Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

ComboFix Log Dyme 2

By: a guest on Aug 10th, 2012  |  syntax: None  |  size: 44.49 KB  |  hits: 11  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. ComboFix 12-08-09.01 - Matthews 08/10/2012  12:45:34.3.8 - x64
  2. Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8174.5553 [GMT -4:00]
  3. Running from: c:\users\Matthews\Desktop\ComboFix.exe
  4. AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
  5. SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
  6. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7.  * Created a new restore point
  8. .
  9. .
  10. (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12. .
  13. c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
  14. c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
  15. c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
  16. .
  17. .
  18. (((((((((((((((((((((((((   Files Created from 2012-07-10 to 2012-08-10  )))))))))))))))))))))))))))))))
  19. .
  20. .
  21. 2012-08-10 16:53 . 2012-08-10 16:53     --------        d-----w-        c:\users\postgres\AppData\Local\temp
  22. 2012-08-10 16:53 . 2012-08-10 16:53     --------        d-----w-        c:\users\LogMeInRemoteUser\AppData\Local\temp
  23. 2012-08-10 16:53 . 2012-08-10 16:53     --------        d-----w-        c:\users\Default\AppData\Local\temp
  24. 2012-08-10 12:57 . 2012-06-29 10:04     9133488 ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5C37D0D-C3CB-4B6C-8803-1C68CF6C8125}\mpengine.dll
  25. 2012-08-09 18:47 . 2012-08-09 18:47     --------        d-----w-        c:\program files (x86)\ESET
  26. 2012-08-06 18:15 . 2012-08-06 18:15     --------        d-----w-        c:\users\Matthews\temp
  27. 2012-08-06 18:12 . 2012-08-06 18:12     --------        d-----w-        c:\users\Matthews\AppData\Roaming\Malwarebytes
  28. 2012-08-06 18:12 . 2012-08-06 18:12     --------        d-----w-        c:\programdata\Malwarebytes
  29. 2012-08-06 18:12 . 2012-08-06 18:12     --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
  30. 2012-08-06 18:12 . 2012-07-03 17:46     24904   ----a-w-        c:\windows\system32\drivers\mbam.sys
  31. 2012-08-05 23:50 . 2012-08-05 23:50     --------        d-----w-        c:\users\Matthews\AppData\Local\Spirited_Machine
  32. 2012-08-05 21:50 . 2012-08-05 21:50     --------        d-----w-        c:\users\Matthews\AppData\Roaming\Spirited Machine
  33. 2012-08-05 21:49 . 2012-08-05 21:49     --------        d-----w-        c:\program files (x86)\Spirited Machine
  34. 2012-08-05 16:01 . 2012-08-05 16:02     --------        d-----w-        c:\users\Matthews\AppData\Local\ArmA 2
  35. 2012-08-05 15:07 . 2012-08-05 15:49     --------        d-----w-        c:\users\Matthews\AppData\Local\ArmA 2 OA
  36. 2012-08-05 15:00 . 2012-08-05 15:00     --------        d-----w-        c:\users\Matthews\AppData\Roaming\vlc
  37. 2012-08-05 13:11 . 2012-08-05 13:11     --------        d-----w-        c:\programdata\Graboid Inc
  38. 2012-08-05 13:10 . 2012-08-05 13:10     --------        d-----w-        c:\program files (x86)\VideoLAN
  39. 2012-08-05 13:10 . 2012-08-05 13:18     --------        d-----w-        c:\program files (x86)\Graboid
  40. 2012-08-04 18:37 . 2012-08-05 22:27     --------        d-----w-        c:\program files (x86)\ArmA 2
  41. 2012-08-04 18:28 . 2012-08-05 23:50     --------        d-----w-        c:\users\Matthews\AppData\Roaming\Tunngle
  42. 2012-08-04 18:28 . 2012-08-05 20:07     --------        d-----w-        c:\programdata\Tunngle
  43. 2012-08-04 18:28 . 2009-09-16 12:02     31232   ----a-w-        c:\windows\system32\drivers\tap0901t.sys
  44. 2012-08-04 18:28 . 2012-08-04 18:29     --------        d-----w-        c:\program files (x86)\Tunngle
  45. 2012-08-04 14:43 . 2012-08-04 14:43     --------        d-----w-        c:\program files (x86)\Matroska Pack
  46. 2012-08-04 00:14 . 2012-08-04 00:15     --------        d-----w-        c:\users\Matthews\AppData\Roaming\Dev-Cpp
