Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 13-01-14.01 - owner 15/01/2013 10:57:46.1.4 - x64
- Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.16252.13084 [GMT 11:00]
- Running from: c:\users\owner\Downloads\ComboFix.exe
- AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
- FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
- SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
- SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- * Created a new restore point
- .
- .
- ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- c:\programdata\ntuser.dat
- c:\windows\SysWow64\out.txt
- c:\windows\SysWow64\tmp914.tmp
- c:\windows\SysWow64\tmp915.tmp
- .
- .
- ((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
- .
- .
- 2013-01-15 00:00 . 2013-01-15 00:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
- 2013-01-15 00:00 . 2013-01-15 00:00 -------- d-----w- c:\users\Default\AppData\Local\temp
- 2013-01-15 00:00 . 2013-01-15 00:00 -------- d-----w- c:\users\Parents\AppData\Local\temp
- 2013-01-13 03:21 . 2013-01-13 03:21 1292 ----a-w- C:\FixitRegBackup.reg
- 2013-01-13 01:26 . 2013-01-13 01:26 -------- d-s---w- c:\windows\SysWow64\Microsoft
- 2013-01-11 16:11 . 2013-01-11 16:11 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A81206C2-53B2-408D-8E10-BF717DBEF3B5}\offreg.dll
- 2013-01-11 08:04 . 2012-11-18 14:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A81206C2-53B2-408D-8E10-BF717DBEF3B5}\mpengine.dll
- 2013-01-08 23:24 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
- 2013-01-08 23:24 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
- 2013-01-08 23:23 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
- 2013-01-08 23:23 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
- 2013-01-08 23:23 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
- 2013-01-08 23:23 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
- 2013-01-08 23:21 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
- 2013-01-08 23:20 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
- 2013-01-08 23:20 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
- 2013-01-08 08:03 . 2013-01-08 08:19 -------- d-----w- c:\users\owner\AppData\Roaming\TeamViewer
- 2013-01-05 09:27 . 2013-01-05 09:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
- 2013-01-05 09:18 . 2012-11-27 23:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
- 2013-01-01 23:12 . 2013-01-01 23:12 -------- d-----r- C:\Backup
- 2013-01-01 23:11 . 2009-12-14 01:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
- 2013-01-01 23:11 . 2009-12-14 01:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
- 2013-01-01 23:11 . 2013-01-01 23:11 -------- dc----w- c:\windows\system32\DRVSTORE
- 2013-01-01 23:11 . 2013-01-01 23:11 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
- 2013-01-01 23:11 . 2013-01-14 22:36 -------- d-----w- c:\programdata\Kaspersky Lab
- 2013-01-01 23:11 . 2013-01-01 23:11 -------- d-----w- c:\program files (x86)\Kaspersky Lab
- 2013-01-01 23:10 . 2013-01-01 23:10 636760 ----a-w- c:\windows\system32\drivers\klif.sys
- 2012-12-27 11:47 . 2013-01-14 23:56 -------- d-----w- c:\users\owner\AppData\Local\CrashDumps
- 2012-12-27 06:34 . 2012-12-27 06:34 -------- d-----w- c:\users\owner\AppData\Local\Adobe
- 2012-12-24 02:32 . 2013-01-13 01:27 -------- d-----w- c:\program files (x86)\AzTools
- 2012-12-21 16:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
- 2012-12-21 16:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
- 2012-12-21 16:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
- 2012-12-21 16:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
- 2012-12-21 03:08 . 2013-01-04 10:04 -------- d-----w- c:\users\owner\AppData\Local\Screencast-O-Matic
- 2012-12-20 04:50 . 2012-12-20 04:50 -------- d-----w- c:\program files\Speccy
- 2012-12-20 04:20 . 2012-12-20 04:20 -------- d-----w- c:\users\Parents\AppData\Roaming\Nico Mak Computing
- 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\program files (x86)\Yontoo
- 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\programdata\Tarma Installer
- 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\users\owner\AppData\Roaming\Nico Mak Computing
- 2012-12-19 07:38 . 2011-11-09 23:33 18760 ----a-w- c:\windows\system32\roboot64.exe
- 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\users\owner\.swt
- 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
- 2012-12-19 07:38 . 2013-01-14 23:54 -------- d-----w- c:\users\owner\AppData\Roaming\Azureus
- 2012-12-19 07:38 . 2012-12-19 07:38 -------- d-----w- c:\program files (x86)\Vuze
- 2012-12-16 10:50 . 2012-12-16 10:50 -------- d-----w- c:\users\owner\AppData\Local\VPNium
- 2012-12-16 10:50 . 2012-12-16 10:54 -------- d-----w- c:\program files (x86)\vpnium
- .
