Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Agent according to Malwarebytes


  • This topic is locked This topic is locked
36 replies to this topic

#1 Andrew111

Andrew111

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 03 May 2013 - 06:48 PM

Introduction
I was hunting down some adware that had invaded IE and Firefox. I figured out which browser addon was causing it. It was a fastfreeconverter-somoto addon that had sneaked its way into my computer. It was showing ads from ad.reduxmedia, including private pages that should have no ads. I disabled from inside the browsers. The ads disappeared. Then I searched for files on my C: drive with similar names just to be sure. I found a folder with FastFreeConverter_Somoto.exe and removed the whole thing. All this was done by hand. No help from malware or AV software. The ads are still gone, but...

 

Current Problem
A friend suggested I also run Malwarebytes. It found a backdoor agent file called Set.bin, which it quarantined. I searched the web and found some more information on an AV website:

https://www.drwebhk.com/en/virus_techinfo/Trojan.DownLoader6.33454.html

Anyway, it’s supposed to have a csrss.exe file in the same folder. I didn't have it. But I found two csrss.exe files elsewhere.

C:\Windows\System32\csrss.exe
C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57 efdc6b4f3\csrss.exe

According to a few websites, any csrss.exe file other than the one in System32 should not be there. But in the Microsoft forum they said it's okay in that kind of path. http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/csrssexe/26bba20c-2691-4d42-bec4-637436c53c4f.

So I compared the files and they have identical in size, date, CRC32, etc. Also, two friends found the same two files in the same folders on their computers, same size and date.

I have Norton Internet Security and had it scan everything. It found nothing that had penetrated the system. I also just installed Zone Alarm to see if I can spot something suspicious dialing out. I've caught nothing, but I'm no expert.

Then I asked in another forum here if I had done enough. I was told to create some logs and post  here. Thanks for looking.

 

---------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by white at 13:55:58 on 2013-05-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4014.1906 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvservice.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\HP Wi-Fi Mobile Mouse Config\AstroS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Windows\SysWOW64\NMSAccessU.exe
C:\Program Files\Ozmo Devices\ozwpansvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Kalender\Kalender.exe
C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\X1\X1FileMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\ProgramData\HP Wi-Fi Mobile Mouse Config\PelAstro.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\3M\PSN2Lite\Psn2Lite.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\PROGRA~2\3M\PSN2Lite\PSNGive.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://apl.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z079&partner_id=314&product_id=677&affiliate_id=&channel=6-08122011&toolbar_id=30&toolbar_version=5.0.0.0&install_country=US&install_date=20110813&user_guid=54AEC29CD1944EA6BB80FBDE78E1E331&machine_id=f732a1b49f7587e2dce55e50817f958c&browser=IE&os=win&os_version=6.1-x64-SP1
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\PSPad Toolbar\tbhelper.dll
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Mouse Gestures: {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\PSPad Toolbar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: PSPad Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\PSPad Toolbar\tbcore3.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Kalender] C:\Program Files (x86)\Kalender\Kalender.exe
uRun: [IVONA ControlCenter] "C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" --action=run-silent
uRun: [AdobeBridge] <no file>
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [PelAstro] C:\ProgramData\HP Wi-Fi Mobile Mouse Config\PelAstro.exe
mRun: [HPMonitor] C:\Program Files (x86)\Hewlett-Packard\HP Wi-Fi Mobile Mouse\hpMonitor23.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [ACSW15EN] "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe" /pid ACSW15EN
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\POST-I~1.LNK - C:\Program Files (x86)\3M\PSN2Lite\Psn2Lite.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Save Web Page to askSam 7... - C:\Program Files (x86)\askSam\asksam7\ASAdd.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - {42981F9D-0C9E-4131-BFC7-8FFE874C6AAC} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}\2375942554339353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}\2375942554737343 : DHCPNameServer = 192.168.1.254
Handler: asksam7 - {7176DE82-982D-4f2b-A562-9D0BBE96DEBC} - C:\Program Files (x86)\askSam\asksam7\AS7_AIPP.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Mouse Gestures: {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-IE: {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - {42981F9D-0C9E-4131-BFC7-8FFE874C6AAC} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: asksam7 - {7176DE82-982D-4f2b-A562-9D0BBE96DEBC} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\white\AppData\Roaming\Mozilla\Firefox\Profiles\i3826n5q.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-30 23:22; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-1 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-3-29 70296]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-4-12 1390680]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130502.001\IDSviA64.sys [2013-5-2 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624]
R2 AstroS;AstroS;C:\ProgramData\HP Wi-Fi Mobile Mouse Config\AstroS.exe [2010-12-1 172032]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-7 13336]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-22 828072]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-25 418376]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]
R2 nvservice;NVIDIA GuardService;C:\Windows\System32\nvservice.exe [2013-4-8 192800]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416]
R2 ozwpansvc;Ozmo WPAN Service;C:\Program Files\Ozmo Devices\ozwpansvc.exe [2011-10-20 77080]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-19 93696]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-19 75776]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-5-1 104960]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2012-10-15 423576]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2012-10-15 423576]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2012-10-15 423576]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-5-1 19968]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-19 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-19 35104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-23 138912]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2011-9-22 106880]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-25 25928]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-19 11392]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-1 571248]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-12-14 1286784]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-19 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-25 701512]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 HPMoA907;Mouse Suite Driver_A907 (WDF Version);C:\Windows\System32\drivers\HPMoA907.sys [2011-10-20 25088]
S3 HPubA907;USB Mouse Low Filter Driver_A907 (WDF Version);C:\Windows\System32\drivers\HPubA907.sys [2011-10-20 19456]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-19 151040]
S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-9-22 43028328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-24 19456]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-24 57856]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-05-01 06:22:13 -------- d-----w- C:\Users\white\AppData\Roaming\CheckPoint
2013-05-01 06:21:43 -------- d-----w- C:\Program Files\CheckPoint
2013-05-01 06:20:04 -------- d-----w- C:\Program Files (x86)\CheckPoint
2013-05-01 06:19:13 -------- d-----w- C:\ProgramData\CheckPoint
2013-04-26 00:31:07 -------- d-----w- C:\Users\white\AppData\Roaming\Malwarebytes
2013-04-26 00:29:40 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-26 00:29:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-26 00:29:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 13:14:16 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-18 15:43:03 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-10 22:32:53 -------- d-----w- C:\ProgramData\Redfield
2013-04-10 10:48:00 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 10:47:58 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 10:47:53 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 10:47:52 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 10:47:52 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 10:47:51 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 10:47:51 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 10:47:51 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-08 19:58:28 192800 ----a-w- C:\Windows\System32\nvservice.exe
2013-04-08 19:58:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
.
==================== Find3M ====================
.
2013-05-03 04:12:42 4704 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-04-16 15:35:05 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-16 15:35:05 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-18 07:07:10 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-18 07:07:10 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-12 20:46:15 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-02-26 09:29:00 933968 ----a-w- C:\Windows\System32\vnetlib64.dll
2013-02-26 09:28:48 67664 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2013-02-26 09:28:44 357456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2013-02-26 09:28:26 436304 ----a-w- C:\Windows\SysWow64\vmnat.exe
2013-02-26 09:28:14 30800 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2013-02-26 09:27:48 62104 ----a-w- C:\Windows\System32\vmnetbridge.dll
2013-02-26 09:27:48 48792 ----a-w- C:\Windows\System32\vnetinst.dll
2013-02-26 09:27:48 45720 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2013-02-26 09:27:48 24216 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2013-02-26 09:27:48 20120 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2013-02-26 09:27:44 33360 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2013-02-26 07:59:16 360528 ----a-w- C:\Windows\SysWow64\vmnc.dll
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 13:56:49.15 ===============

