This week only. Pastebin PRO Accounts Christmas Special! Don't miss out!Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Feb 24th, 2013  |  syntax: None  |  size: 16.50 KB  |  views: 48  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. ComboFix 13-02-23.01 - Meli 24.02.2013  16:35:21.2.1 - x86
  2. Running from: d:\documents and settings\Meli\My Documents\Downloads\ComboFix.exe
  3. AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
  4. FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
  5. .
  6. .
  7. (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
  8. .
  9. .
  10. d:\documents and settings\All Users\Application Data\TEMP
  11. d:\documents and settings\All Users\Desktop\Intennet Exploner.lnk
  12. d:\documents and settings\All Users\Start Menu\Programs\Startup\TSPS.lnk
  13. d:\documents and settings\Meli\Favorites\&çÍ·×ÍřÖ·µĽş˝&.url
  14. d:\documents and settings\Meli\rioom.exe
  15. d:\program files\Common Files\Microsoft Shared\explorer.exe
  16. d:\program files\Common Files\trz54.tmp
  17. d:\windows\system32\SET310.tmp
  18. d:\windows\system32\SET31D.tmp
  19. d:\windows\system32\SET31F.tmp
  20. d:\windows\system32\SET324.tmp
  21. d:\windows\system32\SET325.tmp
  22. d:\windows\system32\SET326.tmp
  23. d:\windows\system32\SET32A.tmp
  24. d:\windows\system32\SET32B.tmp
  25. d:\windows\system32\SET32C.tmp
  26. d:\windows\system32\SET341.tmp
  27. d:\windows\system32\SET343.tmp
  28. d:\windows\system32\SET347.tmp
  29. d:\windows\system32\SET348.tmp
  30. d:\windows\system32\SET349.tmp
  31. d:\windows\system32\SET34D.tmp
  32. d:\windows\system32\SET34E.tmp
  33. d:\windows\system32\SET34F.tmp
  34. d:\windows\system32\SET36C.tmp
  35. d:\windows\system32\SET36E.tmp
  36. d:\windows\system32\SET372.tmp
  37. d:\windows\system32\SET373.tmp
  38. d:\windows\system32\SET374.tmp
  39. d:\windows\system32\SET378.tmp
  40. d:\windows\system32\SET379.tmp
  41. d:\windows\system32\SET37A.tmp
  42. d:\windows\system32\SET390.tmp
  43. d:\windows\system32\SET39B.tmp
  44. d:\windows\system32\SET39D.tmp
  45. d:\windows\system32\SET3A1.tmp
  46. d:\windows\system32\SET3A2.tmp
  47. d:\windows\system32\SET3A3.tmp
  48. d:\windows\system32\SET3A7.tmp
  49. d:\windows\system32\SET3A8.tmp
  50. d:\windows\system32\SET3A9.tmp
  51. .
  52. Infected copy of d:\windows\explorer.exe was found and disinfected
  53. Restored copy from - d:\system volume information\_restore{41AED485-9E12-4A33-9A87-AF94EC536E19}\RP248\A0310722.exe
  54. .
  55. .
  56. (((((((((((((((((((((((((   Files Created from 2013-01-24 to 2013-02-24  )))))))))))))))))))))))))))))))
  57. .
  58. .