  47. 2012-08-04 00:14 . 2012-08-04 00:14     --------        d-----w-        C:\Dev-Cpp
  48. 2012-08-04 00:07 . 2012-08-04 00:07     --------        d-----w-        c:\program files\Winnydows
  49. 2012-07-28 01:44 . 2012-07-28 01:44     --------        d-----w-        c:\programdata\u2bviews
  50. 2012-07-28 01:44 . 2012-07-28 01:44     --------        d-----w-        c:\program files (x86)\U2bviews
  51. 2012-07-26 17:44 . 2012-07-26 17:44     --------        d-----w-        c:\users\Matthews\AppData\Roaming\Nvu
  52. 2012-07-22 13:30 . 2012-07-22 13:30     --------        d-----w-        c:\users\Matthews\AppData\Local\Opera
  53. 2012-07-22 13:30 . 2012-07-22 13:30     --------        d-----w-        c:\program files (x86)\Opera
  54. 2012-07-21 23:42 . 2012-07-21 23:42     --------        d-----w-        c:\users\Matthews\AppData\Local\Programs
  55. 2012-07-21 23:18 . 2012-07-22 00:08     --------        d-----w-        c:\users\Matthews\AppData\Roaming\Mp3tag
  56. 2012-07-21 23:18 . 2012-07-21 23:18     --------        d-----w-        c:\program files (x86)\Mp3tag
  57. 2012-07-18 23:55 . 2012-07-18 23:55     --------        d-sh--w-        c:\programdata\SecuROM
  58. 2012-07-18 23:52 . 2012-07-18 23:52     --------        d-----w-        c:\users\Matthews\AppData\Local\Rockstar Games
  59. 2012-07-18 23:52 . 2012-07-18 23:52     --------        d--h--r-        c:\users\Matthews\AppData\Roaming\SecuROM
  60. 2012-07-18 23:51 . 2012-07-18 23:51     178800  ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
  61. 2012-07-18 23:51 . 2012-07-18 23:51     --------        d-----w-        c:\program files (x86)\Microsoft Games for Windows - LIVE
  62. 2012-07-17 03:16 . 2012-06-12 03:08     3148800 ----a-w-        c:\windows\system32\win32k.sys
  63. 2012-07-17 02:17 . 2012-07-17 02:17     --------        d-----w-        c:\program files (x86)\NVIDIA Corporation
  64. 2012-07-17 02:16 . 2011-12-19 22:16     3130440 ----a-w-        c:\windows\SysWow64\pbsvc_blr.exe
  65. 2012-07-16 01:44 . 2012-08-10 14:26     --------        d-----w-        C:\TDSSKiller_Quarantine
  66. 2012-07-15 18:45 . 2012-07-15 18:45     --------        d-----w-        C:\Perfect World Entertainment
  67. .
  68. .
  69. .
  70. ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
  71. .
  72. 2012-08-06 01:44 . 2011-12-11 16:57     298016  ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
  73. 2012-08-06 01:44 . 2011-12-11 16:52     298016  ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
  74. 2012-08-02 21:49 . 2012-04-04 19:19     426184  ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
  75. 2012-08-02 21:49 . 2011-11-29 01:54     70344   ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  76. 2012-07-21 02:41 . 2011-12-11 16:52     298016  ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
  77. 2012-07-17 13:54 . 2011-12-11 16:52     76888   ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
  78. 2012-07-17 03:13 . 2011-12-04 20:55     59701280        ----a-w-        c:\windows\system32\MRT.exe
  79. 2012-07-12 14:12 . 2012-03-24 12:11     87488   ----a-w-        c:\windows\system32\LMIRfsClientNP.dll
  80. 2012-07-12 14:12 . 2012-03-24 12:11     34720   ----a-w-        c:\windows\system32\LMIport.dll
  81. 2012-07-12 14:12 . 2012-03-24 12:11     80800   ----a-w-        c:\windows\system32\LMIinit.dll
  82. 2012-07-10 02:48 . 2012-07-10 02:48     41704   ----a-w-        c:\windows\system32\drivers\hssdrv6.sys
  83. 2012-07-03 16:21 . 2012-03-23 19:12     54072   ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
  84. 2012-07-03 16:21 . 2012-02-21 13:56     958400  ----a-w-        c:\windows\system32\drivers\aswSnx.sys
  85. 2012-07-03 16:21 . 2012-02-21 13:56     71064   ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
  86. 2012-07-03 16:21 . 2012-02-21 13:56     59728   ----a-w-        c:\windows\system32\drivers\aswTdi.sys
  87. 2012-07-03 16:21 . 2012-02-21 13:56     355856  ----a-w-        c:\windows\system32\drivers\aswSP.sys
  88. 2012-07-03 16:21 . 2012-02-21 13:56     25232   ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
  89. 2012-07-03 16:21 . 2012-02-21 13:56     41224   ----a-w-        c:\windows\avastSS.scr
  90. 2012-07-03 16:21 . 2012-02-21 13:56     227648  ----a-w-        c:\windows\SysWow64\aswBoot.exe
  91. 2012-07-03 16:21 . 2012-02-21 13:56     285328  ----a-w-        c:\windows\system32\aswBoot.exe
  92. 2012-06-20 16:56 . 2012-01-30 04:25     71104   ----a-w-        c:\windows\CouponPrinter.ocx
  93. 2012-06-11 22:35 . 2012-06-11 22:35     21712   ----a-w-        c:\windows\SysWow64\drivers\DrvAgent64.SYS
  94. 2012-06-11 18:59 . 2012-06-11 18:59     10248192        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
  95. 2012-06-11 18:35 . 2012-06-11 18:35     70144   ----a-w-        c:\windows\system32\coinst_8.98.dll
  96. 2012-06-11 18:29 . 2012-06-11 18:29     24826368        ----a-w-        c:\windows\system32\atio6axx.dll
  97. 2012-06-11 18:00 . 2012-06-11 18:00     20467712        ----a-w-        c:\windows\SysWow64\atioglxx.dll
  98. 2012-06-11 17:50 . 2012-06-11 17:50     187392  ----a-w-        c:\windows\system32\clinfo.exe
  99. 2012-06-11 17:50 . 2012-06-11 17:50     75264   ----a-w-        c:\windows\system32\OpenVideo64.dll
  100. 2012-06-11 17:50 . 2012-06-11 17:50     65024   ----a-w-        c:\windows\SysWow64\OpenVideo.dll
  101. 2012-06-11 17:50 . 2012-06-11 17:50     63488   ----a-w-        c:\windows\system32\OVDecode64.dll
  102. 2012-06-11 17:50 . 2012-06-11 17:50     56320   ----a-w-        c:\windows\SysWow64\OVDecode.dll
  103. 2012-06-11 17:50 . 2012-06-11 17:50     16457728        ----a-w-        c:\windows\system32\amdocl64.dll
  104. 2012-06-11 17:49 . 2012-06-11 17:49     13008896        ----a-w-        c:\windows\SysWow64\amdocl.dll
  105. 2012-06-11 17:48 . 2012-06-11 17:48     54784   ----a-w-        c:\windows\system32\OpenCL.dll
  106. 2012-06-11 17:48 . 2012-06-11 17:48     50176   ----a-w-        c:\windows\SysWow64\OpenCL.dll
  107. 2012-06-11 17:25 . 2012-06-11 17:25     163840  ----a-w-        c:\windows\system32\atiapfxx.exe
  108. 2012-06-11 17:24 . 2011-11-29 03:35     924160  ----a-w-        c:\windows\SysWow64\aticfx32.dll
  109. 2012-06-11 17:23 . 2011-11-29 03:35     1090560 ----a-w-        c:\windows\system32\aticfx64.dll
  110. 2012-06-11 17:20 . 2011-11-29 03:35     442368  ----a-w-        c:\windows\system32\ATIDEMGX.dll
  111. 2012-06-11 17:19 . 2012-06-11 17:19     532992  ----a-w-        c:\windows\system32\atieclxx.exe
  112. 2012-06-11 17:19 . 2012-06-11 17:19     239616  ----a-w-        c:\windows\system32\atiesrxx.exe
  113. 2012-06-11 17:17 . 2012-06-11 17:17     120320  ----a-w-        c:\windows\system32\atitmm64.dll
  114. 2012-06-11 17:17 . 2012-06-11 17:17     21504   ----a-w-        c:\windows\system32\atimuixx.dll
  115. 2012-06-11 17:17 . 2012-06-11 17:17     59392   ----a-w-        c:\windows\system32\atiedu64.dll
  116. 2012-06-11 17:17 . 2012-06-11 17:17     43520   ----a-w-        c:\windows\SysWow64\ati2edxx.dll
  117. 2012-06-11 17:16 . 2011-11-29 03:35     6301696 ----a-w-        c:\windows\SysWow64\atidxx32.dll
  118. 2012-06-11 17:01 . 2011-11-29 03:35     6914560 ----a-w-        c:\windows\system32\atidxx64.dll
  119. 2012-06-11 16:51 . 2011-11-29 03:35     4246528 ----a-w-        c:\windows\system32\atiumd6a.dll
  120. 2012-06-11 16:45 . 2012-06-11 16:45     51200   ----a-w-        c:\windows\system32\aticalrt64.dll
  121. 2012-06-11 16:45 . 2012-06-11 16:45     46080   ----a-w-        c:\windows\SysWow64\aticalrt.dll
  122. 2012-06-11 16:45 . 2011-11-29 03:35     5480448 ----a-w-        c:\windows\SysWow64\atiumdag.dll
  123. 2012-06-11 16:45 . 2012-06-11 16:45     44544   ----a-w-        c:\windows\system32\aticalcl64.dll
  124. 2012-06-11 16:45 . 2012-06-11 16:45     44032   ----a-w-        c:\windows\SysWow64\aticalcl.dll
  125. 2012-06-11 16:45 . 2012-06-11 16:45     15703040        ----a-w-        c:\windows\system32\aticaldd64.dll
  126. 2012-06-11 16:43 . 2011-11-29 03:35     4729344 ----a-w-        c:\windows\SysWow64\atiumdva.dll
  127. 2012-06-11 16:40 . 2012-06-11 16:40     13277696        ----a-w-        c:\windows\SysWow64\aticaldd.dll
  128. 2012-06-11 16:36 . 2011-11-29 03:35     6605824 ----a-w-        c:\windows\system32\atiumd64.dll
  129. 2012-06-11 16:27 . 2011-11-29 03:35     539136  ----a-w-        c:\windows\system32\atiadlxx.dll
  130. 2012-06-11 16:26 . 2012-06-11 16:26     368640  ----a-w-        c:\windows\SysWow64\atiadlxy.dll
  131. 2012-06-11 16:26 . 2012-06-11 16:26     17920   ----a-w-        c:\windows\system32\atig6pxx.dll
  132. 2012-06-11 16:26 . 2012-06-11 16:26     14848   ----a-w-        c:\windows\SysWow64\atiglpxx.dll
  133. 2012-06-11 16:26 . 2012-06-11 16:26     14848   ----a-w-        c:\windows\system32\atiglpxx.dll
  134. 2012-06-11 16:26 . 2012-06-11 16:26     41984   ----a-w-        c:\windows\system32\atig6txx.dll
  135. 2012-06-11 16:26 . 2012-06-11 16:26     33280   ----a-w-        c:\windows\SysWow64\atigktxx.dll
  136. 2012-06-11 16:26 . 2012-06-11 16:26     367616  ----a-w-        c:\windows\system32\drivers\atikmpag.sys
  137. 2012-06-11 16:25 . 2011-11-29 03:35     54784   ----a-w-        c:\windows\system32\atiuxp64.dll
  138. 2012-06-11 16:25 . 2011-11-29 03:35     42496   ----a-w-        c:\windows\SysWow64\atiuxpag.dll
  139. 2012-06-11 16:25 . 2011-11-29 03:35     45056   ----a-w-        c:\windows\system32\atiu9p64.dll
  140. 2012-06-11 16:24 . 2011-11-29 03:35     32768   ----a-w-        c:\windows\SysWow64\atiu9pag.dll
  141. 2012-06-11 16:24 . 2012-06-11 16:24     53248   ----a-w-        c:\windows\system32\drivers\ati2erec.dll
  142. 2012-06-11 16:23 . 2012-06-11 16:23     56320   ----a-w-        c:\windows\system32\atimpc64.dll
  143. 2012-06-11 16:23 . 2012-06-11 16:23     56320   ----a-w-        c:\windows\system32\amdpcom64.dll
  144. 2012-06-11 16:23 . 2012-06-11 16:23     56832   ----a-w-        c:\windows\SysWow64\atimpc32.dll
  145. 2012-06-11 16:23 . 2012-06-11 16:23     56832   ----a-w-        c:\windows\SysWow64\amdpcom32.dll
  146. 2012-06-09 06:37 . 2012-06-27 19:58     942744  ----a-w-        c:\windows\system32\vnetlib64.dll
  147. 2012-06-09 06:37 . 2012-06-27 19:59     63128   ----a-w-        c:\windows\system32\drivers\vmx86.sys
  148. 2012-06-09 06:37 . 2012-06-27 19:58     433816  ----a-w-        c:\windows\SysWow64\vmnat.exe
  149. 2012-06-09 06:36 . 2012-06-27 19:59     354456  ----a-w-        c:\windows\SysWow64\vmnetdhcp.exe
  150. 2012-06-09 06:36 . 2012-06-27 19:58     32920   ----a-w-        c:\windows\system32\drivers\VMkbd.sys
  151. 2012-06-09 06:35 . 2012-06-27 19:58     30360   ----a-w-        c:\windows\system32\drivers\vmnetuserif.sys
  152. 2012-06-09 04:29 . 2012-06-09 04:29     252056  ----a-w-        c:\windows\SysWow64\vmnc.dll
  153. 2012-06-09 03:52 . 2012-06-09 03:52     62064   ----a-w-        c:\windows\system32\vmnetbridge.dll
  154. 2012-06-09 03:52 . 2012-06-09 03:52     48752   ----a-w-        c:\windows\system32\vnetinst.dll
  155. 2012-06-09 03:52 . 2012-06-09 03:52     45680   ----a-w-        c:\windows\system32\drivers\vmnetbridge.sys
  156. 2012-06-09 03:52 . 2012-06-09 03:52     24176   ----a-w-        c:\windows\system32\drivers\vmnet.sys
  157. 2012-06-09 03:52 . 2012-06-09 03:52     20080   ----a-w-        c:\windows\system32\drivers\vmnetadapter.sys
  158. 2012-06-02 22:19 . 2012-06-21 14:58     38424   ----a-w-        c:\windows\system32\wups.dll
  159. 2012-06-02 22:19 . 2012-06-21 14:58     2428952 ----a-w-        c:\windows\system32\wuaueng.dll
  160. 2012-06-02 22:19 . 2012-06-21 14:58     57880   ----a-w-        c:\windows\system32\wuauclt.exe
  161. 2012-06-02 22:19 . 2012-06-21 14:58     44056   ----a-w-        c:\windows\system32\wups2.dll
  162. 2012-06-02 22:19 . 2012-06-21 14:58     701976  ----a-w-        c:\windows\system32\wuapi.dll
  163. 2012-06-02 22:15 . 2012-06-21 14:58     2622464 ----a-w-        c:\windows\system32\wucltux.dll
  164. 2012-06-02 22:15 . 2012-06-21 14:58     99840   ----a-w-        c:\windows\system32\wudriver.dll
  165. 2012-06-02 19:19 . 2012-06-21 14:58     186752  ----a-w-        c:\windows\system32\wuwebv.dll
  166. 2012-06-02 19:15 . 2012-06-21 14:58     36864   ----a-w-        c:\windows\system32\wuapp.exe
  167. 2012-05-31 16:25 . 2010-11-21 03:27     279656  ------w-        c:\windows\system32\MpSigStub.exe
  168. 2012-05-26 01:27 . 2012-05-26 01:27     283200  ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
  169. 2012-05-22 18:26 . 2012-06-12 19:35     224088  ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys
  170. 2012-05-22 18:26 . 2012-06-12 19:35     130904  ----a-w-        c:\windows\system32\drivers\VBoxUSBMon.sys
  171. 2012-05-22 18:26 . 2012-05-22 18:26     147288  ----a-w-        c:\windows\system32\drivers\VBoxNetAdp.sys
  172. .
  173. .
  174. (((((((((((((((((((((((((((((   SnapShot@2012-08-10_01.39.09   )))))))))))))))))))))))))))))))))))))))))
  175. .
  176. + 2009-07-14 04:54 . 2012-08-10 14:43   65536              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  177. - 2012-08-10 00:31 . 2012-08-10 01:28   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
  178. + 2012-08-10 00:31 . 2012-08-10 02:02   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
  179. + 2010-11-21 03:09 . 2012-08-10 14:31   70374              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
  180. + 2009-07-14 05:10 . 2012-08-10 14:31   39072              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
  181. + 2011-12-04 01:13 . 2012-08-10 14:31   12464              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-429187932-3786980191-3492412829-1001_UserData.bin
  182. + 2011-12-03 23:43 . 2012-08-10 14:28   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  183. - 2011-12-03 23:43 . 2012-08-09 15:53   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  184. + 2011-12-03 23:43 . 2012-08-10 14:28   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  185. - 2011-12-03 23:43 . 2012-08-09 15:53   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  186. - 2009-07-14 04:54 . 2012-08-09 15:53   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  187. + 2009-07-14 04:54 . 2012-08-10 14:28   16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  188. - 2012-08-10 01:38 . 2012-08-10 01:38   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  189. + 2012-08-10 14:27 . 2012-08-10 14:27   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  190. - 2012-08-10 01:38 . 2012-08-10 01:38   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  191. + 2012-08-10 14:27 . 2012-08-10 14:27   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  192. - 2012-08-10 00:31 . 2012-08-10 00:29   262144              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
  193. + 2012-08-10 00:31 . 2012-08-10 02:02   262144              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
  194. + 2009-07-14 04:54 . 2012-08-10 14:43   311296              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  195. + 2009-07-14 05:01 . 2012-08-10 14:26   559452              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
  196. - 2009-07-14 05:01 . 2012-08-10 01:37   559452              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
  197. + 2012-08-09 18:03 . 2012-08-10 14:43   1032192              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  198. - 2011-11-29 02:25 . 2012-08-10 01:37   6438360              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
  199. + 2011-11-29 02:25 . 2012-08-10 14:26   6438360              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
  200. + 2012-08-06 18:33 . 2012-08-10 14:26   1074748              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
  201. + 2011-12-04 01:09 . 2012-08-10 14:26   65960854              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-429187932-3786980191-3492412829-1001-12288.dat
  202. .