Attached Files


Edited by Andrew111, 03 May 2013 - 06:49 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:47 PM

Posted 04 May 2013 - 06:23 AM

Please run the following

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Andrew111

Andrew111
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 04 May 2013 - 02:58 PM

I'm posting here using a different computer because Combofix seems to be stuck.

 

For almost 2 hours the the top border of the command windows says: 

 

Administrator: ComboFix - Find3M

 

And inside the window is says:

 

 

Preparing Log Report

Do not run any programs until ComboFix is finished. 

 

 

I have not clicked anywhere on the ComboFix window and I have not started any other programs. 

 

I assume at some point I need to try to cancel out of this, but I thought I'd post here in case you are reading this.



#4 Andrew111

Andrew111
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 04 May 2013 - 03:29 PM

I think I know what might have happened. I read here on a different thread that even mousing over the window can cause a problem. When the computer rebooted, it stopped on the screen where I have to tell it which user. I clicked that with my mouse. And then when the combofix window showed up again, the mouse cursor was over its window. I waited for about 45 minutes and then moved the mouse cursor off the window. 

 

It's still stuck.


Edited by Andrew111, 04 May 2013 - 03:32 PM.


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:47 PM

Posted 04 May 2013 - 04:17 PM

You can close out that window,

then navigate to C:\ComboFix.txt to see if a log was created, if not, please run ComboFix again, this time in safe mode:

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Andrew111

Andrew111
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 04 May 2013 - 05:21 PM

A note from me about Norton Internet Security. Right clicking gave me the options to disable the Anti-Virus and the Firewall. This shows on the report below. I have no idea what that third Norton Internet Security thing is (the one that begins with SP). 

 

ComboFix 13-05-04.01 - white 05/04/2013 9:57:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4014.2255 [GMT -7:00]
Running from: C:\Users\white\Desktop\bleeping\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.exe
C:\Program Files (x86)\PSPad Toolbar\tbHElper.dll
C:\ProgramData\B42C141AD7.sys
C:\Users\white\AppData\Local\TempDIR
C:\Users\white\AppData\Roaming\Config
C:\Users\white\AppData\Roaming\Microsoft\~DFK1ebd94.tmp
C:\Users\white\AppData\Roaming\Microsoft\1eaadjc.dll
C:\Users\white\AppData\Roaming\Microsoft\bass.dll
C:\Users\white\AppData\Roaming\Microsoft\kfgresk.dll
C:\Users\white\AppData\Roaming\Microsoft\mjcriu.dll
C:\Users\white\AppData\Roaming\Microsoft\peaadje.dll
C:\Users\white\AppData\Roaming\Microsoft\qwadjb.dll
C:\Users\white\AppData\Roaming\Microsoft\rsaadjd.dll
C:\Users\white\AppData\Roaming\Mozilla\Firefox\Profiles\i3826n5q.default\searchplugins\bing-zugo.xml
C:\Windows\security\Database\tmp.edb