  59. 2013-02-24 14:49 . 2013-02-24 14:49     --------        d-----w-        d:\documents and settings\Meli\Application Data\Optimizer Pro
  60. 2013-02-24 12:50 . 2013-02-24 12:50     343040  -c--a-w-        d:\windows\system32\dllcache\mspaint.exe
  61. 2013-02-24 12:50 . 2013-02-24 12:50     343040  ----a-w-        d:\windows\system32\mspaint.exe
  62. 2013-02-24 00:33 . 2013-02-24 00:33     41      ----a-w-        D:\user.js
  63. 2013-02-24 00:31 . 2013-02-24 00:31     --------        d-----w-        d:\program files\tuvaro
  64. 2013-02-24 00:31 . 2013-02-24 00:31     --------        d-----w-        d:\documents and settings\Meli\Application Data\tuvaro
  65. 2013-02-23 23:37 . 2013-02-23 23:37     --------        d-sh--w-        d:\documents and settings\Meli\IECompatCache
  66. 2013-02-23 01:27 . 2013-02-23 01:27     --------        d-----w-        D:\Documents and Stitings
  67. 2013-02-19 23:05 . 2008-04-14 11:00     69120   -c--a-w-        d:\windows\system32\dllcache\notepad.exe
  68. 2013-02-19 23:05 . 2008-04-14 11:00     69120   ----a-w-        d:\windows\system32\notepad.exe
  69. 2013-02-19 19:14 . 2013-02-19 19:14     --------        d-----w-        d:\documents and settings\Meli\Local Settings\Application Data\PCHealth
  70. 2013-02-19 18:48 . 2013-02-19 18:48     --------        d-----w-        d:\documents and settings\Meli\Local Settings\Application Data\CrashRpt
  71. 2013-02-18 23:26 . 2013-02-18 23:26     --------        d-----w-        d:\windows\system32\LogFiles
  72. 2013-02-09 22:32 . 2013-02-09 22:34     --------        d-----w-        d:\documents and settings\Meli\Application Data\MSNInstaller
  73. 2013-01-29 14:56 . 2013-01-29 14:56     --------        d-----w-        d:\documents and settings\Meli\Application Data\SUPERAntiSpyware.com
  74. 2013-01-29 14:51 . 2013-02-23 21:37     --------        d-----w-        d:\program files\SUPERAntiSpyware
  75. 2013-01-29 14:51 . 2013-01-29 14:51     --------        d-----w-        d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
  76. 2013-01-29 14:51 . 2013-01-29 14:51     --------        d-----w-        d:\documents and settings\All Users\Application Data\SUPERSetup
  77. .
  78. .
  79. .
  80. ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
  81. .
  82. 2013-02-24 12:52 . 2013-01-03 23:48     153600  ----a-w-        d:\windows\system32\wudfhost.exe
  83. 2013-02-08 16:23 . 2012-08-14 11:11     697712  ----a-w-        d:\windows\system32\FlashPlayerApp.exe
  84. 2013-02-08 16:23 . 2012-08-14 11:11     74096   ----a-w-        d:\windows\system32\FlashPlayerCPLApp.cpl
  85. 2013-01-26 03:55 . 2008-04-14 11:00     552448  ----a-w-        d:\windows\system32\oleaut32.dll
  86. 2013-01-18 01:10 . 2008-04-14 11:00     17408   ----a-w-        d:\windows\system32\wpdshextautoplay.exe
  87. 2013-01-07 01:28 . 2009-06-07 20:04     2193152 ----a-w-        d:\windows\system32\ntoskrnl.exe
  88. 2013-01-07 00:45 . 2009-02-06 10:30     2069760 ----a-w-        d:\windows\system32\ntkrnlpa.exe
  89. 2013-01-04 01:32 . 2009-06-07 20:05     1876224 ----a-w-        d:\windows\system32\win32k.sys
  90. 2013-01-03 23:47 . 2008-04-14 11:00     80896   ----a-w-        d:\windows\system32\firewall.cpl
  91. 2013-01-02 06:48 . 2009-06-07 20:03     1292288 ----a-w-        d:\windows\system32\quartz.dll
  92. 2013-01-02 06:48 . 2008-04-14 11:00     148992  ----a-w-        d:\windows\system32\mpg2splt.ax
  93. 2012-12-26 20:16 . 2009-06-07 19:57     916480  ------w-        d:\windows\system32\wininet.dll
  94. 2012-12-16 12:31 . 2009-06-07 20:00     290560  ----a-w-        d:\windows\system32\atmfd.dll
  95. 2013-01-02 00:09 . 2013-01-02 00:08     263064  ----a-w-        d:\program files\mozilla firefox\components\browsercomps.dll
  96. .
