Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help analysing combofix.txt log after trojan.win32.generic removal


  • This topic is locked This topic is locked
5 replies to this topic

#1 Mike J P

Mike J P

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:53 PM

Posted 06 May 2013 - 01:38 AM

G'day,

 

Today after downloading what I was expecting to be a picture gallery was an exe file so I right clicked it in order to select the option to scan the file with kaspersky but the file immediately vanished the moment I right clicked it. I thought woops great ! I began full scan with kaspersky which found and deleted heur.trojan.win32.generic. I then started a Malwarebytes scan which didn't find anything. I ran Tdsskiller which also did not find anything. 

 

And dont' know why, call me paranoid I guess but I also grabbed latest combofix from Bleepingcomputer and ran that. It took a good hour to complete and the report indicates it done some stuff but the information in the combofix.txt log is out of my league and I don't understand what the outcome was.

 

Would someone be kind enough to analyse it for me ? 

 

Thanking You in advance



BC AdBot (Login to Remove)

 


#2 Mike J P

Mike J P
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:53 PM

Posted 06 May 2013 - 09:41 AM

. . . Anyhow I guess providing the actual combofix.txt would be somewhat helpful. I was thinking perhaps I should wait until asked to post it?  I'll paste it here now. Also I've noticed there is also a ComboFix-quarantined-files.txt which I'll provide after this one.

 

 

ComboFix 13-05-05.01 - MikeJnr 06/05/2013  12:17:45.1.8 - x64

 

Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.8066.3545 [GMT 8:00]
Running from: c:\users\MikeJnr\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\iun6002.exe
c:\windows\SysWow64\d2d1debug1.dll
c:\windows\SysWow64\tmp7FAB.tmp
c:\windows\SysWow64\tmp7FAC.tmp
c:\windows\SysWow64\tmp9FE6.tmp
c:\windows\SysWow64\tmpCCC.tmp
c:\windows\UNWISE.EXE
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-06 to 2013-05-06  )))))))))))))))))))))))))))))))
.
.
2013-05-06 05:02 . 2013-05-06 05:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 05:02 . 2013-05-06 05:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-29 00:16 . 2009-07-14 01:28 20268032 ----a-w- c:\windows\system32\imageres - Copy.bkp
2013-04-28 21:19 . 2013-04-28 21:19 -------- d-----w- c:\program files\Common Files\DESIGNER
2013-04-27 15:42 . 2013-04-27 15:42 -------- d-----w- c:\users\MikeJnr\AppData\Local\I_won_the_internets_corpo
2013-04-26 07:14 . 2013-05-01 15:32 -------- d-----w- c:\program files (x86)\Cracked Steam
2013-04-24 22:20 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-22 19:10 . 2013-04-22 19:10 -------- d-----w- c:\users\MikeJnr\AppData\Local\Ubisoft Game Launcher
2013-04-22 18:57 . 2013-02-04 10:44 312864 ----a-w- c:\windows\SysWow64\fmod_event.dll
2013-04-22 18:57 . 2013-02-04 10:44 804384 ----a-w- c:\windows\SysWow64\fmodex.dll
2013-04-22 18:55 . 2013-04-22 18:58 -------- d-----w- c:\program files (x86)\Ubisoft
2013-04-17 19:44 . 2013-04-17 19:44 -------- d-----w- c:\programdata\Steam
2013-04-15 12:44 . 2010-02-22 23:46 23680 ----a-w- c:\windows\system32\drivers\IOMap64.sys
2013-04-15 12:19 . 2013-04-15 12:19 -------- d-----w- c:\windows\SysWow64\NV
2013-04-15 12:19 . 2013-04-15 12:19 -------- d-----w- c:\windows\system32\NV
2013-04-15 12:15 . 2013-04-15 12:19 -------- d-----w- c:\programdata\NVIDIA
2013-04-15 12:15 . 2013-04-30 22:17 -------- d-----w- c:\users\UpdatusUser.MikeJnr-PC
2013-04-15 12:15 . 2013-02-10 01:04 6393120 ----a-w- c:\windows\system32\nvcpl.dll
2013-04-15 12:15 . 2013-02-10 01:04 3472672 ----a-w- c:\windows\system32\nvsvc64.dll
2013-04-15 12:15 . 2013-02-10 01:04 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-04-15 12:15 . 2013-02-10 01:04 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-04-15 12:15 . 2013-02-10 01:04 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-15 12:15 . 2013-02-09 13:25 3035306 ----a-w- c:\windows\system32\nvcoproc.bin
2013-04-15 12:15 . 2013-04-15 12:15 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-04-12 00:57 . 2013-04-12 00:57 -------- d-----w- c:\program files (x86)\Direct WAV MP3 Splitter
2013-04-11 23:54 . 2013-04-12 00:47 -------- d-----w- c:\users\MikeJnr\AppData\Roaming\Audacity
2013-04-11 19:54 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-04-11 19:54 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-11 19:52 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 19:52 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 19:51 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 19:51 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 19:51 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 19:51 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-11 19:51 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-11 19:51 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 02:54 . 2013-04-11 02:54 -------- d-----w- c:\users\MikeJnr\AppData\Roaming\Xilisoft
2013-04-11 02:53 . 2013-04-11 02:53 -------- d-----w- c:\programdata\Xilisoft
2013-04-11 02:53 . 2013-04-11 02:53 -------- d-----w- c:\program files (x86)\Xilisoft
2013-04-07 20:28 . 2013-04-08 18:24 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-04-07 20:28 . 2013-04-08 18:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-07 19:56 . 2010-11-29 08:21 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-06 05:06 . 2012-12-03 14:48 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2013-05-01 04:53 . 2012-07-07 04:48 1048576 ----a-w- c:\windows\PE_Rom.dll
2013-04-22 10:36 . 2012-08-13 08:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-04-22 10:36 . 2012-06-08 03:38 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-04-22 10:36 . 2012-11-24 07:25 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-04-22 10:36 . 2012-11-24 07:25 620128 ----a-w- c:\windows\system32\drivers\klif.sys
2013-04-11 19:57 . 2012-07-07 05:11 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 06:50 . 2012-11-08 08:59 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-26 08:01 . 2013-03-26 08:01 4890416 ----a-w- c:\windows\system32\ooscrsav.scr
2013-03-26 08:01 . 2013-03-26 08:01 253744 ----a-w- c:\windows\system32\oodbs.exe
2013-03-26 08:00 . 2013-03-26 08:00 537904 ----a-w- c:\windows\system32\oodssrs.dll
2013-03-26 08:00 . 2013-03-26 08:00 10544 ----a-w- c:\windows\system32\oodbsrs.dll
2013-03-13 21:54 . 2013-03-13 21:54 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-13 21:54 . 2013-03-13 21:54 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-13 21:54 . 2013-03-13 21:54 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-13 21:54 . 2013-03-13 21:54 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-13 21:54 . 2013-03-13 21:54 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-13 21:54 . 2013-03-13 21:54 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-13 21:54 . 2013-03-13 21:54 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-13 21:54 . 2013-03-13 21:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-13 21:54 . 2013-03-13 21:54 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-13 21:54 . 2013-03-13 21:54 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-13 21:54 . 2013-03-13 21:54 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-13 21:54 . 2013-03-13 21:54 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-13 21:54 . 2013-03-13 21:54 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-13 21:54 . 2013-03-13 21:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-13 21:54 . 2013-03-13 21:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-13 21:54 . 2013-03-13 21:54 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-13 21:54 . 2013-03-13 21:54 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-13 21:54 . 2013-03-13 21:54 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-13 21:54 . 2013-03-13 21:54 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-13 21:54 . 2013-03-13 21:54 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-13 21:54 . 2013-03-13 21:54 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-13 21:54 . 2013-03-13 21:54 441856 ----a-w- c:\windows\system32\html.iec
