Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix log


  • This topic is locked This topic is locked
2 replies to this topic

#1 dani112

dani112

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 26 September 2011 - 09:08 AM

Hi I ran combofix log

here's the result:

Please help to analyze

ComboFix 11-09-26.01 - acer 09/26/2011 21:41:07.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.1039 [GMT 8:00]
Running from: c:\users\acer\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\acer\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-26 13:48 . 2011-09-26 13:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-26 13:48 . 2011-09-26 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-26 13:48 . 2011-09-26 13:48 -------- d-----w- c:\users\AppData\AppData\Local\temp
2011-09-26 13:48 . 2011-09-26 13:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-10 05:42 . 2011-09-10 05:42 -------- d-----w- c:\users\acer\AppData\Local\Broadcom
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 09:00 . 2010-05-12 12:21 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 09:57 . 2011-08-14 09:53 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-15 09:57 . 2011-08-14 09:53 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-22 05:35 . 2011-08-09 21:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-09 21:50 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-09 21:50 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-09 21:50 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-09 21:50 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-09 21:50 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-09 21:50 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-09 21:50 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-09 21:50 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-09 21:50 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-09 21:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-09 21:50 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-09 21:50 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-09 21:50 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-09 21:50 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-09 21:50 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-09 21:50 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-09 21:50 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-09 21:50 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-09 21:50 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 04:53 . 2011-08-13 02:17 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C31FFC76-97B8-4729-94FD-0C3CE92E332C}\mpengine.dll
2011-07-09 05:14 . 2011-08-24 16:02 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:30 . 2011-08-24 16:02 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:44 . 2011-08-09 21:49 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-19_14.24.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-19 08:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-26 05:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-26 05:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-19 08:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-26 05:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-19 08:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-05 02:03 . 2011-09-26 12:16 80278 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-26 12:16 33514 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-25 12:31 . 2011-09-26 12:16 18496 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-908665253-724570351-864774967-1000_UserData.bin
- 2009-07-14 05:30 . 2011-08-14 09:10 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-09-10 05:44 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-01-02 05:16 . 2011-08-13 10:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-02 05:16 . 2011-09-20 00:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-02 05:16 . 2011-08-13 10:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 05:16 . 2011-09-20 00:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-13 10:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-20 00:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-12 12:20 . 2010-02-02 08:39 49664 c:\windows\servicing\GC64\tzupd.exe
+ 2011-08-24 16:02 . 2011-07-09 05:16 49664 c:\windows\servicing\GC64\tzupd.exe
+ 2009-07-14 04:46 . 2011-09-20 04:12 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-08-12 10:19 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-04-25 12:07 . 2011-09-26 13:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-25 12:07 . 2011-08-19 14:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-25 12:07 . 2011-08-19 14:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-25 12:07 . 2011-09-26 13:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-11 07:28 . 2011-09-11 07:28 25088 c:\windows\Installer\7df10a.msi
- 2011-06-16 19:12 . 2011-06-16 19:12 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-09-14 19:07 . 2011-09-14 19:07 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-06-16 19:12 . 2011-06-16 19:12 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-09-14 19:07 . 2011-09-14 19:07 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-05-12 06:21 . 2011-09-26 05:58 4478 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-05-12 06:21 . 2011-08-12 19:06 4478 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-05-07 10:05 . 2011-09-04 18:14 1544 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
- 2010-05-07 10:05 . 2011-08-13 14:39 1544 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2009-01-02 05:50 . 2011-09-10 18:58 2478 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-08-19 08:08 . 2011-08-19 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-26 12:14 . 2011-09-26 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-19 08:08 . 2011-08-19 08:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-26 12:14 . 2011-09-26 12:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-14 08:58 . 2011-07-27 04:30 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
+ 2010-04-26 18:26 . 2011-09-25 05:55 371106 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-04-26 03:56 . 2011-09-24 04:31 364938 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-09-23 09:00 615360 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-08-15 03:35 615360 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-08-15 03:35 103702 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-09-23 09:00 103702 c:\windows\system32\perfc009.dat
- 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
+ 2011-09-14 08:58 . 2011-07-27 05:31 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
+ 2009-07-14 05:30 . 2011-09-10 05:44 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-08-14 09:10 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 04:45 . 2011-09-16 15:50 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-08-10 19:25 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-07-07 11:40 . 2011-07-07 11:40 4745728 c:\windows\Installer\f70e78.msi
+ 2011-08-10 09:43 . 2011-08-10 09:43 3795968 c:\windows\Installer\2e1d7bc.msp
+ 2011-08-10 09:42 . 2011-08-10 09:42 7070208 c:\windows\Installer\2e1d7b4.msp
+ 2011-09-06 13:48 . 2011-09-06 13:48 8181248 c:\windows\Installer\2e1d7ac.msp
+ 2011-07-26 23:39 . 2011-07-26 23:39 9892352 c:\windows\Installer\2e1d79e.msp
+ 2009-07-14 02:34 . 2011-09-26 06:15 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-08-19 07:18 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-04-04 02:21 . 2009-04-04 02:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OART.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 07:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 04:51 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
2010-03-17 07:45 2355224 ----a-w- c:\program files (x86)\BitZipperSearch\tbBitZ.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{97bceb59-cfcd-4b16-a863-b3f72cf9f196}"= "c:\program files (x86)\BitZipperSearch\tbBitZ.dll" [2010-03-17 2355224]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-12-02 08:01 120104 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-01-29 397688]
"googletalk"="c:\users\acer\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-05 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-04-21 26192680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-01-18 1269840]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-10-23 200488]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-10-23 401192]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-01-13 265984]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-03-02 124136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-24 273544]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-02 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-02 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2009-12-02 305448]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-01-18 310352]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-01-21 819744]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-01-07 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-02-05 171040]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-02 13:51]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-02 13:51]
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-908665253-724570351-864774967-1000Core.job
- c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-02 13:12]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-908665253-724570351-864774967-1000UA.job
- c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-02 13:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-12-02 08:04 137512 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-12 877600]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2009-12-02 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-22 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-22 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-22 410136]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-02-05 222240]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-01-21 496160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/videodownloadtoolbar/{2B0EDA2B-45DE-4957-98F7-DEE23255F349}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 202.188.0.133 202.188.1.5
TCP: Interfaces\{3AC268AF-5142-44FE-BA97-7F9132285A8D}: NameServer = 58.71.136.10 58.71.132.10
TCP: Interfaces\{83B46E79-B236-44C0-858A-6099873889E6}: NameServer = 58.71.136.10 58.71.132.10
TCP: Interfaces\{B94926BC-1729-47F2-89EE-5AF91D0C7F86}: NameServer = 58.71.136.10 58.71.132.10
DPF: {C9A25090-D6C4-4D33-87ED-53AA0C3ECE65} - hxxp://bitcast-b.bitgravity.com/quickheal/onlnscan/activex/nt/onlnscan.cab
FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\imkxzgsp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/videodownloadtoolbar/{2B0EDA2B-45DE-4957-98F7-DEE23255F349}?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: MP4 Downloader: mp4downloader@jeff.net - %profile%\extensions\mp4downloader@jeff.net
FF - Ext: Digsby Donates: {cbafdacb-a320-4294-9516-494f93d5d1b3} - %profile%\extensions\{cbafdacb-a320-4294-9516-494f93d5d1b3}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: VideoDownload DB Toolbar: {75656794-AB59-4712-BFBC-5D816D56F3BC} - %profile%\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{97BCEB59-CFCD-4B16-A863-B3F72CF9F196} - (no file)
WebBrowser-{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-Burger Island 2 1.00 - c:\users\acer\Desktop\elleniagames\Burger Island 2\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-26 21:51:28
ComboFix-quarantined-files.txt 2011-09-26 13:51
ComboFix2.txt 2011-08-19 14:27
ComboFix3.txt 2011-08-09 12:50
.
Pre-Run: 225,379,794,944 bytes free
Post-Run: 230,614,659,072 bytes free
.
- - End Of File - - 7B96466E67A2F06662EE0384BEF05349

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 01 October 2011 - 08:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what issues you are having with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 PM

Posted 05 October 2011 - 01:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users