  97. .
  98. ------- Sigcheck -------
  99. Note: Unsigned files aren't necessarily malware.
  100. .
  101. [-] 2009-06-07 . F958DC764FCCB2E899FC5F58BACF8494 . 1614848 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
  102. .
  103. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
  104. .
  105. .
  106. *Note* empty entries & legit default entries are not shown
  107. REGEDIT4
  108. .
  109. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
  110. @="{472083B0-C522-11CF-8763-00608CC02F24}"
  111. [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
  112. 2012-10-30 22:50        121528  ----a-w-        d:\program files\AVAST Software\Avast\ashShell.dll
  113. .
  114. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  115. "Optimizer Pro"="d:\program files\Optimizer Pro\OptProLauncher.exe" [2012-10-21 81952]
  116. .
  117. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  118. "SMSERIAL"="d:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-08-28 1216512]
  119. "RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]
  120. "SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
  121. "avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
  122. "ApnUpdater"="d:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
  123. .
  124. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  125. "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  126. .
  127. [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
  128. "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
  129. .
  130. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
  131. "UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
  132. .
  133. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvastU3.exe]
  134. "Debugger"=ntsd -d
  135. .
  136. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  137. Authentication Packages REG_MULTI_SZ    msv1_0 nwprovau
  138. .
  139. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
  140. @=""
  141. .
  142. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  143. "%windir%\\system32\\sessmgr.exe"=
  144. "d:\\Program Files\\Opera\\opera.exe"=
  145. .
  146. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  147. "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
  148. .
  149. R1 aswKbd;aswKbd;d:\windows\system32\drivers\aswKbd.sys [12.9.2012 21:46 18544]
  150. R1 aswSnx;aswSnx;d:\windows\system32\drivers\aswSnx.sys [16.8.2012 9:41 738504]
  151. R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [16.8.2012 9:41 361032]
  152. R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 17:27 12880]
  153. R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 22:55 67664]
  154. R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [16.8.2012 9:41 21256]
  155. S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [14.8.2012 11:50 1684736]
  156. .
  157. Contents of the 'Scheduled Tasks' folder
  158. .
  159. 2013-02-24 d:\windows\Tasks\Adobe Flash Player Updater.job
  160. - d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 16:23]
  161. .
  162. 2013-02-24 d:\windows\Tasks\avast! Emergency Update.job
  163. - d:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-16 22:50]
  164. .
  165. 2013-02-24 d:\windows\Tasks\Scheduled Update for Ask Toolbar.job
  166. - d:\program files\Ask.com\UpdateTask.exe [2012-06-06 19:33]
  167. .
  168. .
  169. ------- Supplementary Scan -------
  170. .
  171. uStart Page = hxxp://tuvaro.com/ws/?source=cbc644dd&tbp=homepage&toolbarid=base&u=9c748de4000000000000001644198aa1
  172. TCP: DhcpNameServer = 192.168.88.1 192.168.0.1
  173. FF - ProfilePath - d:\documents and settings\Meli\Application Data\Mozilla\Firefox\Profiles\a87u059h.default\
  174. FF - prefs.js: browser.search.defaulturl -
  175. FF - prefs.js: browser.search.selectedEngine - Tuvaro
  176. FF - prefs.js: browser.startup.homepage - hxxp://tuvaro.com/ws/?source=cbc644dd&tbp=homepage&toolbarid=base&u=9c748de4000000000000001644198aa1
  177. FF - prefs.js: keyword.URL - hxxp://tuvaro.com/ws/?source=cbc644dd&tbp=url&toolbarid=base&u=9c748de4000000000000001644198aa1&q=
  178. FF - prefs.js: network.proxy.http - 127.0.0.1
  179. FF - prefs.js: network.proxy.type - 2
  180. FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9c748de4000000000000001644198aa1&q=
  181. FF - user.js: extensions.BabylonToolbar.id - 9c748de4000000000000001644198aa1