2013-03-13 21:54 . 2013-03-13 21:54 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-13 21:54 . 2013-03-13 21:54 235008 ----a-w- c:\windows\system32\url.dll
2013-03-13 21:54 . 2013-03-13 21:54 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-13 21:54 . 2013-03-13 21:54 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-13 21:54 . 2013-03-13 21:54 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-13 21:54 . 2013-03-13 21:54 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-13 21:54 . 2013-03-13 21:54 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-13 21:54 . 2013-03-13 21:54 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-13 21:54 . 2013-03-13 21:54 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-13 21:54 . 2013-03-13 21:54 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-13 21:54 . 2013-03-13 21:54 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-13 21:54 . 2013-03-13 21:54 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-13 21:54 . 2013-03-13 21:54 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-13 21:54 . 2013-03-13 21:54 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-13 21:54 . 2013-03-13 21:54 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-13 21:54 . 2013-03-13 21:54 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-13 21:54 . 2013-03-13 21:54 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-13 21:54 . 2013-03-13 21:54 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-13 21:54 . 2013-03-13 21:54 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-13 21:54 . 2013-03-13 21:54 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-13 21:54 . 2013-03-13 21:54 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-13 21:54 . 2013-03-13 21:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-13 21:54 . 2013-03-13 21:54 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-13 21:54 . 2013-03-13 21:54 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-13 21:54 . 2013-03-13 21:54 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-13 21:54 . 2013-03-13 21:54 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-13 21:54 . 2013-03-13 21:54 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-13 14:18 . 2012-07-07 05:41 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 14:18 . 2012-07-07 05:41 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 14:18 . 2013-03-13 14:18 15859416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-03-12 11:36 . 2013-03-12 11:36 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-12 11:36 . 2013-03-12 11:36 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-12 11:36 . 2013-03-12 11:36 188320 ----a-w- c:\windows\system32\java.exe
2013-03-12 11:36 . 2013-03-12 11:36 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-12 11:36 . 2012-11-08 08:56 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-12 11:36 . 2012-11-08 08:56 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-17 03:27 . 2013-02-17 03:27 421888 ----a-w- c:\windows\SysWow64\RealMediaSplitter.ax
2013-02-17 03:27 . 2013-02-17 03:27 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
2013-02-12 05:45 . 2013-03-12 23:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 23:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 23:16 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 23:16 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 23:16 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 23:16 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-13 21:51 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-10 03:25 . 2013-02-20 21:12 963776 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-10 03:25 . 2013-02-20 21:12 9422672 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:25 . 2013-02-20 21:12 7964680 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-10 03:25 . 2013-02-20 21:12 7569184 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:25 . 2013-02-20 21:12 6267240 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-10 03:25 . 2013-02-20 21:12 420128 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2013-02-10 03:25 . 2013-02-20 21:12 364832 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2013-02-10 03:25 . 2013-02-20 21:12 2911008 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:25 . 2013-02-20 21:12 2854344 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-10 03:25 . 2013-02-20 21:12 2726176 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-10 03:25 . 2013-02-20 21:12 26947360 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-10 03:25 . 2013-02-20 21:12 2528840 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-10 03:25 . 2013-02-20 21:12 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:25 . 2013-02-20 21:12 250504 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-10 03:25 . 2013-02-20 21:12 2350368 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:25 . 2013-02-20 21:12 20534560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-10 03:25 . 2013-02-20 21:12 205184 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-10 03:25 . 2013-02-20 21:12 1990944 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-10 03:25 . 2013-02-20 21:12 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-02-20 21:12 17987192 ----a-w- c:\windows\system32\nvd3dumx.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"MSUTray"="c:\program files (x86)\Marvell\storage\tray\MarvellTray.exe" [2011-04-07 1202216]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2012-08-20 550272]
"ASUS WiFi GO! FileTransfer Execute"="c:\program files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe" [2012-07-12 1384608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-24 356376]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-12-18 3478752]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-24 1075296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-11-28 1338656]
O&O Defrag Tray.lnk - c:\windows\Installer\{CC733BA2-5191-4378-A9E0-18C5827F6B2B}\DefragIcon.exe [2013-4-29 292878]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-05 639512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-07 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2011-09-21 25904]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-22 55056]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-04-22 178448]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2012-05-31 32400]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-06-01 920736]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [2012-05-18 324608]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]
S2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [2012-07-13 3542856]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-06-05 190824]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 LucidSrv;LucidSrv;c:\program files\Lucidlogix Technologies\VIRTU MVP\LucidSrv.exe [2013-02-07 16104]
S2 Marvell Storage Management;Marvell Storage Management Service;c:\program files (x86)\Marvell\storage\svc\mvraidsvc.exe [2011-04-07 345128]
S2 mi-raysat_3dsmax2013_32;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 32-bit;c:\program files (x86)\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe [2011-09-14 86016]
S2 MSUWebService;MSU Web Service;c:\program files (x86)\Marvell\storage\Apache2\bin\httpd.exe [2010-09-02 24645]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2013-03-26 2570544]
S2 SmoothPingProxy;SmoothPingProxy;c:\program files (x86)\Smoothping Elite\SmoothPingProxy.exe [2012-07-27 2297856]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-11-03 134696]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2012-07-07 21568]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 620584]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-20 89640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-13 39976]
S3 chdrvr01;chdrvr01;c:\windows\system32\DRIVERS\chdrvr01.sys [2012-08-25 248496]
S3 chdrvr02;chdrvr02;c:\windows\system32\DRIVERS\chdrvr02.sys [2012-08-25 11440]
S3 chdrvr03;chdrvr03;c:\windows\system32\DRIVERS\chdrvr03.sys [2012-08-25 24240]
S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys [2011-06-16 1308160]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-08 283200]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 Mv_Process;Marvell process notification.;c:\windows\syswow64\mv_process.sys [2011-02-25 14376]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2009-12-17 45600]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-04-11 708200]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2013-02-07 97512]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 23:39 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 14:18]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 05:29]
.
2013-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 05:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-11-08 7144960]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-13 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-13 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-13 441968]
"VIRTU MVP"="c:\program files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe" [2013-02-07 3099880]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-19 444904]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2013-03-26 7074096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-A2A Accusim for the Wings of POWER 3 Razorback - c:\windows\UNWISE.EXE
AddRemove-A2A Captain of the Ship - c:\windows\UNWISE.EXE
AddRemove-A2A Wings of POWER 3 P47 Razorback - c:\windows\UNWISE.EXE
AddRemove-afx - c:\windows\iun6002.exe
AddRemove-afxpro - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4244505514-4005008472-3741928458-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F559869F-5358-3E7A-72B7-E5E7D69093AB}*]
"oadipioggdhcnlojaofaplabphephk"=hex:6a,61,69,6c,62,69,61,6f,68,6d,66,6f,61,6e,
   70,6b,6c,68,6a,68,00,fb
"najimnogjcbbbodaheflooihdckp"=hex:6a,61,69,6c,62,69,61,6f,68,6d,66,6f,61,6e,
   70,6b,6c,68,6a,68,00,fb
"oahjcklbknnfncamhmoaodcmojojpn"=hex:64,61,68,6c,61,69,63,63,00,fc
.
[HKEY_USERS\S-1-5-21-4244505514-4005008472-3741928458-1000\Software\SecuROM\License information*]
"datasecu"=hex:3d,fc,64,b8,76,f0,ff,63,3e,92,96,b4,2e,56,02,83,bd,90,f5,07,ca,
   c3,64,ef,ab,cd,0e,42,cd,ba,ab,97,9a,ea,e4,28,ba,22,ab,a4,7a,66,95,b8,c3,fb,\
"rkeysecu"=hex:3d,e4,60,84,7a,e4,77,3a,a9,a7,79,91,d0,ed,b8,e0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG16.00.00.01PROFESSIONAL"="F1A35FF3E52476CA5807585F5B6216C8145EAAE982AB352A8257FB1FC98C485C93F8364A2CEA7DA00CD95E73C369A4EFD8AA7EACE0161531F08F97A7B46BB43BC5C62C2D8B237D2B49A2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DC038D530D6EB34529DB7CE019D40AA5CFDD84BC02850E348B0AEEDA8E703F5B9116E865477C8C7404355E455A039C1A84E0B5FB52122F1619E119241B3600C77A000262BB581FBD8E411AC7DCF3B8BEFD4FD8B56B8AD138DFE2BF4FC02F8B99EE5A5733F73A0CB36EE6C852381C29A65D0944467C21971E5202CA1D4054E948EE07C345CE726D51DB3948B090CEC385303282041D5BD9F5AD4B9CA56369816F9951752E509469C2787A603070B8A0D57B384DBCFCDAA10ACF56D4323D0439BE98C7C5C5197E806404436D3085AA1ABE2AD69D614C9A21DF3DED306F0D56EE6B9D3A5822A12ACDC29C94B080C9EEB043C3D0A96212C1D829B6F6D2F080AEB1C99F9809B0EBD604FF677DFCC253C57F07B388FC0201DC45FE10C30FDC573C4460D16EFA22FA50A71923362F77C5D062C10F296224D8675B9599A84D99B603552EB3E49B35495DFB6B7E7B7FE4BF0CA55BB492DAB78984479690847CA0F5F2B116112D612579E50FAF881357CE129B16F9319D87007C676EA4C4349FCB9C54AB76DAFD6222796FBFDB9F3262FA27B776201C512A770C608BE91405142C82A6A61E43CFAEF4495B55F33B14AFA07A10EF8C335422E4014A5889A77960FFCEA18096EE0E828C6F98728713754E6981C1963EBD24C0497EEB2C19F63C7FB2B27109286CA3C9C58E32E4057816B9C762A75345F0C03CCAA5AC5C52A8304C63D42C942FBA90043373998781712AAECD454ADE358552FCF421CA9D59A5C614F3164E94073B23AB536A3EC823BED21C87A6384CD63A48BF93941DB17A175689B977BCC1C649D5DB23A8E82F3A09ED047C1656FAF65F3C85A0217108F485A17D494B502C59AA8559BBF2CE6C7F533B1241C2D182E90C18AA49EB1AC2E679A5DC56409CD93B6147FF5D2725A5CC23CAE3F0B51DB517092E9B1A8E84B41AE4AA0E0512BA63E2A232F6C1718D0735DCF2798A6AA4C03636BF1FC4CD63B7E217FBABB3E9BB763401FA7CC419D72347587ECD91A58AE141AD6A3A6C85B7F7D1558778D9F9761849155A5891EC19D290900C84CA4BBFC371A6471F274984DBB357218B4FEA437080F17D6B6890A6140EDDCF4DF98FBE403BEA5C448B575101980F2D2B1FA8A8035FCB65B0F77BF03CBCBC19F275F82C674B33279B4899F6658C9004FA7C2D4B93AF10F4BF16DF07983225AEC58727DB86A7C255E658004222538C6AA629C5510A8DA7C30DE066D747F3F53724EE1DF0528ED1C39313ED54A"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
c:\program files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files\Corsair USB Headset\customapp\program\CAHS.EXE
c:\windows\SysWOW64\RunDll32.exe
c:\program files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Completion time: 2013-05-06  14:03:55 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-06 06:03
.
Pre-Run: 1,548,455,505,920 bytes free
Post-Run: 1,549,240,221,696 bytes free
.
- - End Of File - - ED1A2D7DB56DB6E41D64404A59482B48


#3 Mike J P

Mike J P
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:53 PM

Posted 06 May 2013 - 09:47 AM

And here's the ComboFix-quarantined-files.txt

The reason I'm concerned is that combofix took well over an hour so I'm suspecting it's done something.

 

 

2013-05-06 06:02:59 . 2013-05-06 06:02:59              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-05-06 06:02:52 . 2013-05-06 06:02:52               97 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat
2013-05-06 04:23:31 . 2013-05-06 04:23:31           10,540 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-05-06 04:16:11 . 2013-05-06 04:16:11               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-01-26 18:37:06 . 2011-04-15 23:40:18          809,496 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmp7FAC.tmp.vir
2012-12-22 05:11:03 . 2012-12-22 23:01:32          737,280 ----a-w-  C:\Qoobox\Quarantine\C\Windows\iun6002.exe.vir
2012-11-24 07:16:17 . 2012-11-24 07:16:17          262,144 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\ntuser.dat.vir
2012-11-12 19:46:50 . 2002-07-26 09:02:06          153,088 ----a-w-  C:\Qoobox\Quarantine\C\Windows\UNWISE.EXE.vir
2012-07-25 12:25:28 . 2012-07-25 12:25:28          277,448 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\d2d1debug1.dll.vir
2011-04-15 23:40:18 . 2011-04-15 23:40:18          809,496 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmp7FAB.tmp.vir
2006-11-03 00:09:38 . 2006-11-03 00:09:38          782,336 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmp9FE6.tmp.vir
2006-11-03 00:09:38 . 2006-11-03 00:09:38          782,336 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmpCCC.tmp.vir


#4 Mike J P

Mike J P
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:53 PM

Posted 07 May 2013 - 12:41 PM

Heya Bleepings .. I'd like to close this topic.

 

I discovered bad sectors and corruption on my HDD and have decided to start a fresh install of everything.  Going to set up a raid which I've been wanting to do for quite some time now. Tomorrow picking up a SSD or couple of Raptors, a sixpack or two and start the long winded process that everyone loves.

 

Also I appologise for expecting someone to analyse this for me after messing with around with combofix not knowing what I'm doing without been advised to.

 

 It was rude of me to do that or and rather disrespectful



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 09 May 2013 - 09:10 AM

Thank you for the feedback.

This topic will be closed.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 09 May 2013 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users