Guest User

ComboFix

a guest
Jan 14th, 2013
17
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ComboFix 13-01-14.01 - owner 15/01/2013 10:57:46.1.4 - x64
  2. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16252.13084 [GMT 11:00]
  3. Running from: c:\users\owner\Downloads\ComboFix.exe
  4. AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
  5. FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
  6. SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
  7. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  8. * Created a new restore point
  9. .
  10. .
  11. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  12. .
  13. .
  14. c:\programdata\ntuser.dat
  15. c:\windows\SysWow64\out.txt
  16. c:\windows\SysWow64\tmp914.tmp
  17. c:\windows\SysWow64\tmp915.tmp
  18. .
  19. .
  20. ((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
  21. .
  22. .
  23. 2013-01-15 00:00 . 2013-01-15 00:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
  24. 2013-01-15 00:00 . 2013-01-15 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
  25. 2013-01-15 00:00 . 2013-01-15 00:00 -------- d-----w- c:\users\Parents\AppData\Local\temp
  26. 2013-01-13 03:21 . 2013-01-13 03:21 1292 ----a-w- C:\FixitRegBackup.reg
  27. 2013-01-13 01:26 . 2013-01-13 01:26 -------- d-s---w- c:\windows\SysWow64\Microsoft
  28. 2013-01-11 16:11 . 2013-01-11 16:11 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A81206C2-53B2-408D-8E10-BF717DBEF3B5}\offreg.dll
  29. 2013-01-11 08:04 . 2012-11-18 14:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A81206C2-53B2-408D-8E10-BF717DBEF3B5}\mpengine.dll
  30. 2013-01-08 23:24 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
  31. 2013-01-08 23:24 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
  32. 2013-01-08 23:23 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
  33. 2013-01-08 23:23 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
  34. 2013-01-08 23:23 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
  35. 2013-01-08 23:23 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
  36. 2013-01-08 23:21 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
  37. 2013-01-08 23:20 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
  38. 2013-01-08 23:20 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
  39. 2013-01-08 08:03 . 2013-01-08 08:19 -------- d-----w- c:\users\owner\AppData\Roaming\TeamViewer
  40. 2013-01-05 09:27 . 2013-01-05 09:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
  41. 2013-01-05 09:18 . 2012-11-27 23:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
  42. 2013-01-01 23:12 . 2013-01-01 23:12 -------- d-----r- C:\Backup
  43. 2013-01-01 23:11 . 2009-12-14 01:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
  44. 2013-01-01 23:11 . 2009-12-14 01:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
  45. 2013-01-01 23:11 . 2013-01-01 23:11 -------- dc----w- c:\windows\system32\DRVSTORE
  46. 2013-01-01 23:11 . 2013-01-01 23:11 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
  47. 2013-01-01 23:11 . 2013-01-14 22:36 -------- d-----w- c:\programdata\Kaspersky Lab
  48. 2013-01-01 23:11 . 2013-01-01 23:11 -------- d-----w- c:\program files (x86)\Kaspersky Lab
  49. 2013-01-01 23:10 . 2013-01-01 23:10 636760 ----a-w- c:\windows\system32\drivers\klif.sys
  50. 2012-12-27 11:47 . 2013-01-14 23:56 -------- d-----w- c:\users\owner\AppData\Local\CrashDumps
  51. 2012-12-27 06:34 . 2012-12-27 06:34 -------- d-----w- c:\users\owner\AppData\Local\Adobe
  52. 2012-12-24 02:32 . 2013-01-13 01:27 -------- d-----w- c:\program files (x86)\AzTools
  53. 2012-12-21 16:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
  54. 2012-12-21 16:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
  55. 2012-12-21 16:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
  56. 2012-12-21 16:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
  57. 2012-12-21 03:08 . 2013-01-04 10:04 -------- d-----w- c:\users\owner\AppData\Local\Screencast-O-Matic
  58. 2012-12-20 04:50 . 2012-12-20 04:50 -------- d-----w- c:\program files\Speccy
  59. 2012-12-20 04:20 . 2012-12-20 04:20 -------- d-----w- c:\users\Parents\AppData\Roaming\Nico Mak Computing
  60. 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\program files (x86)\Yontoo
  61. 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\programdata\Tarma Installer
  62. 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\users\owner\AppData\Roaming\Nico Mak Computing
  63. 2012-12-19 07:38 . 2011-11-09 23:33 18760 ----a-w- c:\windows\system32\roboot64.exe
  64. 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\users\owner\.swt
  65. 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
  66. 2012-12-19 07:38 . 2013-01-14 23:54 -------- d-----w- c:\users\owner\AppData\Roaming\Azureus
  67. 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\program files (x86)\Vuze
  68. 2012-12-16 10:50 . 2012-12-16 10:50 -------- d-----w- c:\users\owner\AppData\Local\VPNium
  69. 2012-12-16 10:50 . 2012-12-16 10:54 -------- d-----w- c:\program files (x86)\vpnium
  70. .
