API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 12th, 2012
95
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.02 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-04-12.03 - Ivan 2.04.2012. 22:05:47.1.2 - x86
  2. Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1535.723 [GMT 2:00]
  3. Running from: c:\users\Ivan\Desktop\ComboFix.exe
  4. AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
  5. FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
  6. SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
  7. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  8. .
  9. .
  10. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12. .
  13. c:\users\Ivan\AppData\Local\Temp\61e4dc9e-b0a3-4e40-99a9-4cd9049f7d99\CliSecureRT.dll
  14. c:\windows\system32\system32
  15. c:\windows\system32\system32\3DAudio.ax
  16. c:\windows\system32\system32\avrt.dll
  17. c:\windows\system32\system32\cis-2.4.dll
  18. c:\windows\system32\system32\issacapi_bs-2.3.dll
  19. c:\windows\system32\system32\issacapi_pe-2.3.dll
  20. c:\windows\system32\system32\issacapi_se-2.3.dll
  21. c:\windows\system32\system32\MACXMLProto.dll
  22. c:\windows\system32\system32\MaDRM.dll
  23. c:\windows\system32\system32\MaJGUILib.dll
  24. c:\windows\system32\system32\MAMACExtract.dll
  25. c:\windows\system32\system32\MASetupCleaner.exe
  26. c:\windows\system32\system32\MaXMLProto.dll
  27. c:\windows\system32\system32\mfplat.dll
  28. c:\windows\system32\system32\MK_Lyric.dll
  29. c:\windows\system32\system32\MSCLib.dll
  30. c:\windows\system32\system32\MSFLib.dll
  31. c:\windows\system32\system32\MSLUR71.dll
  32. c:\windows\system32\system32\msvcp60.dll
  33. c:\windows\system32\system32\MTTELECHIP.dll
  34. c:\windows\system32\system32\MTXSYNCICON.dll
  35. c:\windows\system32\system32\muzaf1.dll
  36. c:\windows\system32\system32\muzapp.dll
  37. c:\windows\system32\system32\muzapp.exe
  38. c:\windows\system32\system32\muzdecode.ax
  39. c:\windows\system32\system32\muzeffect.ax
  40. c:\windows\system32\system32\muzmp4sp.ax
  41. c:\windows\system32\system32\muzmpgsp.ax
  42. c:\windows\system32\system32\muzoggsp.ax
  43. c:\windows\system32\system32\muzwmts.dll
  44. c:\windows\system32\system32\psapi.dll
  45. .
  46. .
  47. ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
  48. .
  49. .
  50. 2012-04-12 20:45 . 2012-04-12 20:47 -------- d-----w- c:\users\Ivan\AppData\Local\temp
  51. 2012-04-12 20:45 . 2012-04-12 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
  52. 2012-04-12 20:18 . 2012-04-12 20:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{637C7D9E-A989-4B5A-B133-EAB0181B1779}\offreg.dll
  53. 2012-04-12 10:15 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
  54. 2012-04-12 10:15 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
  55. 2012-04-12 10:15 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
  56. 2012-04-12 10:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
  57. 2012-04-12 10:15 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
  58. 2012-04-12 10:15 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
  59. 2012-04-12 08:21 . 2012-02-28 05:34 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
  60. 2012-04-12 08:21 . 2012-02-28 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
  61. 2012-04-12 08:21 . 2012-02-28 05:34 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
  62. 2012-04-12 08:21 . 2012-02-28 03:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
  63. 2012-04-11 20:24 . 2012-04-11 20:24 -------- d-----w- c:\users\Ivan\AppData\Local\ESET
  64. 2012-04-11 19:47 . 2012-04-11 19:47 -------- d-----w- c:\program files\ESET
  65. 2012-04-10 08:46 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{637C7D9E-A989-4B5A-B133-EAB0181B1779}\mpengine.dll
  66. 2012-04-07 14:51 . 2012-04-07 14:51 -------- d-----w- c:\program files\Common Files\Java
  67. 2012-04-05 11:25 . 2012-04-12 20:47 -------- d-----r- c:\users\Ivan\Dropbox
  68. 2012-04-05 11:21 . 2012-04-12 20:47 -------- d-----w- c:\users\Ivan\AppData\Roaming\Dropbox
  69. 2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll
  70. 2012-03-29 21:22 . 2012-04-12 09:58 -------- d-----w- c:\users\Ivan\AppData\Local\BlueStacks
  71. 2012-03-29 09:24 . 2012-03-29 10:15 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
  72. 2012-03-14 18:13 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
  73. 2012-03-14 18:13 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
  74. 2012-03-14 12:07 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
  75. 2012-03-14 12:07 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
  76. 2012-03-14 12:07 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
  77. 2012-03-14 12:07 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
  78. 2012-03-14 12:07 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
  79. 2012-03-14 12:07 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
  80. 2012-03-14 12:07 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
  81. .
  82. .
  83. .
  84. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  85. .
  86. 2012-04-07 14:50 . 2011-07-17 17:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
  87. 2012-03-29 10:15 . 2011-07-16 21:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  88. 2012-02-23 08:18 . 2011-11-07 09:15 237072 ------w- c:\windows\system32\MpSigStub.exe
  89. 2012-01-31 00:15 . 2011-08-03 15:02 4659712 ----a-w- c:\windows\system32\Redemption.dll
  90. 2012-01-31 00:15 . 2012-01-31 00:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
  91. 2012-01-31 00:15 . 2012-01-31 00:15 325552 ----a-w- c:\windows\MASetupCaller.dll
  92. 2012-01-31 00:15 . 2012-03-10 20:50 821824 ----a-w- c:\windows\system32\dgderapi.dll
  93. 2012-01-20 13:14 . 2012-02-04 10:17 17280 ----a-w- c:\windows\system32\roboot.exe
  94. 2012-01-26 20:07 . 2011-07-16 20:47 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  95. .
  96. .
  97. ------- Sigcheck -------
  98. Note: Unsigned files aren't necessarily malware.
  99. .
  100. [-] 2011-07-29 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
  101. [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
  102. [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
  103. .
  104. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  105. .
  106. .
  107. *Note* empty entries & legit default entries are not shown
  108. REGEDIT4
  109. .
  110. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  111. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  112. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  113. 2012-02-14 22:58 94208 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  114. .
  115. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  116. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  117. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  118. 2012-02-14 22:58 94208 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  119. .
  120. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  121. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  122. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  123. 2012-02-14 22:58 94208 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  124. .
  125. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  126. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  127. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  128. 2012-02-14 22:58 94208 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  129. .
  130. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  131. "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-03 21416]
  132. "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
  133. .
  134. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  135. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
  136. "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
  137. "tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
  138. "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
  139. "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
  140. "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
  141. "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
  142. "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
  143. "DT HWP"="c:\program files\Portrait Displays\HP Display Assistant\DTHtml.exe" [2007-06-29 277504]
  144. "FILSHtray"="c:\program files\FILSHtray\FILSHtray.exe" [2012-02-06 597504]
  145. "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624]
  146. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
  147. "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
  148. .
  149. c:\users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  150. Dropbox.lnk - c:\users\Ivan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
  151. OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
  152. .
  153. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  154. Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]
  155. .
  156. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  157. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  158. "ConsentPromptBehaviorUser"= 3 (0x3)
  159. "EnableLUA"= 0 (0x0)
  160. "EnableUIADesktopToggle"= 0 (0x0)
  161. "PromptOnSecureDesktop"= 0 (0x0)
  162. "SoftwareSASGeneration"= 1 (0x1)
  163. .
  164. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  165. R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
  166. R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
  167. R3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus.sys [2009-08-05 23368]
  168. R3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\DRIVERS\GRemoteJoy.sys [2009-08-05 39112]
  169. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
  170. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
  171. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
  172. R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
  173. R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
  174. S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
  175. S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
  176. S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
  177. S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
  178. S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2008-12-18 25680]
  179. S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
  180. S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
  181. S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
  182. S2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-07-15 31232]
  183. S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
  184. S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
  185. S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
  186. S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
  187. .
  188. .
  189. --- Other Services/Drivers In Memory ---
  190. .
  191. *NewlyCreated* - WS2IFSL
  192. .
  193. Contents of the 'Scheduled Tasks' folder
  194. .
  195. 2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
  196. - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:15]
  197. .
  198. 2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2469409868-2115416668-3130279776-1001Core.job
  199. - c:\users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-18 13:54]
  200. .
  201. 2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2469409868-2115416668-3130279776-1001UA.job
  202. - c:\users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-18 13:54]
  203. .
  204. 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2469409868-2115416668-3130279776-1001Core.job
  205. - c:\users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 20:36]
  206. .
  207. 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2469409868-2115416668-3130279776-1001UA.job
  208. - c:\users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 20:36]
  209. .
  210. .
  211. ------- Supplementary Scan -------
  212. .
  213. uStart Page = about:blank
  214. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  215. TCP: DhcpNameServer = 192.168.1.254
  216. TCP: Interfaces\{5BA79120-009E-4FFB-86A2-E9F5DBCA3AB6}: NameServer = 8.26.56.26,156.154.70.22
  217. FF - ProfilePath - c:\users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ciuihkqf.default\
  218. FF - prefs.js: browser.search.selectedEngine - Google
  219. FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
  220. FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B41f4bf9d-5fb8-48eb-9153-8ff0e0466a46%7D&mid=0d7a5a33a1f444628078f531fa4f0c2f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-09-26%2010%3A45%3A24&sap=ku&q=
  221. FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
  222. FF - user.js: extensions.BabylonToolbar_i.babExt -
  223. FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
  224. FF - user.js: extensions.BabylonToolbar_i.id - 449121f80000000000000009dd5053cd
  225. FF - user.js: extensions.BabylonToolbar_i.hardId - 449121f80000000000000009dd5053cd
  226. FF - user.js: extensions.BabylonToolbar_i.instlDay - 15374
  227. FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
  228. FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
  229. FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:16
  230. FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
  231. FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
  232. FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
  233. FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
  234. FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
  235. FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
  236. .
