your post about 2-3 hours later i went to turn it on and it said the registry was corrupted.

ok. i went to turn on my laptop and i get a BSD in normal mode as well as all the safe modes. should i try system recovery and do restore? the BSD says this: STOP: c00000218 [registry file failure] The registry cannot load the HIVE (file) \systemroot\system32\config\software or its log or alternate it is corrupt, absent, or not writable beginning dump of physical memory physical memory dump complete Contact your system administrator or technical support group for further assistance

Acer Bio-Protection fingerprint solution 3.0.1.1 Acer eDataSecurity Management Acer eDataSecurity Management 2.0.4086 Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Adobe Flash Player 11 ActiveX Adobe Reader 7.0 Adobe Shockwave Player 11.6 Agere Systems HDA Modem AppCore AuthenTec Fingerprint Sensor Minimum Install AV Broadcom Gigabit Integrated Controller ccCommon Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) HP Officejet Pro 8600 Basic Device Software I.R.I.S. OCR Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Intel® PROSet/Wireless Software Launch Manager LightScribe 1.4.142.1 LiveUpdate 3.1 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) McAfee Family Protection mCore Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Software Update for Web Folders (English) 14 Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft User-Mode Driver Framework Feature Pack 1.0 mMHouse mPfMgr mProSafe MSRedist MSXML 6.0 Parser mWlsSafe Norton AntiVirus Norton Confidential Browser Component Norton Confidential Web Protection Component Norton Internet Security Norton Internet Security (Symantec Corporation) Norton Protection Center NTI Backup NOW! 4.7 NTI CD & DVD-Maker NTI Shadow Pokemon Online 2.0.07 PowerDVD Realtek High Definition Audio Driver RPG Maker VX RTP Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219-v2) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135-v2) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Skype™ 6.0 SPBBC 32bit swMSM Symantec Real Time Storage Protection Component SymNet Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Windows XP (KB2345886) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3

the computer is still fine. here is combofix ------------------------------------------------- ComboFix 13-02-26.01 - Tobie 03/05/2013 11:44:36.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1995 [GMT -7:00] Running from: c:\documents and settings\Tobie\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tobie\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2013-02-05 to 2013-03-05 ))))))))))))))))))))))))))))))) . . 2013-03-01 14:44 . 2012-10-17 11:04 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll 2013-03-01 14:44 . 2012-06-18 15:54 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll 2013-03-01 14:44 . 2012-06-18 15:54 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll 2013-03-01 14:44 . 2012-06-18 15:54 529808 ----a-w- c:\windows\system32\hpinksts5912.dll 2013-03-01 14:44 . 2012-06-18 15:54 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll 2013-03-01 14:44 . 2012-06-18 15:54 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll 2013-03-01 14:44 . 2012-06-18 15:21 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe 2013-02-28 18:30 . 2013-02-28 18:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP 2013-02-26 23:09 . 2013-02-26 23:09 -------- d-----w- C:\spoolerlogs 2013-02-24 15:07 . 2013-02-24 15:07 -------- d-----w- c:\program files\Internet Content Filter 2013-02-24 15:07 . 2012-10-13 09:18 1780776 ----a-w- c:\windows\system32\seinst.dll 2013-02-24 15:07 . 2012-10-13 09:18 1699936 ----a-w- c:\windows\SERecat.exe 2013-02-24 15:07 . 2012-10-13 09:18 341360 ----a-w- c:\windows\system32\ICF.dll 2013-02-24 15:07 . 2012-10-13 09:18 1714856 ----a-w- c:\windows\sediag.exe 2013-02-24 15:07 . 2013-02-24 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Internet Content Filter 2013-02-24 15:06 . 2013-02-24 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2013-02-21 21:31 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe 2013-02-21 21:31 . 2013-02-21 21:31 -------- d-----w- C:\_OTL 2013-02-20 22:38 . 2013-02-20 22:38 -------- d-----w- c:\documents and settings\Tobie\Application Data\Malwarebytes 2013-02-20 22:38 . 2013-02-20 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-02-20 22:38 . 2013-02-21 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-20 22:38 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-20 16:49 . 2013-02-20 16:49 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys 2013-02-20 14:59 . 2013-02-20 14:59 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2013-02-20 14:59 . 2013-02-20 14:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2013-02-14 10:59 . 2013-02-14 10:59 -------- d-----w- c:\program files\Common Files\Skype 2013-02-14 10:59 . 2013-02-14 10:59 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-26 03:55 . 2004-08-05 03:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:19 . 2007-02-28 09:53 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:37 . 2007-02-28 09:16 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20 . 2007-03-08 13:47 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2004-08-05 03:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49 . 2004-08-05 03:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2012-12-26 20:16 . 2006-01-09 18:08 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:16 . 2004-08-05 03:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-12-26 20:16 . 2004-08-05 03:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:40 . 2004-08-05 03:00 385024 ----a-w- c:\windows\system32\html.iec 2012-12-16 12:23 . 2004-08-05 03:00 290560 ----a-w- c:\windows\system32\atmfd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-18 39408] "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-04-28 84640] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-04-28 26248] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-05-24 475136] "ICF"="c:\program files\Internet Content Filter\mfp.exe" [2012-10-13 3296424] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-03-30 342528] "Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584] "Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2012-11-13 22:19 2803200 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll . [HKLM\~\startupfolder\C:^Documents and Settings^Tobie^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk] path=c:\documents and settings\Tobie\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk backup=c:\windows\pss\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] 2004-08-05 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2007-06-14 18:21 850704 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2013-01-08 22:23 18709248 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2012-11-18 13:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000] 2012-11-13 22:19 3805184 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SkypeUpdate"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "LightScribeService"=2 (0x2) "gusvc"=3 (0x3) "gupdatem"=3 (0x3) "gupdate"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R2 mfeicfupdate;McAfee Internet Content Filter Update Service;c:\program files\Internet Content Filter\UpdateService.exe [2/24/2013 8:07 AM 1654080] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2013 9:52 PM 106656] S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 3:19 PM 161536] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder . 2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-18 13:55] . 2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-18 13:55] . 2013-03-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Tobie.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-04-28 00:08] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: ICF.dll TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-73153899.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-05 11:48 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(952) c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll c:\windows\system32\ATSC70.DLL c:\windows\system32\ATSC70PBA.dll . - - - - - - - > 'lsass.exe'(1008) c:\windows\system32\ICF.dll . - - - - - - - > 'explorer.exe'(3336) c:\windows\system32\WININET.dll c:\windows\system32\MSNCHATHOOK.DLL c:\windows\system32\sysenv.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\MFC71U.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-03-05 11:49:39 ComboFix-quarantined-files.txt 2013-03-05 18:49 ComboFix2.txt 2013-02-26 18:47 . Pre-Run: 33,003,212,800 bytes free Post-Run: 34,177,638,400 bytes free . - - End Of File - - CE25AF8DA2DF360B705D5E680E1C1EF1

when i try to run combofix....it extracts then says there is a newer version do i wish to download it. i say yes, and it repeats...it extracts then asks if i want the new version again. i say yes, then it extracts, then asks me if i want the new version...repeats indefinitely. if i say no to the update, it says it is expired and will run with limited functionality.

i deleted the file hpnetworkcommunicator and that window doesn't pop up anymore. i just wont have scanning to my pc. and that is fine.

BTW...now i am back to nothing printer wise or network working....internet works... but my mshome and workgroup computers are not found anymore.