  71. .
  72. .
  73. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  74. .
  75. 2013-01-09 17:00 . 2012-05-10 00:42 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  76. 2013-01-09 17:00 . 2011-09-15 04:07 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  77. 2013-01-09 16:01 . 2011-09-15 04:42 67599240 ----a-w- c:\windows\system32\MRT.exe
  78. 2012-12-06 02:27 . 2012-12-06 02:27 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
  79. 2012-12-06 02:27 . 2012-12-06 02:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
  80. 2012-11-30 04:45 . 2013-01-08 23:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
  81. 2012-11-14 07:06 . 2012-12-12 23:59 17811968 ----a-w- c:\windows\system32\mshtml.dll
  82. 2012-11-14 06:32 . 2012-12-12 23:59 10925568 ----a-w- c:\windows\system32\ieframe.dll
  83. 2012-11-14 06:11 . 2012-12-12 23:59 2312704 ----a-w- c:\windows\system32\jscript9.dll
  84. 2012-11-14 06:04 . 2012-12-12 23:59 1346048 ----a-w- c:\windows\system32\urlmon.dll
  85. 2012-11-14 06:04 . 2012-12-12 23:59 1392128 ----a-w- c:\windows\system32\wininet.dll
  86. 2012-11-14 06:02 . 2012-12-12 23:59 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
  87. 2012-11-14 06:02 . 2012-12-12 23:59 237056 ----a-w- c:\windows\system32\url.dll
  88. 2012-11-14 05:59 . 2012-12-12 23:59 85504 ----a-w- c:\windows\system32\jsproxy.dll
  89. 2012-11-14 05:58 . 2012-12-12 23:59 816640 ----a-w- c:\windows\system32\jscript.dll
  90. 2012-11-14 05:57 . 2012-12-12 23:59 599040 ----a-w- c:\windows\system32\vbscript.dll
  91. 2012-11-14 05:57 . 2012-12-12 23:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe
  92. 2012-11-14 05:55 . 2012-12-12 23:59 2144768 ----a-w- c:\windows\system32\iertutil.dll
  93. 2012-11-14 05:55 . 2012-12-12 23:59 729088 ----a-w- c:\windows\system32\msfeeds.dll
  94. 2012-11-14 05:53 . 2012-12-12 23:59 96768 ----a-w- c:\windows\system32\mshtmled.dll
  95. 2012-11-14 05:52 . 2012-12-12 23:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
  96. 2012-11-14 05:46 . 2012-12-12 23:59 248320 ----a-w- c:\windows\system32\ieui.dll
  97. 2012-11-14 02:09 . 2012-12-12 23:59 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
  98. 2012-11-14 01:58 . 2012-12-12 23:59 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
  99. 2012-11-14 01:57 . 2012-12-12 23:59 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
  100. 2012-11-14 01:49 . 2012-12-12 23:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
  101. 2012-11-14 01:48 . 2012-12-12 23:59 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
  102. 2012-11-14 01:44 . 2012-12-12 23:59 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
  103. 2012-11-09 05:45 . 2012-12-12 10:30 2048 ----a-w- c:\windows\system32\tzres.dll
  104. 2012-11-09 04:42 . 2012-12-12 10:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
  105. 2012-11-02 05:59 . 2012-12-12 10:30 478208 ----a-w- c:\windows\system32\dpnet.dll
  106. 2012-11-02 05:11 . 2012-12-12 10:30 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
  107. .
