Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Check My Combofix Logs


  • This topic is locked This topic is locked
2 replies to this topic

#1 CrushBoy

CrushBoy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 06 September 2012 - 01:25 AM

Admin Please Check My Combofix Logs.
I Don't Understand,
Neutral
This is a unknown process.
Nasty
Possibly nasty! According to our database this process runs normally in c:\programme\internet explorer\! Check if you know this process and arrange a viruscheck where required. Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)




ComboFix 12-08-30.05 - Administrator 08/31/2012  15:01:11.1.2 - x86 NETWORK
State of Independence Windows 7 xDark v4.0 RG Deluxe   6.1.7601.1.1252.1.1033.18.2038.1373 [GMT 5.75:45]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\users\Administrator\AppData\Local\assembly\tmp
c:\users\Administrator\AppData\Roaming\Svchost.exe.tmp
c:\windows\PFRO.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\embedded
c:\windows\system32\embedded\InfoBefore.txt
c:\windows\system32\embedded\WizardImage.bmp
c:\windows\system32\embedded\WizardSmallImage.bmp
c:\windows\system32\install
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\win32
D:\Autorun.inf
E:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-28 to 2012-08-31  )))))))))))))))))))))))))))))))
.
.
2012-08-31 09:02 . 2012-08-31 09:02	--------	d-----w-	c:\program files\Trend Micro
2012-08-31 08:49 . 2012-08-31 08:49	--------	d-----w-	c:\programdata\comodo
2012-08-31 08:49 . 2012-08-31 08:49	--------	d-----w-	c:\program files\COMODO
2012-08-31 08:04 . 2012-08-31 08:04	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-31 08:04 . 2012-08-31 08:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-08-31 08:04 . 2012-07-03 08:01	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-31 06:36 . 2012-08-31 06:36	--------	d-----w-	c:\program files\Faronics
2012-08-30 09:11 . 2012-08-30 09:11	--------	d-----w-	c:\programdata\MAGIX
2012-08-30 09:10 . 2012-08-30 09:10	--------	d-----w-	c:\programdata\Xara
2012-08-30 09:10 . 2012-08-30 09:10	--------	d-----w-	c:\program files\Xara
2012-08-30 09:10 . 2012-08-30 09:10	--------	d-----w-	c:\program files\MSXML 4.0
2012-08-30 01:27 . 2012-08-30 01:27	--------	d-----w-	c:\windows\system32\]
2012-08-29 06:40 . 2012-08-29 06:40	--------	d-----w-	c:\program files\uTorrent
2012-08-29 02:33 . 2012-08-29 02:32	385024	----a-w-	c:\windows\system32\XPControls.ocx
2012-08-28 07:56 . 2012-08-28 07:57	--------	d-----w-	c:\program files\Any Video Converter
2012-08-24 03:43 . 2012-08-31 06:55	--------	d-----w-	c:\program files\Easy GIF Animator
2012-08-24 02:20 . 2012-08-24 02:20	--------	d-----w-	c:\program files\Block Hackers
2012-08-23 11:22 . 2012-08-23 11:22	--------	d-----w-	c:\programdata\NokiaInstallerCache
2012-08-23 11:22 . 2012-08-23 11:22	--------	d-----w-	c:\program files\Nokia
2012-08-23 10:50 . 2012-08-23 10:50	--------	d-----w-	c:\program files\Facebook Hack Automator
2012-08-23 07:22 . 2012-08-23 07:22	--------	d-----w-	c:\program files\Total Video Converter
2012-08-22 15:15 . 2012-08-22 15:15	--------	d-----w-	c:\program files\NonStopPlay.com Player
2012-08-22 13:22 . 2012-08-22 13:22	240128	----a-w-	c:\windows\system32\comctl32.oca
2012-08-22 08:55 . 2012-08-22 08:55	--------	d--h--w-	c:\windows\PIF
2012-08-22 04:08 . 2012-08-22 04:08	265728	----a-w-	c:\windows\system32\MSCOMCTL.oca
2012-08-21 15:46 . 2012-08-21 15:46	26624	----a-w-	c:\windows\system32\oleprn.oca
2012-08-21 15:23 . 2012-08-21 15:23	35840	----a-w-	c:\windows\system32\Comdlg32.oca
2012-08-21 13:59 . 2012-08-22 08:53	307	----a-w-	C:\dns_lookup.tmp
2012-08-21 13:10 . 2012-08-21 13:10	22016	----a-w-	c:\windows\system32\MSWINSCK.oca
2012-08-21 10:01 . 2012-08-21 10:01	--------	d-----w-	c:\windows\VB2_Skins
2012-08-21 02:03 . 2012-08-21 02:03	29184	----a-w-	c:\windows\system32\MSINET.oca
2012-08-20 12:20 . 2010-11-01 14:43	105472	----a-w-	c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2012-08-20 12:20 . 2012-08-20 12:20	--------	d-----w-	c:\program files\MBrowse
2012-08-20 03:50 . 2012-08-21 02:05	27648	----a-w-	c:\windows\system32\MSCAL.oca
2012-08-20 03:35 . 2012-08-20 03:35	1647616	----a-w-	c:\windows\system32\mshtml.oca
2012-08-20 02:59 . 2012-08-20 02:59	235520	----a-w-	c:\windows\system32\wmp.oca
2012-08-19 10:39 . 2009-07-26 14:26	8192	----a-w-	c:\windows\system32\tssoft32.acm
2012-08-19 10:39 . 2009-07-26 14:26	15360	----a-w-	c:\windows\system32\tsd32.dll
2012-08-19 10:39 . 2012-08-19 10:39	--------	d-----w-	c:\program files\Y!Supra
2012-08-19 08:19 . 2012-08-19 08:19	25600	----a-w-	c:\windows\system32\Boton2007.oca
2012-08-19 02:30 . 2012-08-18 14:35	782336	----a-w-	c:\windows\system32\Boton2007.ocx
2012-08-19 00:54 . 2012-08-19 00:54	--------	d-----w-	c:\program files\Windows Media Player Plus!
2012-08-19 00:54 . 2010-04-12 01:09	83456	----a-w-	c:\program files\Windows Media Player\wmp.dll
2012-08-19 00:54 . 2012-08-19 00:54	431672	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-08-19 00:54 . 2012-08-19 00:54	--------	d-----w-	c:\program files\Notepad2
2012-08-19 00:54 . 2012-08-19 00:54	--------	d-----w-	c:\program files\Microangelo On Display
2012-08-19 00:54 . 2012-08-19 00:54	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-08-19 00:52 . 2012-08-30 09:10	--------	d-sh--w-	c:\windows\Installer
2012-08-19 00:51 . 2012-08-18 11:46	--------	d-----w-	c:\users\Administrator
2012-08-19 00:51 . 2012-08-19 00:51	--------	d-----w-	C:\Recovery
2012-08-19 00:46 . 2012-08-19 00:51	--------	d-----w-	c:\windows\Panther
2012-08-18 15:04 . 2012-08-18 15:04	64000	----a-w-	c:\windows\system32\ieframe.oca
2012-08-18 14:50 . 2012-08-18 14:50	--------	d-----w-	c:\programdata\TechSmith
2012-08-18 14:50 . 2012-08-18 14:50	--------	d-----w-	c:\program files\TechSmith
2012-08-18 14:49 . 2012-08-18 14:49	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2012-08-18 14:33 . 2012-08-31 09:09	--------	d-----w-	c:\program files\Bewf㕖 Boot FileS V4
2012-08-18 13:10 . 2012-08-18 13:10	--------	d-----w-	c:\programdata\Yahoo! Companion
2012-08-18 13:10 . 2012-08-27 11:21	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-18 13:10 . 2012-08-27 11:21	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-18 13:09 . 2012-08-18 13:10	--------	d-----w-	c:\programdata\Yahoo!
2012-08-18 13:00 . 2012-08-18 13:10	--------	d-----w-	c:\program files\Yahoo!
2012-08-18 12:09 . 2012-08-18 12:22	--------	d-----w-	c:\program files\Google
2012-08-18 12:07 . 2012-08-29 11:55	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-08-18 12:03 . 2012-08-21 02:06	--------	d-----w-	c:\program files\Internet Download Manager
2012-08-18 12:02 . 2012-08-18 12:02	--------	d-----w-	c:\program files\VideoLAN
2012-08-18 11:59 . 2012-08-18 11:59	3993600	----a-w-	c:\program files\GUT953D.tmp
2012-08-18 11:59 . 2012-08-18 11:59	--------	d-----w-	c:\program files\GUM953C.tmp
2012-08-18 11:43 . 2012-08-18 11:43	--------	d-----w-	c:\program files\TeamViewer
2012-08-18 11:40 . 2012-08-21 15:46	--------	d-----w-	c:\program files\Common Files\Skype
2012-08-18 11:40 . 2012-08-18 14:38	--------	d-----r-	c:\program files\Skype
2012-08-18 11:40 . 2012-08-18 14:38	--------	d-----w-	c:\programdata\Skype
2012-08-18 11:30 . 2012-08-18 11:30	--------	d-----w-	c:\program files\Intel
2012-08-18 11:30 . 2009-09-23 19:50	398336	----a-w-	c:\windows\system32\TVWizudlg.exe
2012-08-18 11:30 . 2009-09-23 19:49	140288	----a-w-	c:\windows\system32\igfxtvcx.dll
2012-08-18 11:29 . 2011-09-08 15:40	363112	----a-w-	c:\windows\system32\drivers\Rtlh86.sys
2012-08-18 11:29 . 2011-09-08 15:40	80416	----a-w-	c:\windows\system32\RtNicProp32.dll
2012-08-18 11:29 . 2012-08-18 11:30	--------	d-----w-	c:\windows\system32\Lang
2012-08-18 11:29 . 2012-08-18 11:29	--------	d-----w-	c:\windows\system32\x64
2012-08-18 11:29 . 2009-10-02 15:34	1002008	----a-w-	c:\windows\system32\igxpun.exe
2012-08-18 11:18 . 2012-08-18 13:52	98168	----a-w-	c:\windows\system32\drivers\klick.dat
2012-08-18 11:18 . 2012-08-18 13:52	116189	----a-w-	c:\windows\system32\drivers\klin.dat
2012-08-18 11:17 . 2012-08-31 09:22	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-08-18 11:17 . 2012-08-18 11:17	--------	d-----w-	c:\program files\Kaspersky Lab
2012-08-18 11:11 . 2012-08-18 11:11	--------	d-----w-	c:\program files\Microsoft.NET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 08:24 . 2012-08-19 15:13	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-02-07 . 1F748A99D08A6C7F6A023C865E581E36 . 1312768 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll
[7] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll
.
[-] 2011-02-07 . 3E72CFC94A71759851BB782C8CD9AA25 . 6228992 . . [8.00.7600.16385] . . c:\windows\System32\mshtml.dll
[7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll
.
[-] 2011-02-07 . 9B09844F9B58429874408E154C41B621 . 3969536 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
[-] 2011-02-07 . B56C7B1487C1D4B539F8FD82BBE54DB5 . 614912 . . [6.1.7600.16385] . . c:\windows\regedit.exe
[7] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
.
[7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49	22376	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-08-12 3487128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-02-07 1487360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"BlockHackers"="c:\program files\Block Hackers\BH_Block_Hackers.exe" [2012-07-12 749568]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-25 202296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2011-3-21 7067464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-08-24 14:26	138096	----atw-	c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-18 13:38	116648	----atw-	c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 2310_00;2310_00;c:\windows\system32\drivers\2310_00.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
R3 arcm_x86;arcm_x86;c:\windows\system32\drivers\arcm_x86.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hptiop;hptiop;c:\windows\system32\drivers\hptiop.sys [x]
R3 hptmv;hptmv;c:\windows\system32\drivers\hptmv.sys [x]
R3 hptmv6;hptmv6;c:\windows\system32\drivers\hptmv6.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd16032.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd26032.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\drivers\iSSetup.sys [x]
R3 m5287;m5287;c:\windows\system32\drivers\m5287.sys [x]
R3 m5288;m5288;c:\windows\system32\drivers\m5288.sys [x]
R3 m5289;m5289;c:\windows\system32\drivers\m5289.sys [x]
R3 MegaSR1;MegaSR1;c:\windows\system32\drivers\MegaSR1.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [x]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys [x]
R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [x]
R3 NBv834x;Killer Xeno Gaming Adapter Service;c:\windows\system32\drivers\Xeno7x86.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rr172x;rr172x;c:\windows\system32\drivers\rr172x.sys [x]
R3 rr174x;rr174x;c:\windows\system32\drivers\rr174x.sys [x]
R3 rr2210;rr2210;c:\windows\system32\drivers\rr2210.sys [x]
R3 rr232x;rr232x;c:\windows\system32\drivers\rr232x.sys [x]
R3 rr2340;rr2340;c:\windows\system32\drivers\rr2340.sys [x]
R3 rr2522;rr2522;c:\windows\system32\drivers\rr2522.sys [x]
R3 rr62x;rr62x;c:\windows\system32\drivers\rr62x.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 SI3112r;SI3112r;c:\windows\system32\drivers\SI3112r.sys [x]
R3 SI3114;SI3114;c:\windows\system32\drivers\SI3114.sys [x]
R3 SI3124;SI3124;c:\windows\system32\drivers\SI3124.sys [x]
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si3124r5.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 ioatdma;Intel(R) QuickData Technology Device;c:\windows\System32\Drivers\ioatdma.sys [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files\MBrowse\bin\MonServiceUDisk.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 11:21]
.
2012-08-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2675077406-896479217-84458514-500Core.job
- c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-24 14:26]
.
2012-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2675077406-896479217-84458514-500UA.job
- c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-24 14:26]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-18 12:09]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-18 12:09]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675077406-896479217-84458514-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 13:38]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2675077406-896479217-84458514-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 13:38]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5sr02n44.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Vc Syncnew - c:\users\Administrator\Downloads\Compressed\Vc Syncnew\Vc Syncnew.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,2d,f8,08,18,87,e0,44,a4,92,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,97,2d,f8,08,18,87,e0,44,a4,92,45,\
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ac3"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.alac"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.amr"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ape"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.apl"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.divx"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.dts"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.flac"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.flv"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.hdmov"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mka"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mkv"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpls"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpv4"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.oga"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogg"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogm"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogv"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ra"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ram"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.rm"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.rmvb"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tps"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tta"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.webm"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.wv"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2675077406-896479217-84458514-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-08-31  15:12:08 - machine was rebooted
ComboFix-quarantined-files.txt  2012-08-31 09:27
.
Pre-Run: 36,068,257,792 bytes free
Post-Run: 36,342,112,256 bytes free
.
- - End Of File - - C0C33E78166B13BB68608CEDC67D5B9D

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:43 AM

Posted 08 September 2012 - 08:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Posted Image

===

Please post the 3 logs for my review and let me know what problem persists.

Edited by nasdaq, 08 September 2012 - 08:51 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:43 AM

Posted 14 September 2012 - 09:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users