((((((((((((((((((((((((( Files Created from 2013-04-04 to 2013-05-04 )))))))))))))))))))))))))))))))


2013-05-04 17:45:23 . 2013-05-04 17:45:23 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-05-01 06:22:13 . 2013-05-01 06:22:13 -------- d-----w- C:\Users\white\AppData\Roaming\CheckPoint
2013-05-01 06:21:43 . 2013-05-01 06:21:43 -------- d-----w- C:\Program Files\CheckPoint
2013-05-01 06:20:04 . 2013-05-01 06:21:34 -------- d-----w- C:\Program Files (x86)\CheckPoint
2013-05-01 06:19:13 . 2013-05-01 06:19:13 -------- d-----w- C:\ProgramData\CheckPoint
2013-04-26 00:31:07 . 2013-04-26 00:31:07 -------- d-----w- C:\Users\white\AppData\Roaming\Malwarebytes
2013-04-26 00:29:40 . 2013-04-26 00:29:40 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-26 00:29:39 . 2013-04-26 00:29:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-26 00:29:39 . 2013-04-04 21:50:32 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys
2013-04-24 13:14:16 . 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2013-04-18 15:43:47 . 2013-04-18 15:43:47 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-04-18 15:43:03 . 2013-04-04 12:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-10 22:32:53 . 2013-04-10 22:32:53 -------- d-----w- C:\ProgramData\Redfield
2013-04-10 10:48:00 . 2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\system32\win32k.sys
2013-04-10 10:47:58 . 2013-01-24 06:01:01 223752 ----a-w- C:\Windows\system32\drivers\fvevol.sys
2013-04-10 10:47:53 . 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-04-10 10:47:52 . 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 10:47:52 . 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 10:47:51 . 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-04-10 10:47:51 . 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 10:47:51 . 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\system32\smss.exe
2013-04-08 19:58:28 . 2013-02-04 10:30:24 192800 ----a-w- C:\Windows\system32\nvservice.exe
2013-04-08 19:58:26 . 2013-04-08 19:58:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-05-04 07:52:41 . 2011-07-08 23:20:22 4704 --sha-w- C:\ProgramData\KGyGaAvL.sys
2013-04-16 15:35:05 . 2012-04-01 05:01:56 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-16 15:35:05 . 2011-07-07 20:06:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 16:44:49 . 2011-07-10 06:54:17 72702784 ----a-w- C:\Windows\system32\MRT.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 97280 ----a-w- C:\Windows\system32\mshtmled.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 92160 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 905728 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 81408 ----a-w- C:\Windows\system32\icardie.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 77312 ----a-w- C:\Windows\system32\tdc.ocx
2013-03-19 02:30:08 . 2013-03-19 02:30:08 762368 ----a-w- C:\Windows\system32\ieapfltr.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 73728 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 62976 ----a-w- C:\Windows\system32\pngfilt.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 61952 ----a-w- C:\Windows\SysWow64\tdc.ocx
2013-03-19 02:30:08 . 2013-03-19 02:30:08 599552 ----a-w- C:\Windows\system32\vbscript.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 51200 ----a-w- C:\Windows\system32\imgutil.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 452096 ----a-w- C:\Windows\system32\dxtmsft.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 441856 ----a-w- C:\Windows\system32\html.iec
2013-03-19 02:30:08 . 2013-03-19 02:30:08 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 361984 ----a-w- C:\Windows\SysWow64\html.iec
2013-03-19 02:30:08 . 2013-03-19 02:30:08 281600 ----a-w- C:\Windows\system32\dxtrans.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 27648 ----a-w- C:\Windows\system32\licmgr10.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 270848 ----a-w- C:\Windows\system32\iedkcs32.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 247296 ----a-w- C:\Windows\system32\webcheck.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 235008 ----a-w- C:\Windows\system32\url.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 226304 ----a-w- C:\Windows\system32\elshyph.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 216064 ----a-w- C:\Windows\system32\msls31.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 197120 ----a-w- C:\Windows\system32\msrating.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 173568 ----a-w- C:\Windows\system32\ieUnatt.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 167424 ----a-w- C:\Windows\system32\iexpress.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 1509376 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-03-19 02:30:08 . 2013-03-19 02:30:08 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 149504 ----a-w- C:\Windows\system32\occache.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 144896 ----a-w- C:\Windows\system32\wextract.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-03-19 02:30:08 . 2013-03-19 02:30:08 1400416 ----a-w- C:\Windows\system32\ieapfltr.dat
2013-03-19 02:30:08 . 2013-03-19 02:30:08 138752 ----a-w- C:\Windows\SysWow64\wextract.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 13824 ----a-w- C:\Windows\system32\mshta.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 136192 ----a-w- C:\Windows\system32\iepeers.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 135680 ----a-w- C:\Windows\system32\IEAdvpack.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 12800 ----a-w- C:\Windows\SysWow64\mshta.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 12800 ----a-w- C:\Windows\system32\msfeedssync.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2013-03-19 02:30:08 . 2013-03-19 02:30:08 1054720 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-03-19 02:30:08 . 2013-03-19 02:30:08 102912 ----a-w- C:\Windows\system32\inseng.dll
2013-03-18 07:07:10 . 2012-05-18 07:48:11 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-18 07:07:10 . 2011-07-18 22:29:41 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-12 20:46:15 . 2013-03-12 19:46:19 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-02-26 09:29:00 . 2013-03-29 07:30:30 933968 ----a-w- C:\Windows\system32\vnetlib64.dll
2013-02-26 09:28:48 . 2013-03-29 07:31:04 67664 ----a-w- C:\Windows\system32\drivers\vmx86.sys
2013-02-26 09:28:44 . 2013-03-29 07:30:34 357456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2013-02-26 09:28:26 . 2013-03-29 07:30:33 436304 ----a-w- C:\Windows\SysWow64\vmnat.exe
2013-02-26 09:28:14 . 2013-03-29 07:30:32 30800 ----a-w- C:\Windows\system32\drivers\vmnetuserif.sys
2013-02-26 09:27:48 . 2013-02-26 09:27:48 62104 ----a-w- C:\Windows\system32\vmnetbridge.dll
2013-02-26 09:27:48 . 2013-02-26 09:27:48 48792 ----a-w- C:\Windows\system32\vnetinst.dll
2013-02-26 09:27:48 . 2013-02-26 09:27:48 45720 ----a-w- C:\Windows\system32\drivers\vmnetbridge.sys
2013-02-26 09:27:48 . 2013-02-26 09:27:48 24216 ----a-w- C:\Windows\system32\drivers\vmnet.sys
2013-02-26 09:27:48 . 2013-02-26 09:27:48 20120 ----a-w- C:\Windows\system32\drivers\vmnetadapter.sys
2013-02-26 09:27:44 . 2013-03-29 07:31:03 33360 ----a-w- C:\Windows\system32\drivers\VMkbd.sys
2013-02-26 07:59:16 . 2013-02-26 07:59:16 360528 ----a-w- C:\Windows\SysWow64\vmnc.dll
2013-02-12 05:45:24 . 2013-03-13 09:08:31 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 . 2013-03-13 09:08:32 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 . 2013-03-13 09:08:31 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 . 2013-03-13 09:08:31 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 . 2013-03-13 09:08:32 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-03-13 09:08:32 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 . 2013-03-20 20:20:23 19968 ----a-w- C:\Windows\system32\drivers\usb8023.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "C:\Program Files (x86)\PSPad Toolbar\tbcore3.dll" [2011-06-23 05:44:58 2398720]