  203. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
  204. .
  205. .
  206. *Note* empty entries & legit default entries are not shown
  207. REGEDIT4
  208. .
  209. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  210. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  211. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  212. 2012-01-18 18:49        94208   ----a-w-        c:\users\Matthews\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  213. .
  214. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  215. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  216. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  217. 2012-01-18 18:49        94208   ----a-w-        c:\users\Matthews\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  218. .
  219. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  220. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  221. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  222. 2012-01-18 18:49        94208   ----a-w-        c:\users\Matthews\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  223. .
  224. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  225. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  226. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  227. 2012-01-18 18:49        94208   ----a-w-        c:\users\Matthews\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  228. .
  229. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  230. "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-03 1353080]
  231. "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048]
  232. "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
  233. "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
  234. "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
  235. "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
  236. "MusicManager"="c:\users\Matthews\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
  237. .
  238. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  239. "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
  240. "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
  241. "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
  242. "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
  243. "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
  244. "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
  245. "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
  246. "GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
  247. "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
  248. "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
  249. "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
  250. "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
  251. "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
  252. "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
  253. "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
  254. "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
  255. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
  256. "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
  257. "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
  258. "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
  259. .
  260. c:\users\Matthews\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  261. Dropbox.lnk - c:\users\Matthews\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
  262. .
  263. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  264. Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-7-18 6536304]
  265. .
  266. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  267. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  268. "ConsentPromptBehaviorUser"= 3 (0x3)
  269. "EnableLUA"= 0 (0x0)
  270. "EnableUIADesktopToggle"= 0 (0x0)
  271. "PromptOnSecureDesktop"= 0 (0x0)
  272. .
  273. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  274. Security Packages       REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  275. .
  276. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
  277. @=""
  278. .
  279. R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
  280. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  281. R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-07-13 150920]
  282. R2 hMailServer;hMailServer;c:\program files (x86)\hMailServer\Bin\hMailServer.exe RunAsService [x]
  283. R2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL -D C:/METASP~1/POSTGR~1/data [x]
  284. R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
  285. R2 ShellfireVPN2Service;ShellfireVPN2Service;c:\program files (x86)\ShellfireVPN\jre6\bin\java -classpath c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe [x]
  286. R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
  287. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
  288. R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-24 185856]
  289. R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
  290. R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-06-11 21712]
  291. R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
  292. R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
  293. R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976]
  294. R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
  295. R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
  296. R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
  297. R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
  298. R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-05-14 10568]
  299. R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
  300. R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
  301. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
  302. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
  303. R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
  304. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
  305. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-04 1255736]
  306. R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
  307. R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
  308. S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
  309. S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
  310. S1 aswSnx;aswSnx; [x]
  311. S1 aswSP;aswSP; [x]
  312. S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-26 283200]
  313. S1 GIDv2;GIDv2; [x]
  314. S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-10 41704]
  315. S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
  316. S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
  317. S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
  318. S2 AcuWVSSchedulerv7;Acunetix WVS Scheduler v7;c:\program files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe [2010-09-21 674104]
  319. S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
  320. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
  321. S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2012-06-06 22016]
  322. S2 aswFsBlk;aswFsBlk; [x]
  323. S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
  324. S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
  325. S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-07-13 471408]
  326. S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-07-10 385392]
  327. S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
  328. S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-07-18 66160]
  329. S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
  330. S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
  331. S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
  332. S2 metasploitProSvc;Metasploit Pro Service;c:\metasp~1\ruby\bin\rubyw.exe [2011-07-30 436267]
  333. S2 metasploitThin;Metasploit Thin Service;c:\metasp~1\ruby\bin\rubyw.exe [2011-07-30 436267]
  334. S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
  335. S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
  336. S2 postgresql-x64-9.1;postgresql-x64-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-x64-9.1 -D C:/Program Files/PostgreSQL/9.1/data -w [x]
  337. S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
  338. S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
  339. S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
  340. S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-03-09 109064]
  341. S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
  342. S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
  343. S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
  344. S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
  345. S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
  346. S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
  347. S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
  348. S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
  349. S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
  350. S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
  351. S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
  352. S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
  353. .
  354. .
  355. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
  356. 2011-07-05 15:26        435976  ----a-w-        c:\program files (x86)\SFT\GuardedID\GIDI.exe
  357. .
  358. Contents of the 'Scheduled Tasks' folder
  359. .
  360. 2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
  361. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:49]
  362. .
  363. 2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429187932-3786980191-3492412829-1001Core.job
  364. - c:\users\Matthews\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 22:00]
  365. .
  366. 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429187932-3786980191-3492412829-1001UA.job
  367. - c:\users\Matthews\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 22:00]
  368. .
  369. 2012-07-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
  370. - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
  371. .
  372. 2012-08-10 c:\windows\Tasks\SystemToolsDailyTest.job
  373. - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
  374. .
  375. .
  376. --------- X64 Entries -----------
  377. .
  378. .
  379. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
  380. @="{472083B0-C522-11CF-8763-00608CC02F24}"
  381. [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
  382. 2012-07-03 16:21        133400  ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
  383. .
  384. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  385. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  386. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  387. 2012-01-18 18:49        97792   ----a-w-        c:\users\Matthews\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
  388. .
  389. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  390. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  391. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  392. 2012-01-18 18:49        97792   ----a-w-        c:\users\Matthews\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
  393. .
  394. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  395. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  396. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  397. 2012-01-18 18:49        97792   ----a-w-        c:\users\Matthews\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
  398. .
  399. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  400. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  401. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  402. 2012-01-18 18:49        97792   ----a-w-        c:\users\Matthews\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
  403. .
  404. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  405. "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
  406. "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
  407. "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
  408. "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
  409. "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
  410. "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
  411. .
  412. ------- Supplementary Scan -------
  413. .
  414. uLocal Page = c:\windows\system32\blank.htm
  415. uStart Page = hxxp://mystart.incredibar.com/mb161?a=6R8vB9KTPu&i=26
  416. mLocal Page = c:\windows\SysWOW64\blank.htm
  417. uInternet Settings,ProxyOverride = local
  418. uInternet Settings,ProxyServer = 77.122.68.157:808
  419. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
  420. IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
  421. LSP: %SystemRoot%\system32\vsocklib.dll
  422. TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
  423. TCP: Interfaces\{527914D5-95B3-4508-8B21-ED524C35E5AA}: DhcpNameServer = 75.75.75.75 75.75.76.76
  424. FF - ProfilePath - c:\users\Matthews\AppData\Roaming\Mozilla\Firefox\Profiles\ld5r5ti2.default\
  425. FF - prefs.js: browser.search.selectedEngine - Google
  426. FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
  427. FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=
  428. FF - prefs.js: network.proxy.http - localhost
  429. FF - prefs.js: network.proxy.http_port - 8080
  430. FF - prefs.js: network.proxy.type - 1
  431. FF - user.js: extentions.y2layers.installId - 5b657faf-d174-4fc5-bf53-52dfca39559e
  432. FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
  433. FF - user.js: extensions.autoDisableScopes - 14
  434. FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110014
  435. FF - user.js: extensions.BabylonToolbar_i.babExt -
  436. FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
  437. FF - user.js: extensions.BabylonToolbar_i.id - 78e5282300000000000000ffabe1af98
  438. FF - user.js: extensions.BabylonToolbar_i.hardId - 78e5282300000000000000ffabe1af98
  439. FF - user.js: extensions.BabylonToolbar_i.instlDay - 15459
  440. FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
  441. FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
  442. FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:45
  443. FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
  444. FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
  445. FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
  446. FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
  447. FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
  448. FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
  449. FF - user.js: extensions.incredibar_i.newTab - false
  450. FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8vB9KTPu&loc=IB_TB&i=26&search=
  451. FF - user.js: extensions.incredibar_i.id - 78e5282300000000000000ff997513e3
  452. FF - user.js: extensions.incredibar_i.instlDay - 15501
  453. FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
  454. FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
  455. FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1414:19
  456. FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
  457. FF - user.js: extensions.incredibar_i.prdct - incredibar
  458. FF - user.js: extensions.incredibar_i.aflt - orgnl
  459. FF - user.js: extensions.incredibar_i.smplGrp - none
  460. FF - user.js: extensions.incredibar_i.tlbrId - base
  461. FF - user.js: extensions.incredibar_i.instlRef -
  462. FF - user.js: extensions.incredibar_i.dfltLng -
  463. FF - user.js: extensions.incredibar_i.excTlbr - false
  464. FF - user.js: extensions.incredibar_i.ms_url_id -
  465. FF - user.js: extensions.incredibar_i.upn2 - 6R8vB9KTPu
  466. FF - user.js: extensions.incredibar_i.upn2n - 92824512638813076
  467. FF - user.js: extensions.incredibar_i.productid - 26
  468. FF - user.js: extensions.incredibar_i.installerproductid - 26
  469. FF - user.js: extensions.incredibar_i.did - 10643
  470. FF - user.js: extensions.incredibar_i.ppd - 26
  471. .
  472. - - - - ORPHANS REMOVED - - - -
  473. .
  474. Toolbar-Locked - (no file)
  475. .
  476. .
  477. .
  478. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL]
  479. "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
  480. --
  481. .
  482. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]
  483. "ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
  484. .
  485. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL]
  486. "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
  487. .
  488. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
  489. "ImagePath"="c:\windows\system32\GameMon.des -service"
  490. .
  491. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
  492. "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
  493. .
  494. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]
  495. "ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
  496. .
  497. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellfireVPN2Service]
  498. "ImagePath"="\"c:\program files (x86)\ShellfireVPN\jre6\bin\java\" \"-classpath\" \"c:\program files (x86)\ShellfireVPN\ShellfireVPN2.exe\" \"-Xrs\" \"-Dwrapper.service=true\" \"-Dwrapper.working.dir=c:\program files (x86)\ShellfireVPN\" \"-Dwrapper.config=c:\users\Matthews\AppData\Roaming\ShellfireVPN\start.conf\" \"-Dwrapper.additional.1x=-Xrs\" \"-Dwrapper.stop.conf=c:\users\Matthews\AppData\Roaming\ShellfireVPN\stop.conf\" \"org.rzo.yajsw.boot.WrapperServiceBooter\" "
  499. .
  500. --------------------- LOCKED REGISTRY KEYS ---------------------
  501. .
  502. [HKEY_USERS\S-1-5-21-429187932-3786980191-3492412829-1001\Software\SecuROM\License information*]
  503. "datasecu"=hex:9c,26,dc,18,3b,a1,95,b2,13,6f,6f,41,42,92,cb,e9,c3,fc,10,15,9a,
  504.    25,dd,e1,7d,c2,99,a9,e1,65,c9,92,17,bf,08,12,29,cf,25,ab,f4,7c,d5,13,4a,95,\
  505. "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
  506. .
  507. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  508. @Denied: (A 2) (Everyone)
  509. @="FlashBroker"
  510. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
  511. .
  512. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  513. "Enabled"=dword:00000001
  514. .
  515. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  516. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
  517. .
  518. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  519. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  520. .
  521. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  522. @Denied: (A 2) (Everyone)
  523. @="Shockwave Flash Object"
  524. .
  525. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  526. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
  527. "ThreadingModel"="Apartment"
  528. .
  529. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  530. @="0"
  531. .
  532. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  533. @="ShockwaveFlash.ShockwaveFlash.11"
  534. .
  535. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  536. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
  537. .
  538. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  539. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  540. .
  541. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  542. @="1.0"
  543. .
  544. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  545. @="ShockwaveFlash.ShockwaveFlash"
  546. .
  547. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  548. @Denied: (A 2) (Everyone)
  549. @="Macromedia Flash Factory Object"
  550. .
  551. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  552. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
  553. "ThreadingModel"="Apartment"
  554. .
  555. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  556. @="FlashFactory.FlashFactory.1"
  557. .
  558. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  559. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
  560. .
  561. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  562. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  563. .
  564. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  565. @="1.0"
  566. .
  567. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  568. @="FlashFactory.FlashFactory"
  569. .
  570. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  571. @Denied: (A 2) (Everyone)
  572. @="IFlashBroker4"
  573. .
  574. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  575. @="{00020424-0000-0000-C000-000000000046}"
  576. .
  577. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  578. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  579. "Version"="1.0"
  580. .
  581. [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
  582. "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  583.    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
  584. .
  585. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  586. @Denied: (A) (Everyone)
  587. "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  588. .
  589. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  590. @Denied: (A) (Everyone)
  591. .
  592. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  593. "Key"="ActionsPane3"
  594. "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  595. .
  596. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  597. @Denied: (A) (Users)
  598. @Denied: (A) (Everyone)
  599. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  600. "BlindDial"=dword:00000000
  601. .
  602. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  603. @Denied: (A) (Users)
  604. @Denied: (A) (Everyone)
  605. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  606. "BlindDial"=dword:00000000
  607. .
  608. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  609. @Denied: (Full) (Everyone)
  610. .
  611. Completion time: 2012-08-10  12:57:52
  612. ComboFix-quarantined-files.txt  2012-08-10 16:57
  613. ComboFix2.txt  2012-08-10 02:04
  614. ComboFix3.txt  2012-08-10 01:46
  615. .
  616. Pre-Run: 516,151,164,928 bytes free
  617. Post-Run: 515,541,049,344 bytes free
  618. .
  619. - - End Of File - - CD9CB0A6B08C8DE0F9601A807BBB0871
create a new version of this paste RAW Paste Data