  108. .
  109. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  110. .
  111. .
  112. *Note* empty entries & legit default entries are not shown
  113. REGEDIT4
  114. .
  115. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
  116. 2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
  117. .
  118. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
  119. @="{dd230880-495a-11d1-b064-008048ec2fc5}"
  120. [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
  121. 2012-08-30 11:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
  122. .
  123. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  124. "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
  125. .
  126. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  127. "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
  128. "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
  129. "CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
  130. "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
  131. "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
  132. "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-10 5015040]
  133. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
  134. "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
  135. "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328]
  136. .
  137. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  138. Ginger.lnk - c:\windows\Installer\{4715760F-AF61-494C-A699-7DF5D29A03A8}\GingerClientStartu_A2F7C7DB989E489495DD2D78EDBE914A.exe [2013-1-13 90112]
  139. TotalMedia Backup Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2012-12-13 539200]
  140. .
  141. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  142. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  143. "ConsentPromptBehaviorUser"= 3 (0x3)
  144. "EnableLUA"= 0 (0x0)
  145. "EnableUIADesktopToggle"= 0 (0x0)
  146. "PromptOnSecureDesktop"= 0 (0x0)
  147. .
  148. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
  149. "LoadAppInit_DLLs"=1 (0x1)
  150. "AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
  151. .
  152. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
  153. "DisableMonitoring"=dword:00000001
  154. .
  155. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  156. R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
  157. R2 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2010-09-13 36224]
  158. R2 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2010-09-13 61056]
  159. R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
  160. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
  161. R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
  162. R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-29 122856]
  163. R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-29 370152]
  164. R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
  165. R3 cpuz130;cpuz130;c:\users\owner\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
  166. R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-02-22 79360]
  167. R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-22 79360]
  168. R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
  169. R3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;c:\program files (x86)\ECS Motherboard Utility\eDLU\ECSIoDriverX64.sys [2009-12-01 14656]
  170. R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
  171. R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-08-10 150464]
  172. R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
  173. R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
  174. R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
  175. R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
  176. R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
  177. R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-02-22 79360]
  178. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
  179. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1255736]
  180. S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
  181. S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
  182. S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
  183. S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
  184. S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
  185. S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
  186. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
  187. S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-28 917120]
  188. S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
  189. S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
  190. S2 GingerUpdateService;GingerUpdateService;c:\program files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [2013-01-09 176936]
  191. S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [2011-04-25 451936]
  192. S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
  193. S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
  194. S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
  195. S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-11-12 27760]
  196. S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
  197. S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
  198. S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
  199. S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
  200. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
  201. S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-11-12 2182768]
  202. S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-12-28 66336]
  203. .
  204. .
  205. --- Other Services/Drivers In Memory ---
  206. .
  207. *NewlyCreated* - ASWMBR
  208. *Deregistered* - aswMBR
  209. .
  210. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  211. 2013-01-14 20:30 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
  212. .
  213. Contents of the 'Scheduled Tasks' folder
  214. .
  215. 2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
  216. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 17:00]
  217. .
  218. 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  219. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 02:25]
  220. .
  221. 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  222. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 02:25]
  223. .
  224. 2013-01-14 c:\windows\Tasks\Registry Optimizer_DEFAULT.job
  225. - c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-12-19 23:33]
  226. .