[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-01 20:27:22 39408]
"Kalender"="C:\Program Files (x86)\Kalender\Kalender.exe" [2010-08-23 01:38:54 933888]
"IVONA ControlCenter"="C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2011-08-05 11:26:16 1672056]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 13:25:17 1475584]
"X1FileMonitor.exe"="C:\PROGRA~2\X1\X1FileMonitor.exe" [2012-06-06 22:39:06 400024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 20:42:50 80384]
"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 02:24:00 320880]
"PMBVolumeWatcher"="c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 10:18:52 597792]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 03:16:04 284696]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
"PelAstro"="C:\ProgramData\HP Wi-Fi Mobile Mouse Config\PelAstro.exe" [2011-01-14 17:15:40 65536]
"HPMonitor"="C:\Program Files (x86)\Hewlett-Packard\HP Wi-Fi Mobile Mouse\hpMonitor23.exe" [2011-04-28 00:02:14 99328]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 21:08:14 59720]
"QuickFinder Scheduler"="c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [2012-09-21 19:32:42 128440]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 21:37:14 517096]
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 06:10:47 402432]
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 14:28:12 39136]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 14:28:26 825560]
"ACSW15EN"="C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe" [2012-12-17 22:00:08 1135304]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 22:39:24 115048]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-10-25 11:12:14 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 20:35:28 152392]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 14:32:50 253816]
"ZoneAlarm"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 20:31:18 73832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Post-it® Software Notes Lite.lnk - C:\Program Files (x86)\3M\PSN2Lite\Psn2Lite.exe [2002-8-9 520192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 02:20:02 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 21:27:14 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 21:50:32 701512]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 08:59:30 362992]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 20:28:36 160944]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 19:10:02 3276800]
R3 HPMoA907;Mouse Suite Driver_A907 (WDF Version);C:\Windows\system32\DRIVERS\HPMoA907.sys [2011-01-14 17:01:12 25088]
R3 HPubA907;USB Mouse Low Filter Driver_A907 (WDF Version);C:\Windows\system32\Drivers\HPubA907.sys [2011-01-27 22:56:42 19456]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys [2009-10-27 20:06:59 151040]
R3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-09-23 01:18:58 43028328]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:10:20 19456]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 08:59:18 313840]
R3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 15:47:30 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 22:52:48 423280]
R3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 15:47:30 67952]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 19:27:18 286936]
R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 21:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 14:07:35 57856]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 22:47:20 132008]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 19:16:26 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 02:15:44 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 00:55:26 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 00:26:34 101152]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-07 07:31:27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 23:06:00 14464]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 04:55:56 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 01:17:26 370024]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2009-05-20 10:00:00 55280]
S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-26 02:18:35 451192]
S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 01:37:12 1129120]
S0 vmci;VMware VMCI Bus Driver;C:\Windows\system32\DRIVERS\vmci.sys [2012-10-24 21:17:10 85104]
S0 vsock;vSockets Driver;C:\Windows\system32\drivers\vsock.sys [2012-10-24 21:17:14 70296]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 23:53:05 1390680]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 04:43:38 167072]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130503.001\IDSvia64.sys [2012-09-01 00:27:23 513184]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 01:42:14 190072]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 02:13:32 405624]
S2 AstroS;AstroS;C:\ProgramData\HP Wi-Fi Mobile Mouse Config\AstroS.exe [2010-12-01 17:35:02 172032]
S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-28 01:09:10 1253376]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 03:16:06 13336]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 14:35:36 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 14:35:22 828072]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 21:50:32 418376]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 02:24:19 138272]
S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2009-10-20 18:19:54 47632]
S2 nvservice;NVIDIA GuardService;C:\Windows\system32\nvservice.exe [2013-02-04 10:30:24 192800]
S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 20:13:30 60416]
S2 ozwpansvc;Ozmo WPAN Service;C:\Program Files\Ozmo Devices\ozwpansvc.exe [2011-04-29 23:30:00 77080]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 10:18:54 360224]
S2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys [2009-11-06 20:27:30 93696]
S2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys [2009-09-15 20:09:08 75776]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 17:59:10 104960]
S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 23:15:30 918680]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2012-10-15 18:13:26 423576]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2012-10-15 18:16:14 423576]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2012-10-15 18:16:14 423576]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 21:32:04 19968]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [2009-11-18 20:07:12 52264]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 20:06:44 35104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-24 02:46:56 138912]
S3 hswpan;WPAN Driver;C:\Windows\system32\DRIVERS\hswpan.sys [2011-04-29 23:30:00 106880]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2013-04-04 21:50:32 25928]
S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [2009-08-19 20:09:21 11392]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 02:51:18 571248]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-10-26 17:44:28 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [2009-11-12 20:16:19 395264]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 09:39:35 1642448 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2013-05-04 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 05:01:56 . 2013-04-16 15:35:05]