  237. - - - - ORPHANS REMOVED - - - -
  238. .
  239. URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
  240. WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
  241. HKLM-Run-Cmaudio - cmicnfg.cpl
  242. HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
  243. AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
  244. AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
  245. AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
  246. AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
  247. AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
  248. AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
  249. AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
  250. AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
  251. AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
  252. AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
  253. AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
  254. AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
  255. AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
  256. AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
  257. AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
  258. AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
  259. AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
  260. AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
  261. AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
  262. AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
  263. .
  264. .
  265. .
  266. --------------------- LOCKED REGISTRY KEYS ---------------------
  267. .
  268. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  269. @Denied: (A) (Users)
  270. @Denied: (A) (Everyone)
  271. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  272. "BlindDial"=dword:00000000
  273. .
  274. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
  275. @Denied: (A) (Users)
  276. @Denied: (A) (Everyone)
  277. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  278. "BlindDial"=dword:00000000
  279. .
  280. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
  281. @Denied: (A) (Users)
  282. @Denied: (A) (Everyone)
  283. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  284. "BlindDial"=dword:00000000
  285. .
  286. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
  287. @Denied: (A) (Users)
  288. @Denied: (A) (Everyone)
  289. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  290. "BlindDial"=dword:00000000
  291. .
  292. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
  293. @Denied: (A) (Users)
  294. @Denied: (A) (Everyone)
  295. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  296. "BlindDial"=dword:00000000
  297. .
  298. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
  299. @Denied: (A) (Users)
  300. @Denied: (A) (Everyone)
  301. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  302. "BlindDial"=dword:00000000
  303. .
  304. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
  305. @Denied: (A) (Users)
  306. @Denied: (A) (Everyone)
  307. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  308. "BlindDial"=dword:00000000
  309. .
  310. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
  311. @Denied: (A) (Users)
  312. @Denied: (A) (Everyone)
  313. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  314. "BlindDial"=dword:00000000
  315. .
  316. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
  317. @Denied: (A) (Users)
  318. @Denied: (A) (Everyone)
  319. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  320. "BlindDial"=dword:00000000
  321. .
  322. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
  323. @Denied: (A) (Users)
  324. @Denied: (A) (Everyone)
  325. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  326. "BlindDial"=dword:00000000
  327. .
  328. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  329. @Denied: (Full) (Everyone)
  330. .
  331. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2dcec260&0&UID268435456\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
  332. @DACL=(02 0000)
  333. .
  334. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2dcec260&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
  335. @DACL=(02 0000)
  336. .
  337. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2dcec260&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
  338. @DACL=(02 0000)
  339. .
  340. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26F0\5&2dcec260&0&UID268435456\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
  341. @DACL=(02 0000)
  342. .
  343. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26F0\5&2dcec260&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
  344. @DACL=(02 0000)
  345. .
  346. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26F0\5&2dcec260&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
  347. @DACL=(02 0000)
  348. .
  349. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0107\5&2dcec260&0&UID268435456\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
  350. @DACL=(02 0000)
  351. .
  352. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0107\5&2dcec260&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
  353. @DACL=(02 0000)
  354. .
  355. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0107\5&2dcec260&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
  356. @DACL=(02 0000)
  357. .
  358. --------------------- DLLs Loaded Under Running Processes ---------------------
  359. .
  360. - - - - - - - > 'Explorer.exe'(3672)
  361. c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  362. .
  363. ------------------------ Other Running Processes ------------------------
  364. .
  365. c:\windows\system32\AUDIODG.EXE
  366. c:\windows\system32\taskhost.exe
  367. c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
  368. c:\windows\system32\conhost.exe
  369. c:\windows\system32\PnkBstrA.exe
  370. c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC.exe
  371. c:\windows\system32\PnkBstrB.exe
  372. c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  373. c:\windows\System32\rundll32.exe
  374. c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
  375. c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
  376. c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
  377. c:\program files\Windows Media Player\wmpnetwk.exe
  378. c:\windows\servicing\TrustedInstaller.exe
  379. .
  380. **************************************************************************
  381. .
  382. Completion time: 2012-04-12 22:53:19 - machine was rebooted
  383. ComboFix-quarantined-files.txt 2012-04-12 20:53
  384. .
  385. Pre-Run: 6.170.861.568 bytes free
  386. Post-Run: 6.090.358.784 bytes free
  387. .
  388. - - End Of File - - CB504ED52DD3A523C49D1CF6F9C09973
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!