  227. 2013-01-09 c:\windows\Tasks\Registry Optimizer_UPDATES.job
  228. - c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-12-19 23:33]
  229. .
  230. .
  231. --------- X64 Entries -----------
  232. .
  233. .
  234. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
  235. @="{dd230880-495a-11d1-b064-008048ec2fc5}"
  236. [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
  237. 2012-08-30 11:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
  238. .
  239. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  240. "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
  241. "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
  242. "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
  243. "VIRTU MVP"="c:\program files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe" [2011-12-28 3008800]
  244. "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
  245. "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
  246. "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
  247. .
  248. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  249. "AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
  250. .
  251. ------- Supplementary Scan -------
  252. .
  253. uLocal Page = c:\windows\system32\blank.htm
  254. mLocal Page = c:\windows\SysWOW64\blank.htm
  255. IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
  256. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
  257. IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
  258. TCP: DhcpNameServer = 192.168.2.1
  259. .
  260. .
  261. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
  262. "ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
  263. .
  264. --------------------- LOCKED REGISTRY KEYS ---------------------
  265. .
  266. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  267. @Denied: (A 2) (Everyone)
  268. @="FlashBroker"
  269. "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
  270. .
  271. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  272. "Enabled"=dword:00000001
  273. .
  274. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  275. @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
  276. .
  277. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  278. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  279. .
  280. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  281. @Denied: (A 2) (Everyone)
  282. @="IFlashBroker5"
  283. .
  284. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  285. @="{00020424-0000-0000-C000-000000000046}"
  286. .
  287. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  288. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  289. "Version"="1.0"
  290. .
  291. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  292. @Denied: (A 2) (Everyone)
  293. @="FlashBroker"
  294. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
  295. .
  296. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  297. "Enabled"=dword:00000001
  298. .
  299. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  300. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
  301. .
  302. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  303. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  304. .
  305. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  306. @Denied: (A 2) (Everyone)
  307. @="Shockwave Flash Object"
  308. .
  309. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  310. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
  311. "ThreadingModel"="Apartment"
  312. .
  313. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  314. @="0"
  315. .
  316. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  317. @="ShockwaveFlash.ShockwaveFlash.11"
  318. .
  319. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  320. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
  321. .
  322. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  323. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  324. .
  325. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  326. @="1.0"
  327. .
  328. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  329. @="ShockwaveFlash.ShockwaveFlash"
  330. .
  331. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  332. @Denied: (A 2) (Everyone)
  333. @="Macromedia Flash Factory Object"
  334. .
  335. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  336. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
  337. "ThreadingModel"="Apartment"
  338. .
  339. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  340. @="FlashFactory.FlashFactory.1"
  341. .
  342. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  343. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
  344. .
  345. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  346. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  347. .
  348. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  349. @="1.0"
  350. .
  351. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  352. @="FlashFactory.FlashFactory"
  353. .
  354. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  355. @Denied: (A 2) (Everyone)
  356. @="IFlashBroker5"
  357. .
  358. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  359. @="{00020424-0000-0000-C000-000000000046}"
  360. .
  361. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  362. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  363. "Version"="1.0"
  364. .
  365. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  366. @Denied: (A) (Everyone)
  367. "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  368. .
  369. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  370. @Denied: (A) (Everyone)
  371. .
  372. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  373. "Key"="ActionsPane3"
  374. "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  375. .
  376. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  377. @Denied: (Full) (Everyone)
  378. .
  379. Completion time: 2013-01-15 11:02:34
  380. ComboFix-quarantined-files.txt 2013-01-15 00:02
  381. .
  382. Pre-Run: 1,851,314,233,344 bytes free
  383. Post-Run: 1,851,104,272,384 bytes free
  384. .
  385. - - End Of File - - 40D8416925F49A495EB8A320753B2FED
RAW Paste Data