2013-05-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 20:27:28 . 2010-05-01 20:27:26]

2013-05-04 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 20:27:28 . 2010-05-01 20:27:26]


--------- X64 Entries -----------
 



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:47 PM

Posted 04 May 2013 - 05:51 PM

The log appears to have been cut off, can you please check and see if there is any more to it?

Please run the following:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.
Verify that your system is now functioning normally.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Andrew111

Andrew111
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 04 May 2013 - 08:30 PM

The log appears to have been cut off, can you please check and see if there is any more to it?

 

 

No, that's the entire log. I just double checked. Maybe it got cut off when Combofix appeared to stall.

 

Would you like me to run combofix again (in safe mode) and post the results, before running Malwarebytes Anti-Rootkit? 



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:47 PM

Posted 04 May 2013 - 08:34 PM

Yes please

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Andrew111

Andrew111
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 04 May 2013 - 11:31 PM

That made a big difference. In Safe Mode it ran all the way to the end. Also, it didn't reboot this time--maybe because it  didn't need to delete anything this time.

 

There is a way I could have spotted that the file was incomplete, but I didn't know any better. At the end the complete file says: " - - End Of File - -" plus a bunch of extra characters after it. 

 

I looked at both versions using a file compare utility. There are some difference other than more at the end. Here's the current version. I will wait until I hear from you.

------------------------------------

 

ComboFix 13-05-04.01 - white 05/04/2013 20:29:38.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4014.2772 [GMT -7:00]
Running from: c:\users\white\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\program files (x86)\PSPad Toolbar\tbHElper.dll
c:\programdata\B42C141AD7.sys
c:\users\white\AppData\Roaming\Microsoft\~DFK1ebd94.tmp
c:\users\white\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\white\AppData\Roaming\Microsoft\bass.dll
c:\users\white\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\white\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\white\AppData\Roaming\Microsoft\peaadje.dll
c:\users\white\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\white\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\white\AppData\Roaming\Mozilla\Firefox\Profiles\i3826n5q.default\searchplugins\bing-zugo.xml
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2013-04-05 to 2013-05-05 )))))))))))))))))))))))))))))))
.
.
2013-05-05 03:41 . 2013-05-05 03:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-01 06:22 . 2013-05-01 06:22 -------- d-----w- c:\users\white\AppData\Roaming\CheckPoint
2013-05-01 06:21 . 2013-05-01 06:21 -------- d-----w- c:\program files\CheckPoint
2013-05-01 06:20 . 2013-05-01 06:21 -------- d-----w- c:\program files (x86)\CheckPoint
2013-05-01 06:19 . 2013-05-01 06:19 -------- d-----w- c:\programdata\CheckPoint
2013-04-26 00:31 . 2013-04-26 00:31 -------- d-----w- c:\users\white\AppData\Roaming\Malwarebytes
2013-04-26 00:29 . 2013-04-26 00:29 -------- d-----w- c:\programdata\Malwarebytes
2013-04-26 00:29 . 2013-04-26 00:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-26 00:29 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-24 13:14 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-18 15:43 . 2013-04-18 15:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-18 15:43 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-10 22:32 . 2013-04-10 22:32 -------- d-----w- c:\programdata\Redfield
2013-04-10 10:48 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 10:47 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 10:47 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 10:47 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 10:47 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 10:47 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 10:47 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 10:47 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-08 19:58 . 2013-02-04 10:30 192800 ----a-w- c:\windows\system32\nvservice.exe
2013-04-08 19:58 . 2013-04-08 19:58 -------- d-----w- c:\program files\NVIDIA Corporation
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 01:09 . 2011-07-08 23:20 4704 --sha-w- c:\programdata\KGyGaAvL.sys
2013-04-16 15:35 . 2012-04-01 05:01 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-16 15:35 . 2011-07-07 20:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 16:44 . 2011-07-10 06:54 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-19 02:30 . 2013-03-19 02:30 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-19 02:30 . 2013-03-19 02:30 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-19 02:30 . 2013-03-19 02:30 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-19 02:30 . 2013-03-19 02:30 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-19 02:30 . 2013-03-19 02:30 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-19 02:30 . 2013-03-19 02:30 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-19 02:30 . 2013-03-19 02:30 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-19 02:30 . 2013-03-19 02:30 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-19 02:30 . 2013-03-19 02:30 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-19 02:30 . 2013-03-19 02:30 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-19 02:30 . 2013-03-19 02:30 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-19 02:30 . 2013-03-19 02:30 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-19 02:30 . 2013-03-19 02:30 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-19 02:30 . 2013-03-19 02:30 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-19 02:30 . 2013-03-19 02:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-19 02:30 . 2013-03-19 02:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-19 02:30 . 2013-03-19 02:30 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-19 02:30 . 2013-03-19 02:30 441856 ----a-w- c:\windows\system32\html.iec
2013-03-19 02:30 . 2013-03-19 02:30 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-19 02:30 . 2013-03-19 02:30 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-19 02:30 . 2013-03-19 02:30 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-19 02:30 . 2013-03-19 02:30 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-19 02:30 . 2013-03-19 02:30 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-19 02:30 . 2013-03-19 02:30 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-19 02:30 . 2013-03-19 02:30 235008 ----a-w- c:\windows\system32\url.dll
2013-03-19 02:30 . 2013-03-19 02:30 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-19 02:30 . 2013-03-19 02:30 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-19 02:30 . 2013-03-19 02:30 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-19 02:30 . 2013-03-19 02:30 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-19 02:30 . 2013-03-19 02:30 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-19 02:30 . 2013-03-19 02:30 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-19 02:30 . 2013-03-19 02:30 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-19 02:30 . 2013-03-19 02:30 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-19 02:30 . 2013-03-19 02:30 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-19 02:30 . 2013-03-19 02:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-19 02:30 . 2013-03-19 02:30 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-19 02:30 . 2013-03-19 02:30 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-19 02:30 . 2013-03-19 02:30 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-19 02:30 . 2013-03-19 02:30 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-19 02:30 . 2013-03-19 02:30 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-19 02:30 . 2013-03-19 02:30 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-19 02:30 . 2013-03-19 02:30 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-19 02:30 . 2013-03-19 02:30 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-19 02:30 . 2013-03-19 02:30 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-19 02:30 . 2013-03-19 02:30 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-19 02:30 . 2013-03-19 02:30 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-19 02:30 . 2013-03-19 02:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-19 02:30 . 2013-03-19 02:30 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-19 02:30 . 2013-03-19 02:30 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-18 07:07 . 2012-05-18 07:48 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-18 07:07 . 2011-07-18 22:29 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-12 20:46 . 2013-03-12 19:46 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-02-26 09:29 . 2013-03-29 07:30 933968 ----a-w- c:\windows\system32\vnetlib64.dll
2013-02-26 09:28 . 2013-03-29 07:31 67664 ----a-w- c:\windows\system32\drivers\vmx86.sys
2013-02-26 09:28 . 2013-03-29 07:30 357456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2013-02-26 09:28 . 2013-03-29 07:30 436304 ----a-w- c:\windows\SysWow64\vmnat.exe
2013-02-26 09:28 . 2013-03-29 07:30 30800 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2013-02-26 09:27 . 2013-02-26 09:27 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2013-02-26 09:27 . 2013-02-26 09:27 48792 ----a-w- c:\windows\system32\vnetinst.dll
2013-02-26 09:27 . 2013-02-26 09:27 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2013-02-26 09:27 . 2013-02-26 09:27 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2013-02-26 09:27 . 2013-02-26 09:27 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2013-02-26 09:27 . 2013-03-29 07:31 33360 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2013-02-26 07:59 . 2013-02-26 07:59 360528 ----a-w- c:\windows\SysWow64\vmnc.dll
2013-02-12 05:45 . 2013-03-13 09:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 09:08 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 09:08 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 09:08 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 09:08 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:20 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files (x86)\PSPad Toolbar\tbcore3.dll" [2011-06-23 2398720]
.
[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-01 39408]
"IVONA ControlCenter"="c:\program files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2011-08-05 1672056]
"AdobeBridge"="" [BU]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"X1FileMonitor.exe"="c:\progra~2\X1\X1FileMonitor.exe" [2012-06-06 400024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"PelAstro"="c:\programdata\HP Wi-Fi Mobile Mouse Config\PelAstro.exe" [2011-01-14 65536]
"HPMonitor"="c:\program files (x86)\Hewlett-Packard\HP Wi-Fi Mobile Mouse\hpMonitor23.exe" [2011-04-28 99328]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [2012-09-21 128440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
"ACSW15EN"="c:\program files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe" [2012-12-17 1135304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Post-it® Software Notes Lite.lnk - c:\program files (x86)\3M\PSN2Lite\Psn2Lite.exe [2002-8-9 520192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 02:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 1390680]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130503.001\IDSvia64.sys [2012-09-01 513184]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
R2 AstroS;AstroS;c:\programdata\HP Wi-Fi Mobile Mouse Config\AstroS.exe [2010-12-01 172032]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-28 1253376]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe [2013-02-04 192800]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416]
R2 ozwpansvc;Ozmo WPAN Service;c:\program files\Ozmo Devices\ozwpansvc.exe [2011-04-29 77080]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2012-10-15 423576]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2012-10-15 423576]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2012-10-15 423576]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-24 138912]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 HPMoA907;Mouse Suite Driver_A907 (WDF Version);c:\windows\system32\DRIVERS\HPMoA907.sys [2011-01-14 25088]
R3 HPubA907;USB Mouse Low Filter Driver_A907 (WDF Version);c:\windows\system32\Drivers\HPubA907.sys [2011-01-27 19456]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-09-23 43028328]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-07 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 370024]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys [2011-04-29 106880]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 09:39 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:35]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 20:27]
.
2013-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-01 20:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-09 11106408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://apl.startnow.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z079&partner_id=314&product_id=677&affiliate_id=&channel=6-08122011&toolbar_id=30&toolbar_version=5.0.0.0&install_country=US&install_date=20110813&user_guid=54AEC29CD1944EA6BB80FBDE78E1E331&machine_id=f732a1b49f7587e2dce55e50817f958c&browser=IE&os=win&os_version=6.1-x64-SP1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Copy to &Lightning Note - c:\program files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Save Web Page to askSam 7... - c:\program files (x86)\askSam\asksam7\ASAdd.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: asksam7 - {7176DE82-982D-4f2b-A562-9D0BBE96DEBC} - c:\program files (x86)\askSam\asksam7\AS7_AIPP.dll
FF - ProfilePath - c:\users\white\AppData\Roaming\Mozilla\Firefox\Profiles\i3826n5q.default\
FF - ExtSQL: 2013-04-30 23:22; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
.
.
------- File Associations -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DreamSuite Bonus - c:\windows\unvise32.exe
AddRemove-virtualPhotographer_is1 - c:\users\white\Documents\Plugins\virtual photographer\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.032"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.abr"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.amr"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ani"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.bay"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.bmp"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.bw"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bwf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.caf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cdda"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cel"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.cs1"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cur"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.dcr"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.dcx"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.dib"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.djv"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.djvu"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.emf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.eps"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.erf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.fff"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.flc"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fli"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fpx"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.gif"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gsm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.hdr"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icl"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.icn"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.iff"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.ilbm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.int"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.inta"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.iw4"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.j2c"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.j2k"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.jbr"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.jfif"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.jif"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.jp2"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.jpc"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.jpe"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.jpeg"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.jpg"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.jpk"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.jpx"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kar"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.kdc"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.lbm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m15"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m1a"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m2a"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.m75"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.mef"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.mos"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mpv"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.nrw"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.pbr"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcd"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.pct"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.pcx"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.pgm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.pic"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pics"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.pict"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pix"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.png"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.ppm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.psp"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.pspbrush"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.pspimage"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.qtpf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.ras"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.raw"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.rgb"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.rgba"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.rle"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.rsb"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.rw2"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.rwl"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sdv"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sfil"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.sgi"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.smf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.smi"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.smil"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sml"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.sr2"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.srf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.srw"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.swa"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.tga"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.thm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.tif"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.tiff"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ttc"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ttf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ulw"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14o"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14p"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14pf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v15o\UserChoice]
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.v15o"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v15p\UserChoice]
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.v15p"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v15pf\UserChoice]
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.v15pf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.vfw"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.wbm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.wbmp"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.wmf"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.xbm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
"Progid"="ACDSee 15.xif"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2286013605-377766629-1330563092-1004)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.xmp"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.xpm"
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF104906-E06E-E939-86A1-978461A95F62}*]
"iaomndeejlgbilkmla"=hex:6b,61,6a,70,65,6f,64,61,68,6f,63,64,6d,6b,68,6c,6b,6e,
61,6a,6f,6a,00,77
"haencihljhbfenej"=hex:6b,61,6b,70,61,70,63,62,64,6d,69,70,6e,62,6e,6f,66,63,
66,61,6f,62,00,77
"hadgeobebeekajgo"=hex:65,63,69,63,6a,6d,6f,6b,61,6a,65,6d,6b,68,61,68,6b,68,
66,67,6b,6d,6b,6d,67,67,62,64,6c,61,6c,69,61,62,68,6a,66,6d,6f,70,6c,64,64,\
.
[HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f0,03,25,8e,8d,ab,c2,50,ec,35,f5,42,e5,5c,86,19,c4,f2,ab,e5,be,0c,e2,
02,9d,6b,7e,1f,29,9a,24,e6,43,fd,53,e5,11,8d,1e,e6,89,cf,14,cf,fe,28,7a,b3,\
"??"=hex:57,5f,c1,60,a1,30,7d,dc,5d,b2,16,ed,d1,a0,ad,43
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EF104906-E06E-E939-86A1-978461A95F62}\InProcServer32*]
"jainmcimggplmggjhkjj"=hex:6b,61,6a,70,65,6f,64,61,68,6f,63,64,6d,6b,68,6c,6b,
6e,61,6a,6f,6a,00,00
"iainceegdjlnoalmac"=hex:6b,61,6a,70,65,6f,64,61,68,6f,63,64,6d,6b,68,6c,6b,6e,
61,6a,6f,6a,00,77
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-04 20:46:28
ComboFix-quarantined-files.txt 2013-05-05 03:46
.
Pre-Run: 319,869,784,064 bytes free
Post-Run: 319,724,871,680 bytes free
.
- - End Of File - - E48E1B3F20B4EA61A13F6D8C995634E9