  182. FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
  183. FF - user.js: extensions.BabylonToolbar.instlDay - 15686
  184. FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
  185. FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
  186. FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.913:41
  187. FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
  188. FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
  189. FF - user.js: extensions.BabylonToolbar.aflt - babsst
  190. FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
  191. FF - user.js: extensions.BabylonToolbar.tlbrId - base
  192. FF - user.js: extensions.BabylonToolbar.instlRef - sst
  193. FF - user.js: extensions.BabylonToolbar.dfltLng - en
  194. FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
  195. FF - user.js: extensions.BabylonToolbar.excTlbr - false
  196. FF - user.js: extensions.BabylonToolbar.admin - false
  197. FF - user.js: extensions.BabylonToolbar.autoRvrt - false
  198. FF - user.js: extensions.BabylonToolbar.rvrt - false
  199. FF - user.js: extensions.BabylonToolbar_i.newTab - false
  200. FF - user.js: extensions.claro.tlbrSrchUrl -
  201. FF - user.js: extensions.claro.id - 9c748de4000000000000001644198aa1
  202. FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
  203. FF - user.js: extensions.claro.instlDay - 15712
  204. FF - user.js: extensions.claro.vrsn - 1.8.8.5
  205. FF - user.js: extensions.claro.vrsni - 1.8.8.5
  206. FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.521:22
  207. FF - user.js: extensions.claro.prtnrId - claro
  208. FF - user.js: extensions.claro.prdct - claro
  209. FF - user.js: extensions.claro.aflt - babsst
  210. FF - user.js: extensions.claro_i.smplGrp - none
  211. FF - user.js: extensions.claro.tlbrId - claro
  212. FF - user.js: extensions.claro.instlRef - sst
  213. FF - user.js: extensions.claro.dfltLng - en
  214. FF - user.js: extensions.claro_i.excTlbr - false
  215. FF - user.js: extensions.claro.excTlbr - false
  216. FF - user.js: extensions.claro.admin - false
  217. FF - user.js: extensions.claro.autoRvrt - false
  218. FF - user.js: extensions.claro.rvrt - false
  219. FF - user.js: extensions.claro_i.newTab - false
  220. FF - user.js: extensions.tuvaro.hpOld0 - hxxp://search.conduit.com/?ctid=CT2431400&SearchSource=13&CUI=SB_CUI
  221. FF - user.js: extensions.tuvaro.tlbrSrchUrl - hxxp://tuvaro.com/ws/?source=cbc644dd&tbp=main&toolbarid=base&u=9c748de4000000000000001644198aa1&q=
  222. FF - user.js: extensions.tuvaro.id - 9c748de4000000000000001644198aa1
  223. FF - user.js: extensions.tuvaro.appId - {2768469C-717B-401F-8532-C6D88BAE0339}
  224. FF - user.js: extensions.tuvaro.instlDay - 15760
  225. FF - user.js: extensions.tuvaro.vrsn - 1.8.12.7
  226. FF - user.js: extensions.tuvaro.vrsni - 1.8.12.7
  227. FF - user.js: extensions.tuvaro.vrsnTs - 1.8.12.71:33
  228. FF - user.js: extensions.tuvaro.prtnrId - tuvaro
  229. FF - user.js: extensions.tuvaro.prdct - tuvaro
  230. FF - user.js: extensions.tuvaro.aflt - orgnl
  231. FF - user.js: extensions.tuvaro.smplGrp - none
  232. FF - user.js: extensions.tuvaro.tlbrId - base
  233. FF - user.js: extensions.tuvaro.instlRef - cbc644dd
  234. FF - user.js: extensions.tuvaro.dfltLng -
  235. FF - user.js: extensions.tuvaro.excTlbr - false
  236. FF - user.js: extensions.tuvaro.ffxUnstlRst - false
  237. FF - user.js: extensions.tuvaro.admin - false
  238. FF - user.js: extensions.tuvaro.cam -
  239. FF - user.js: extensions.tuvaro.autoRvrt - false
  240. FF - user.js: extensions.tuvaro.rvrt - false
  241. FF - user.js: extensions.tuvaro.hmpg - true
  242. FF - user.js: extensions.tuvaro.hmpgUrl - hxxp://tuvaro.com/ws/?source=cbc644dd&tbp=homepage&toolbarid=base&u=9c748de4000000000000001644198aa1
  243. FF - user.js: extensions.tuvaro.dfltSrch - true
  244. FF - user.js: extensions.tuvaro.srchPrvdr - Tuvaro
  245. FF - user.js: extensions.tuvaro.kw_url - hxxp://tuvaro.com/ws/?source=cbc644dd&tbp=url&toolbarid=base&u=9c748de4000000000000001644198aa1&q=
  246. FF - user.js: extensions.tuvaro.dnsErr - true
  247. FF - user.js: extensions.tuvaro.newTab - true
  248. FF - user.js: extensions.tuvaro.newTabUrl - chrome://tuvaro/content/new browser tab.html?source=cbc644dd&tbp=tab&u=9c748de4000000000000001644198aa1
  249. .