- .
- .
- (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2013-01-09 17:00 . 2012-05-10 00:42 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
- 2013-01-09 17:00 . 2011-09-15 04:07 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
- 2013-01-09 16:01 . 2011-09-15 04:42 67599240 ----a-w- c:\windows\system32\MRT.exe
- 2012-12-06 02:27 . 2012-12-06 02:27 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
- 2012-12-06 02:27 . 2012-12-06 02:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
- 2012-11-30 04:45 . 2013-01-08 23:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
- 2012-11-14 07:06 . 2012-12-12 23:59 17811968 ----a-w- c:\windows\system32\mshtml.dll
- 2012-11-14 06:32 . 2012-12-12 23:59 10925568 ----a-w- c:\windows\system32\ieframe.dll
- 2012-11-14 06:11 . 2012-12-12 23:59 2312704 ----a-w- c:\windows\system32\jscript9.dll
- 2012-11-14 06:04 . 2012-12-12 23:59 1346048 ----a-w- c:\windows\system32\urlmon.dll
- 2012-11-14 06:04 . 2012-12-12 23:59 1392128 ----a-w- c:\windows\system32\wininet.dll
- 2012-11-14 06:02 . 2012-12-12 23:59 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
- 2012-11-14 06:02 . 2012-12-12 23:59 237056 ----a-w- c:\windows\system32\url.dll
- 2012-11-14 05:59 . 2012-12-12 23:59 85504 ----a-w- c:\windows\system32\jsproxy.dll
- 2012-11-14 05:58 . 2012-12-12 23:59 816640 ----a-w- c:\windows\system32\jscript.dll
- 2012-11-14 05:57 . 2012-12-12 23:59 599040 ----a-w- c:\windows\system32\vbscript.dll
- 2012-11-14 05:57 . 2012-12-12 23:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe
- 2012-11-14 05:55 . 2012-12-12 23:59 2144768 ----a-w- c:\windows\system32\iertutil.dll
- 2012-11-14 05:55 . 2012-12-12 23:59 729088 ----a-w- c:\windows\system32\msfeeds.dll
- 2012-11-14 05:53 . 2012-12-12 23:59 96768 ----a-w- c:\windows\system32\mshtmled.dll
- 2012-11-14 05:52 . 2012-12-12 23:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
- 2012-11-14 05:46 . 2012-12-12 23:59 248320 ----a-w- c:\windows\system32\ieui.dll
- 2012-11-14 02:09 . 2012-12-12 23:59 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
- 2012-11-14 01:58 . 2012-12-12 23:59 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
- 2012-11-14 01:57 . 2012-12-12 23:59 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
- 2012-11-14 01:49 . 2012-12-12 23:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
- 2012-11-14 01:48 . 2012-12-12 23:59 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
- 2012-11-14 01:44 . 2012-12-12 23:59 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
- 2012-11-09 05:45 . 2012-12-12 10:30 2048 ----a-w- c:\windows\system32\tzres.dll
- 2012-11-09 04:42 . 2012-12-12 10:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
- 2012-11-02 05:59 . 2012-12-12 10:30 478208 ----a-w- c:\windows\system32\dpnet.dll
- 2012-11-02 05:11 . 2012-12-12 10:30 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
- .
- .
- ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* empty entries & legit default entries are not shown
- REGEDIT4
- .
- [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
- 2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
- @="{dd230880-495a-11d1-b064-008048ec2fc5}"
- [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
- 2012-08-30 11:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll
- .
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
- "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
- "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
- "CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
- "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
- "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
- "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-10 5015040]
- "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
- "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
- "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-30 202328]
- .
- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
- Ginger.lnk - c:\windows\Installer\{4715760F-AF61-494C-A699-7DF5D29A03A8}\GingerClientStartu_A2F7C7DB989E489495DD2D78EDBE914A.exe [2013-1-13 90112]
- TotalMedia Backup Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2012-12-13 539200]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
- "ConsentPromptBehaviorAdmin"= 0 (0x0)
- "ConsentPromptBehaviorUser"= 3 (0x3)
- "EnableLUA"= 0 (0x0)
- "EnableUIADesktopToggle"= 0 (0x0)
- "PromptOnSecureDesktop"= 0 (0x0)
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
- "LoadAppInit_DLLs"=1 (0x1)
- "AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
- "DisableMonitoring"=dword:00000001
- .
- R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
- R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
- R2 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2010-09-13 36224]
- R2 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2010-09-13 61056]
- R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
- R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
- R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
- R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-29 122856]
- R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-29 370152]
- R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
- R3 cpuz130;cpuz130;c:\users\owner\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
- R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-02-22 79360]
- R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-22 79360]
- R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
- R3 ECSIoDriver_1_1_0_0;ECSIoDriver_1_1_0_0;c:\program files (x86)\ECS Motherboard Utility\eDLU\ECSIoDriverX64.sys [2009-12-01 14656]
- R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
- R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-08-10 150464]
- R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
- R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
- R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
- R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
- R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
- R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-02-22 79360]
- R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
- R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1255736]
- S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048]
- S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
- S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
- S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104]
- S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616]
- S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
- S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
- S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-28 917120]
- S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
- S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
- S2 GingerUpdateService;GingerUpdateService;c:\program files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [2013-01-09 176936]
- S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [2011-04-25 451936]
- S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
- S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
- S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
- S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-11-12 27760]
- S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
- S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
- S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
- S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
- S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
- S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-11-12 2182768]
- S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-12-28 66336]
- .
- .
- --- Other Services/Drivers In Memory ---
- .
- *NewlyCreated* - ASWMBR
- *Deregistered* - aswMBR
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
- 2013-01-14 20:30 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
- .
- Contents of the 'Scheduled Tasks' folder
- .
- 2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 17:00]
- .
- 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 02:25]
- .
- 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-06 02:25]
- .
- 2013-01-14 c:\windows\Tasks\Registry Optimizer_DEFAULT.job
- - c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-12-19 23:33]
- .
- 2013-01-09 c:\windows\Tasks\Registry Optimizer_UPDATES.job
- - c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-12-19 23:33]
- .
- .
- --------- X64 Entries -----------
- .
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
- @="{dd230880-495a-11d1-b064-008048ec2fc5}"
- [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
- 2012-08-30 11:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
- "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
- "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
- "VIRTU MVP"="c:\program files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe" [2011-12-28 3008800]
- "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
- "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
- "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
- "AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
- .
- ------- Supplementary Scan -------
- .
- uLocal Page = c:\windows\system32\blank.htm
- mLocal Page = c:\windows\SysWOW64\blank.htm
- IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
- IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
- IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
- TCP: DhcpNameServer = 192.168.2.1
- .
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
- "ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
- .
- --------------------- LOCKED REGISTRY KEYS ---------------------
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
- @Denied: (A 2) (Everyone)
- @="FlashBroker"
- "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
- "Enabled"=dword:00000001
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
- @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
- @Denied: (A 2) (Everyone)
- @="IFlashBroker5"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
- @="{00020424-0000-0000-C000-000000000046}"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- "Version"="1.0"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
- @Denied: (A 2) (Everyone)
- @="FlashBroker"
- "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
- "Enabled"=dword:00000001
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
- @Denied: (A 2) (Everyone)
- @="Shockwave Flash Object"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
- "ThreadingModel"="Apartment"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
- @="0"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
- @="ShockwaveFlash.ShockwaveFlash.11"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
- @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
- @="1.0"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
- @="ShockwaveFlash.ShockwaveFlash"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
- @Denied: (A 2) (Everyone)
- @="Macromedia Flash Factory Object"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
- "ThreadingModel"="Apartment"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
- @="FlashFactory.FlashFactory.1"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
- @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
- @="1.0"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
- @="FlashFactory.FlashFactory"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
- @Denied: (A 2) (Everyone)
- @="IFlashBroker5"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
- @="{00020424-0000-0000-C000-000000000046}"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- "Version"="1.0"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
- @Denied: (A) (Everyone)
- "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
- @Denied: (A) (Everyone)
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
- "Key"="ActionsPane3"
- "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
- @Denied: (Full) (Everyone)
- .
- Completion time: 2013-01-15 11:02:34
- ComboFix-quarantined-files.txt 2013-01-15 00:02
- .
- Pre-Run: 1,851,314,233,344 bytes free
- Post-Run: 1,851,104,272,384 bytes free
- .
- - - End Of File - - 40D8416925F49A495EB8A320753B2FED
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement