Advertisement
Guest User

Combofix Log

a guest
Mar 1st, 2013
113
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.83 KB | None | 0 0
  1. ComboFix 13-02-26.01 - Daniel 28/02/2013 16:19:08.1.4 - x64
  2. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.7660.5320 [GMT 0:00]
  3. Running from: c:\users\Daniel\Downloads\ComboFix.exe
  4. AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
  5. SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
  6. SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. * Created a new restore point
  8. .
  9. .
  10. ((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))
  11. .
  12. .
  13. 2013-02-28 16:37 . 2013-02-28 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
  14. 2013-02-28 16:13 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEACE6C8-5F20-46D0-96A9-0CCA11069104}\mpengine.dll
  15. 2013-02-27 18:21 . 2013-02-27 18:21 16473456 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
  16. 2013-02-26 21:43 . 2013-01-13 19:59 1643520 ----a-w- c:\windows\system32\DWrite.dll
  17. 2013-02-26 21:43 . 2013-01-13 19:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
  18. 2013-02-26 21:43 . 2013-01-13 19:43 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
  19. 2013-02-26 21:43 . 2013-01-13 19:37 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
  20. 2013-02-26 21:43 . 2013-01-13 19:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
  21. 2013-02-26 21:43 . 2013-01-13 19:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
  22. 2013-02-26 21:43 . 2013-01-13 19:10 3928064 ----a-w- c:\windows\system32\d2d1.dll
  23. 2013-02-26 21:40 . 2013-02-26 21:40 -------- d-----w- c:\program files\iPod
  24. 2013-02-26 21:40 . 2013-02-26 21:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
  25. 2013-02-26 21:40 . 2013-02-26 21:41 -------- d-----w- c:\program files\iTunes
  26. 2013-02-26 21:40 . 2013-02-26 21:41 -------- d-----w- c:\program files (x86)\iTunes
  27. 2013-02-26 21:37 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
  28. 2013-02-13 19:48 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
  29. 2013-02-13 19:48 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
  30. 2013-02-13 19:45 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
  31. 2013-02-13 19:45 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
  32. 2013-02-13 17:37 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
  33. 2013-02-13 17:37 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
  34. 2013-02-13 17:37 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
  35. 2013-02-13 17:36 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
  36. 2013-02-13 17:36 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
  37. 2013-02-13 17:36 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
  38. 2013-02-13 17:36 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
  39. 2013-02-13 17:36 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
  40. 2013-02-13 17:36 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
  41. 2013-02-13 17:36 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
  42. 2013-02-13 17:36 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
  43. 2013-02-13 17:36 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
  44. 2013-02-11 21:43 . 2013-02-11 21:43 -------- d-----w- c:\users\Daniel\AppData\Roaming\IGetThisCallEveryDay
  45. 2013-02-11 16:49 . 2013-02-11 16:49 -------- d-----w- c:\users\Daniel\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
  46. 2013-02-06 19:55 . 2013-02-06 19:55 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
  47. .
  48. .
  49. .
  50. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  51. .
  52. 2013-02-28 16:17 . 2013-01-15 20:18 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
  53. 2013-02-27 18:21 . 2012-10-12 12:01 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  54. 2013-02-27 18:21 . 2012-10-12 12:01 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  55. 2013-02-13 19:51 . 2012-07-29 15:42 70004024 ----a-w- c:\windows\system32\MRT.exe
  56. 2013-02-06 19:55 . 2012-07-26 19:13 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
  57. 2013-02-06 19:55 . 2012-07-26 19:13 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
  58. 2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
  59. 2013-01-20 15:59 . 2013-01-20 15:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
  60. 2013-01-20 15:59 . 2012-03-20 19:44 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
  61. 2013-01-04 04:43 . 2013-02-13 17:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
  62. 2012-12-16 17:11 . 2012-12-21 20:14 46080 ----a-w- c:\windows\system32\atmlib.dll
  63. 2012-12-16 14:45 . 2012-12-21 20:14 367616 ----a-w- c:\windows\system32\atmfd.dll
  64. 2012-12-16 14:13 . 2012-12-21 20:14 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
  65. 2012-12-16 14:13 . 2012-12-21 20:14 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
  66. 2012-12-07 13:20 . 2013-01-10 16:02 441856 ----a-w- c:\windows\system32\Wpc.dll
  67. 2012-12-07 13:15 . 2013-01-10 16:02 2746368 ----a-w- c:\windows\system32\gameux.dll
  68. 2012-12-07 12:26 . 2013-01-10 16:02 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
  69. 2012-12-07 12:20 . 2013-01-10 16:02 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
  70. 2012-12-07 11:20 . 2013-01-10 16:02 30720 ----a-w- c:\windows\system32\usk.rs
  71. 2012-12-07 11:20 . 2013-01-10 16:02 43520 ----a-w- c:\windows\system32\csrr.rs
  72. 2012-12-07 11:20 . 2013-01-10 16:02 23552 ----a-w- c:\windows\system32\oflc.rs
  73. 2012-12-07 11:20 . 2013-01-10 16:02 45568 ----a-w- c:\windows\system32\oflc-nz.rs
  74. 2012-12-07 11:20 . 2013-01-10 16:02 44544 ----a-w- c:\windows\system32\pegibbfc.rs
  75. 2012-12-07 11:20 . 2013-01-10 16:02 20480 ----a-w- c:\windows\system32\pegi-fi.rs
  76. 2012-12-07 11:20 . 2013-01-10 16:02 20480 ----a-w- c:\windows\system32\pegi-pt.rs
  77. 2012-12-07 11:19 . 2013-01-10 16:02 20480 ----a-w- c:\windows\system32\pegi.rs
  78. 2012-12-07 11:19 . 2013-01-10 16:02 46592 ----a-w- c:\windows\system32\fpb.rs
  79. 2012-12-07 11:19 . 2013-01-10 16:02 40960 ----a-w- c:\windows\system32\cob-au.rs
  80. 2012-12-07 11:19 . 2013-01-10 16:02 21504 ----a-w- c:\windows\system32\grb.rs
  81. 2012-12-07 11:19 . 2013-01-10 16:02 15360 ----a-w- c:\windows\system32\djctq.rs
  82. 2012-12-07 11:19 . 2013-01-10 16:02 55296 ----a-w- c:\windows\system32\cero.rs
  83. 2012-12-07 11:19 . 2013-01-10 16:02 51712 ----a-w- c:\windows\system32\esrb.rs
  84. 2012-12-07 10:46 . 2013-01-10 16:02 43520 ----a-w- c:\windows\SysWow64\csrr.rs
  85. 2012-12-07 10:46 . 2013-01-10 16:02 30720 ----a-w- c:\windows\SysWow64\usk.rs
  86. 2012-12-07 10:46 . 2013-01-10 16:02 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
  87. 2012-12-07 10:46 . 2013-01-10 16:02 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
  88. 2012-12-07 10:46 . 2013-01-10 16:02 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
  89. 2012-12-07 10:46 . 2013-01-10 16:02 23552 ----a-w- c:\windows\SysWow64\oflc.rs
  90. 2012-12-07 10:46 . 2013-01-10 16:02 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
  91. 2012-12-07 10:46 . 2013-01-10 16:02 46592 ----a-w- c:\windows\SysWow64\fpb.rs
  92. 2012-12-07 10:46 . 2013-01-10 16:02 20480 ----a-w- c:\windows\SysWow64\pegi.rs
  93. 2012-12-07 10:46 . 2013-01-10 16:02 21504 ----a-w- c:\windows\SysWow64\grb.rs
  94. 2012-12-07 10:46 . 2013-01-10 16:02 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
  95. 2012-12-07 10:46 . 2013-01-10 16:02 15360 ----a-w- c:\windows\SysWow64\djctq.rs
  96. 2012-12-07 10:46 . 2013-01-10 16:02 55296 ----a-w- c:\windows\SysWow64\cero.rs
  97. 2012-12-07 10:46 . 2013-01-10 16:02 51712 ----a-w- c:\windows\SysWow64\esrb.rs
  98. .
  99. .
  100. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  101. .
  102. .
  103. *Note* empty entries & legit default entries are not shown
  104. REGEDIT4
  105. .
  106. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  107. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  108. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  109. 2012-11-13 23:32 129272 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
  110. .
  111. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  112. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  113. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  114. 2012-11-13 23:32 129272 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
  115. .
  116. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  117. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  118. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  119. 2012-11-13 23:32 129272 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
  120. .
  121. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  122. "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984]
  123. "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE" [2012-02-29 283232]
  124. "GoogleChromeAutoLaunch_9CB2B8404301F8169D10E27C4B481A41"="c:\users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-02-21 1274320]
  125. .
  126. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  127. "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
  128. "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
  129. "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
  130. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
  131. "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
  132. .
  133. c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  134. Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
  135. Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160]
  136. .
  137. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  138. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  139. "ConsentPromptBehaviorUser"= 3 (0x3)
  140. "EnableUIADesktopToggle"= 0 (0x0)
  141. .
  142. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
  143. "midi3"=wdmaud.drv
  144. .
  145. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
  146. @="Service"
  147. .
  148. R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
  149. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  150. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
  151. R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 117520]
  152. R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
  153. R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
  154. R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
  155. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
  156. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
  157. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
  158. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-27 1255736]
  159. R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
  160. S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]
  161. S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]
  162. S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
  163. S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
  164. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 204288]
  165. S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-06-15 146592]
  166. S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-06-15 91296]
  167. S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2012-11-28 23552]
  168. S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-01-28 551264]
  169. S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-01-25 583456]
  170. S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-06-15 36000]
  171. S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-18 115216]
  172. S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
  173. S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-06-15 259744]
  174. S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-06-15 109216]
  175. S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-06-15 29344]
  176. S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-06-15 166048]
  177. S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-06-15 59040]
  178. S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-06-15 283296]
  179. S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-06-15 289440]
  180. S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
  181. S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
  182. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
  183. S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
  184. .