  250. .
  251. ------- File Associations -------
  252. .
  253. .
  254. - - - - ORPHANS REMOVED - - - -
  255. .
  256. Toolbar-Locked - (no file)
  257. .
  258. .
  259. .
  260. **************************************************************************
  261. .
  262. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  263. Rootkit scan 2013-02-24 16:51
  264. Windows 5.1.2600 Service Pack 3 NTFS
  265. .
  266. scanning hidden processes ...  
  267. .
  268. scanning hidden autostart entries ...
  269. .
  270. scanning hidden files ...  
  271. .
  272. scan completed successfully
  273. hidden files: 0
  274. .
  275. **************************************************************************
  276. .
  277. --------------------- LOCKED REGISTRY KEYS ---------------------
  278. .
  279. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  280. @Denied: (A 2) (Everyone)
  281. @="FlashBroker"
  282. "LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
  283. .
  284. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  285. "Enabled"=dword:00000001
  286. .
  287. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  288. @="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
  289. .
  290. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  291. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  292. .
  293. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  294. @Denied: (A 2) (Everyone)
  295. @="IFlashBroker5"
  296. .
  297. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  298. @="{00020424-0000-0000-C000-000000000046}"
  299. .
  300. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  301. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  302. "Version"="1.0"
  303. .
  304. --------------------- DLLs Loaded Under Running Processes ---------------------
  305. .
  306. - - - - - - - > 'explorer.exe'(420)
  307. d:\windows\system32\WININET.dll
  308. d:\windows\system32\msi.dll
  309. d:\windows\system32\ieframe.dll
  310. d:\windows\system32\webcheck.dll
  311. d:\windows\system32\wpdshserviceobj.dll
  312. d:\windows\system32\portabledevicetypes.dll
  313. d:\windows\system32\portabledeviceapi.dll
  314. .
  315. ------------------------ Other Running Processes ------------------------
  316. .
  317. d:\program files\AVAST Software\Avast\AvastSvc.exe
  318. d:\program files\SUPERAntiSpyware\SASCORE.EXE
  319. d:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
  320. d:\windows\RTHDCPL.EXE
  321. d:\program files\Optimizer Pro\OptProSmartScan.exe
  322. d:\program files\Optimizer Pro\OptProReminder.exe
  323. d:\windows\system32\wscntfy.exe
  324. .
  325. **************************************************************************
  326. .
  327. Completion time: 2013-02-24  17:03:53 - machine was rebooted
  328. ComboFix-quarantined-files.txt  2013-02-24 16:03
  329. ComboFix2.txt  2013-01-01 23:44
  330. .
  331. Pre-Run: 25.499.463.680 bytes free
  332. Post-Run: 25.705.197.568 bytes free
  333. .
  334. - - End Of File - - 7E8617AFEF050EA2B8CAE2574C4F2109
clone this paste RAW Paste Data