 

 

     

 



#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:47 PM

Posted 05 May 2013 - 06:54 AM

log looks good, let's run MBAR just as a precaution, then we still have a little more work to do after that, but we're getting there

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Andrew111

Andrew111
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 05 May 2013 - 02:29 PM

MBAR said it found nothing malicious.

 

But I'll post the logs in case you need to see whatever info it produces.

 

 

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
white :: WHITE-VAIO [administrator]

5/5/2013 12:10:32 PM
mbar-log-2013-05-05 (12-10-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 32409
Time elapsed: 15 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16540

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 4209078272, free: 2548150272

------------ Kernel report ------------
05/05/2013 11:54:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\vsdatant.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130505.002\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130412.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\sdbus.sys
\SystemRoot\system32\drivers\rimssne64.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\risdsne64.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\SFEP.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\hswpan.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\drivers\btusbflt.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shell32.dll
\Windows\System32\kernel32.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8008003060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa80080029b0
Lower Device Driver Name: \Driver\risdsnpe\
Driver name found: risdsnpe
Load Function returned 0xc0000001
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007fbb060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xfffffa8007fd8050
Lower Device Driver Name: \Driver\rimspci\
Driver name found: rimspci
Load Function returned 0xc0000001
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80049a0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004710050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.05.05.05
Downloaded database version: v2013.05.01.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80049a0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80049a0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80049a0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800470bb20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004710050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a006398a60, 0xfffffa80049a0060, 0xfffffa800410d090
Lower DeviceData: 0xfffff8a0024b5670, 0xfffffa8004710050, 0xfffffa8003d26b60
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F01E5B9

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 17715200

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 17717248 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 17922048 Numsec = 937877504

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 955799552 Numsec = 20971520

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8007fbb060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007fbbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007fbb060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007fd8050, DeviceName: \Device\0000007c\, DriverName: \Driver\rimspci\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8008003060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80080024e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008003060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80080029b0, DeviceName: \Device\0000007d\, DriverName: \Driver\risdsnpe\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\VAIO Messenger Setup 2.0.493.0.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}.native.bitness.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}.native.weight.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\{5BCAA0F1-4CEB-4ED4-9E18-B9D4FB521338}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{5BCAA0F1-4CEB-4ED4-9E18-B9D4FB521338}\simplify3_setup_ext.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{89E2929F-C967-49CB-9FE3-FD86B97312FE}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{89E2929F-C967-49CB-9FE3-FD86B97312FE}\simplify3_setup.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\VAIO Messenger Setup 2.0.493.0.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}.native.bitness.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830}\{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}.native.weight.log" is compressed (flags = 1)
Read File: File "c:\ProgramData\{5BCAA0F1-4CEB-4ED4-9E18-B9D4FB521338}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{5BCAA0F1-4CEB-4ED4-9E18-B9D4FB521338}\simplify3_setup_ext.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{89E2929F-C967-49CB-9FE3-FD86B97312FE}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{89E2929F-C967-49CB-9FE3-FD86B97312FE}\simplify3_setup.dat" is compressed (flags = 1)
Read File: File "c:\Users\white\AppData\Local\{97662361-CB39-408A-9053-AEA7769EF50A}\instance.dat" is compressed (flags = 1)
Read File: File "c:\Users\white\AppData\Local\{97662361-CB39-408A-9053-AEA7769EF50A}\ThumbsPlus9setup-3924.lnk" is compressed (flags = 1)
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16540

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.128000 GHz
Memory total: 4209078272, free: 2650816512

=======================================



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:47 PM

Posted 05 May 2013 - 04:43 PM

That's good,

please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Andrew111

Andrew111
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 05 May 2013 - 06:56 PM

I ran into a snag here. I ran Junkware Removal Tool and I think it removed an important registry item I need. The item is 

 

[Registry Key] HKEY_CURRENT_USER\Software\billp studios\detected\startup

 

billp studios makes WinPatrol. WinPatrol watches startup points on my computer. It also lets me disable startups. I have a feeling that registry key is the entire record for what it should allow and block. 

 

When JRT ran the first thing it did is back up the registry. What I'd like to do is restore that key and look at it. Then if it looks okay to delete, I'd delete it. But I know nothing about where the registry backup is stored, or how to pull back one key, or even how to view this backup.

 

What is your advice?

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by white on Sun 05/05/2013 at 15:09:12.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2286013605-377766629-1330563092-1004\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\billp studios\detected\startup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FB48B168-84BB-CCE3-D32D-94102F37C5B0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] C:\Windows\prefetch\ASKSAM.EXE-AB7F603D.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\white\appdata\local\software"
Successfully deleted: [Folder] "C:\Users\white\appdata\locallow\toolbar4"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Emptied folder: C:\Users\white\AppData\Roaming\mozilla\firefox\profiles\i3826n5q.default\minidumps [43 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/05/2013 at 15:17:45.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:47 PM

Posted 05 May 2013 - 07:44 PM

I have contacted the developer of the tool regarding that key

I will get back to you as soon as I hear something (he usually replies very quickly)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users