  185. .
  186. Contents of the 'Scheduled Tasks' folder
  187. .
  188. 2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
  189. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 18:21]
  190. .
  191. 2013-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022902444-78479661-1589651056-1000Core.job
  192. - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 10:20]
  193. .
  194. 2013-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022902444-78479661-1589651056-1000UA.job
  195. - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-26 10:20]
  196. .
  197. .
  198. --------- X64 Entries -----------
  199. .
  200. .
  201. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  202. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  203. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  204. 2012-11-13 23:32 162552 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
  205. .
  206. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  207. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  208. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  209. 2012-11-13 23:32 162552 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
  210. .
  211. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  212. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  213. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  214. 2012-11-13 23:32 162552 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
  215. .
  216. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  217. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  218. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  219. 2012-11-13 23:32 162552 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
  220. .
  221. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  222. "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
  223. "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-06-15 790688]
  224. "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-06-15 657568]
  225. "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
  226. .
  227. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
  228. FontCache
  229. .
  230. ------- Supplementary Scan -------
  231. .
  232. uLocal Page = c:\windows\system32\blank.htm
  233. uStart Page = hxxp://samsung.msn.com
  234. mStart Page = hxxp://samsung.msn.com
  235. mLocal Page = c:\windows\SysWOW64\blank.htm
  236. uInternet Settings,ProxyOverride = *.local
  237. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
  238. IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
  239. TCP: DhcpNameServer = 192.168.1.254
  240. FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\pm1cdgz6.default\
  241. .
  242. - - - - ORPHANS REMOVED - - - -
  243. .
  244. Toolbar-Locked - (no file)
  245. Toolbar-Locked - (no file)
  246. HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
  247. .
  248. .
  249. .
  250. --------------------- LOCKED REGISTRY KEYS ---------------------
  251. .
  252. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  253. @Denied: (A 2) (Everyone)
  254. @="FlashBroker"
  255. "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
  256. .
  257. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  258. "Enabled"=dword:00000001
  259. .
  260. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  261. @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
  262. .
  263. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  264. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  265. .
  266. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  267. @Denied: (A 2) (Everyone)
  268. @="IFlashBroker5"
  269. .
  270. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  271. @="{00020424-0000-0000-C000-000000000046}"
  272. .
  273. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  274. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  275. "Version"="1.0"
  276. .
  277. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  278. @Denied: (A 2) (Everyone)
  279. @="FlashBroker"
  280. "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
  281. .
  282. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  283. "Enabled"=dword:00000001
  284. .
  285. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  286. @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
  287. .
  288. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  289. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  290. .
  291. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  292. @Denied: (A 2) (Everyone)
  293. @="Shockwave Flash Object"
  294. .
  295. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  296. @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
  297. "ThreadingModel"="Apartment"
  298. .
  299. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  300. @="0"
  301. .
  302. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  303. @="ShockwaveFlash.ShockwaveFlash.11"
  304. .
  305. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  306. @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
  307. .
  308. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  309. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  310. .
  311. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  312. @="1.0"
  313. .
  314. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  315. @="ShockwaveFlash.ShockwaveFlash"
  316. .
  317. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  318. @Denied: (A 2) (Everyone)
  319. @="Macromedia Flash Factory Object"
  320. .
  321. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  322. @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
  323. "ThreadingModel"="Apartment"
  324. .
  325. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  326. @="FlashFactory.FlashFactory.1"
  327. .
  328. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  329. @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
  330. .
  331. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  332. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  333. .
  334. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  335. @="1.0"
  336. .
  337. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  338. @="FlashFactory.FlashFactory"
  339. .
  340. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  341. @Denied: (A 2) (Everyone)
  342. @="IFlashBroker5"
  343. .
  344. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  345. @="{00020424-0000-0000-C000-000000000046}"
  346. .
  347. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  348. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  349. "Version"="1.0"
  350. .
  351. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  352. @Denied: (A) (Everyone)
  353. "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  354. .
  355. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  356. @Denied: (A) (Everyone)
  357. .
  358. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  359. "Key"="ActionsPane3"
  360. "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  361. .
  362. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  363. @Denied: (Full) (Everyone)
  364. .
  365. Completion time: 2013-02-28 17:15:07
  366. ComboFix-quarantined-files.txt 2013-02-28 17:14
  367. .
  368. Pre-Run: 153,753,075,712 bytes free
  369. Post-Run: 154,054,197,248 bytes free
  370. .
  371. - - End Of File - - 92E63309DD765914949BC038AB2FA74C
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement