Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 12-04-12.03 - Ivan 2.04.2012. 22:05:47.1.2 - x86
- Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1535.723 [GMT 2:00]
- Running from: c:\users\Ivan\Desktop\ComboFix.exe
- AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
- FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
- SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
- SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- .
- .
- ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- c:\users\Ivan\AppData\Local\Temp\61e4dc9e-b0a3-4e40-99a9-4cd9049f7d99\CliSecureRT.dll
- c:\windows\system32\system32
- c:\windows\system32\system32\3DAudio.ax
- c:\windows\system32\system32\avrt.dll
- c:\windows\system32\system32\cis-2.4.dll
- c:\windows\system32\system32\issacapi_bs-2.3.dll
- c:\windows\system32\system32\issacapi_pe-2.3.dll
- c:\windows\system32\system32\issacapi_se-2.3.dll
- c:\windows\system32\system32\MACXMLProto.dll
- c:\windows\system32\system32\MaDRM.dll
- c:\windows\system32\system32\MaJGUILib.dll
- c:\windows\system32\system32\MAMACExtract.dll
- c:\windows\system32\system32\MASetupCleaner.exe
- c:\windows\system32\system32\MaXMLProto.dll
- c:\windows\system32\system32\mfplat.dll
- c:\windows\system32\system32\MK_Lyric.dll
- c:\windows\system32\system32\MSCLib.dll
- c:\windows\system32\system32\MSFLib.dll
- c:\windows\system32\system32\MSLUR71.dll
- c:\windows\system32\system32\msvcp60.dll
- c:\windows\system32\system32\MTTELECHIP.dll
- c:\windows\system32\system32\MTXSYNCICON.dll
- c:\windows\system32\system32\muzaf1.dll
- c:\windows\system32\system32\muzapp.dll
- c:\windows\system32\system32\muzapp.exe
- c:\windows\system32\system32\muzdecode.ax
- c:\windows\system32\system32\muzeffect.ax
- c:\windows\system32\system32\muzmp4sp.ax
- c:\windows\system32\system32\muzmpgsp.ax
- c:\windows\system32\system32\muzoggsp.ax
- c:\windows\system32\system32\muzwmts.dll
- c:\windows\system32\system32\psapi.dll
- .
- .
- ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
- .
- .
- 2012-04-12 20:45 . 2012-04-12 20:47 -------- d-----w- c:\users\Ivan\AppData\Local\temp
- 2012-04-12 20:45 . 2012-04-12 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
- 2012-04-12 20:18 . 2012-04-12 20:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{637C7D9E-A989-4B5A-B133-EAB0181B1779}\offreg.dll
- 2012-04-12 10:15 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
- 2012-04-12 10:15 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
- 2012-04-12 10:15 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
- 2012-04-12 10:15 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
- 2012-04-12 10:15 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
- 2012-04-12 10:15 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
- 2012-04-12 08:21 . 2012-02-28 05:34 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
- 2012-04-12 08:21 . 2012-02-28 05:38 981504 ----a-w- c:\windows\system32\wininet.dll
- 2012-04-12 08:21 . 2012-02-28 05:34 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
- 2012-04-12 08:21 . 2012-02-28 03:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
- 2012-04-11 20:24 . 2012-04-11 20:24 -------- d-----w- c:\users\Ivan\AppData\Local\ESET
- 2012-04-11 19:47 . 2012-04-11 19:47 -------- d-----w- c:\program files\ESET
- 2012-04-10 08:46 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{637C7D9E-A989-4B5A-B133-EAB0181B1779}\mpengine.dll
- 2012-04-07 14:51 . 2012-04-07 14:51 -------- d-----w- c:\program files\Common Files\Java
- 2012-04-05 11:25 . 2012-04-12 20:47 -------- d-----r- c:\users\Ivan\Dropbox
- 2012-04-05 11:21 . 2012-04-12 20:47 -------- d-----w- c:\users\Ivan\AppData\Roaming\Dropbox
- 2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll
- 2012-03-29 21:22 . 2012-04-12 09:58 -------- d-----w- c:\users\Ivan\AppData\Local\BlueStacks
- 2012-03-29 09:24 . 2012-03-29 10:15 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
- 2012-03-14 18:13 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
- 2012-03-14 18:13 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
- 2012-03-14 12:07 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
- 2012-03-14 12:07 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
- 2012-03-14 12:07 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
- 2012-03-14 12:07 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
- 2012-03-14 12:07 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
- 2012-03-14 12:07 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
- 2012-03-14 12:07 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
- .
- .
- .
- (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2012-04-07 14:50 . 2011-07-17 17:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
- 2012-03-29 10:15 . 2011-07-16 21:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
- 2012-02-23 08:18 . 2011-11-07 09:15 237072 ------w- c:\windows\system32\MpSigStub.exe
- 2012-01-31 00:15 . 2011-08-03 15:02 4659712 ----a-w- c:\windows\system32\Redemption.dll
- 2012-01-31 00:15 . 2012-01-31 00:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
- 2012-01-31 00:15 . 2012-01-31 00:15 325552 ----a-w- c:\windows\MASetupCaller.dll
- 2012-01-31 00:15 . 2012-03-10 20:50 821824 ----a-w- c:\windows\system32\dgderapi.dll
- 2012-01-20 13:14 . 2012-02-04 10:17 17280 ----a-w- c:\windows\system32\roboot.exe
- 2012-01-26 20:07 . 2011-07-16 20:47 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
- .
- .
- ------- Sigcheck -------
- Note: Unsigned files aren't necessarily malware.
- .
- [-] 2011-07-29 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
- [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
- [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
- .
- ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* empty entries & legit default entries are not shown
- REGEDIT4
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
- @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
- 2012-02-14 22:58 94208 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
- @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
- 2012-02-14 22:58 94208 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
- @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
- 2012-02-14 22:58 94208 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
- @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
- 2012-02-14 22:58 94208 ----a-w- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
- .
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-03 21416]
- "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
- "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
- "tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
- "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
- "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
- "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
- "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
- "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
- "DT HWP"="c:\program files\Portrait Displays\HP Display Assistant\DTHtml.exe" [2007-06-29 277504]
- "FILSHtray"="c:\program files\FILSHtray\FILSHtray.exe" [2012-02-06 597504]
- "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624]
- "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
- "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
- .
- c:\users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
- Dropbox.lnk - c:\users\Ivan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
- OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
- .
- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
- Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
- "ConsentPromptBehaviorAdmin"= 0 (0x0)
- "ConsentPromptBehaviorUser"= 3 (0x3)
- "EnableLUA"= 0 (0x0)
- "EnableUIADesktopToggle"= 0 (0x0)
- "PromptOnSecureDesktop"= 0 (0x0)
- "SoftwareSASGeneration"= 1 (0x1)
- .
- R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
- R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
- R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
- R3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus.sys [2009-08-05 23368]
- R3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\DRIVERS\GRemoteJoy.sys [2009-08-05 39112]
- R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
- R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
- R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
- R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
- R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
- S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
- S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
- S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
- S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
- S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2008-12-18 25680]
- S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
- S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
- S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
- S2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-07-15 31232]
- S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
- S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
- S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
- S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
- .
- .
- --- Other Services/Drivers In Memory ---
- .
- *NewlyCreated* - WS2IFSL
- .
- Contents of the 'Scheduled Tasks' folder
- .
- 2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:15]
- .
- 2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2469409868-2115416668-3130279776-1001Core.job
- - c:\users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-18 13:54]
- .
- 2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2469409868-2115416668-3130279776-1001UA.job
- - c:\users\Ivan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-18 13:54]
- .
- 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2469409868-2115416668-3130279776-1001Core.job
- - c:\users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 20:36]
- .
- 2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2469409868-2115416668-3130279776-1001UA.job
- - c:\users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 20:36]
- .
- .
- ------- Supplementary Scan -------
- .
- uStart Page = about:blank
- IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
- TCP: DhcpNameServer = 192.168.1.254
- TCP: Interfaces\{5BA79120-009E-4FFB-86A2-E9F5DBCA3AB6}: NameServer = 8.26.56.26,156.154.70.22
- FF - ProfilePath - c:\users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\ciuihkqf.default\
- FF - prefs.js: browser.search.selectedEngine - Google
- FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
- FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B41f4bf9d-5fb8-48eb-9153-8ff0e0466a46%7D&mid=0d7a5a33a1f444628078f531fa4f0c2f-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-09-26%2010%3A45%3A24&sap=ku&q=
- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
- FF - user.js: extensions.BabylonToolbar_i.babExt -
- FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
- FF - user.js: extensions.BabylonToolbar_i.id - 449121f80000000000000009dd5053cd
- FF - user.js: extensions.BabylonToolbar_i.hardId - 449121f80000000000000009dd5053cd
- FF - user.js: extensions.BabylonToolbar_i.instlDay - 15374
- FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
- FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
- FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:16
- FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
- FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
- FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
- FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
- FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
- FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
- .
- - - - - ORPHANS REMOVED - - - -
- .
- URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
- WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
- HKLM-Run-Cmaudio - cmicnfg.cpl
- HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
- AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
- AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
- AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
- AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
- AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
- AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
- AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
- AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
- AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
- AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
- AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
- AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
- AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
- AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
- AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
- AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
- AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
- AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
- AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
- AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
- .
- .
- .
- --------------------- LOCKED REGISTRY KEYS ---------------------
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
- @Denied: (Full) (Everyone)
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2dcec260&0&UID268435456\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
- @DACL=(02 0000)
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2dcec260&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
- @DACL=(02 0000)
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&2dcec260&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
- @DACL=(02 0000)
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26F0\5&2dcec260&0&UID268435456\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
- @DACL=(02 0000)
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26F0\5&2dcec260&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
- @DACL=(02 0000)
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26F0\5&2dcec260&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
- @DACL=(02 0000)
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0107\5&2dcec260&0&UID268435456\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
- @DACL=(02 0000)
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0107\5&2dcec260&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
- @DACL=(02 0000)
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0107\5&2dcec260&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
- @DACL=(02 0000)
- .
- --------------------- DLLs Loaded Under Running Processes ---------------------
- .
- - - - - - - - > 'Explorer.exe'(3672)
- c:\users\Ivan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
- .
- ------------------------ Other Running Processes ------------------------
- .
- c:\windows\system32\AUDIODG.EXE
- c:\windows\system32\taskhost.exe
- c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
- c:\windows\system32\conhost.exe
- c:\windows\system32\PnkBstrA.exe
- c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC.exe
- c:\windows\system32\PnkBstrB.exe
- c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
- c:\windows\System32\rundll32.exe
- c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
- c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
- c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
- c:\program files\Windows Media Player\wmpnetwk.exe
- c:\windows\servicing\TrustedInstaller.exe
- .
- **************************************************************************
- .
- Completion time: 2012-04-12 22:53:19 - machine was rebooted
- ComboFix-quarantined-files.txt 2012-04-12 20:53
- .
- Pre-Run: 6.170.861.568 bytes free
- Post-Run: 6.090.358.784 bytes free
- .
- - - End Of File - - CB504ED52DD3A523C49D1CF6F9C09973
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement