ComboFix 15-12-12.01 - Administrator 12/13/2015 16:46:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3295.1701 [GMT -5:00]
Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
AV: Avira Antivirus *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\alluse~1\applic~1\aspnet_wp_86.exe
c:\documents and settings\All Users\Application Data\128B5E5E.EX
c:\documents and settings\All Users\Application Data\6835D632.EX
c:\documents and settings\All Users\Application Data\7B571D05.EX
c:\documents and settings\All Users\Application Data\aspnet_wp_86.exe
c:\documents and settings\Marc\Application Data\Microsoft\Protect\3bbe8467d5d0ab5ae8ee.rs
.
.
((((((((((((((((((((((((( Files Created from 2015-11-13 to 2015-12-13 )))))))))))))))))))))))))))))))
.
.
2015-12-13 12:23 . 2015-12-13 12:23 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\SlimWare Utilities Inc
2015-12-10 23:22 . 2015-12-10 23:28 -------- d-----w- C:\FRST
2015-12-10 23:14 . 2015-12-10 23:14 -------- d-----w- C:\found.000
2015-12-10 23:07 . 2015-12-10 23:10 -------- d-----w- C:\AdwCleaner
2015-12-09 15:13 . 2015-12-09 23:45 -------- d---a-w- C:\TMRescueDisk
2015-12-09 10:17 . 2015-12-09 10:17 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\F-Secure
2015-12-09 10:17 . 2015-12-09 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2015-12-09 10:13 . 2015-12-09 10:21 -------- d-----w- c:\documents and settings\Marc\Application Data\QuickScan
2015-12-09 07:31 . 2015-12-09 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2015-12-09 07:31 . 2015-12-09 07:31 -------- d-----w- c:\program files\Common Files\IObit
2015-12-09 04:17 . 2015-12-09 04:17 377344 ----a-w- c:\windows\RegBootClean.exe
2015-12-08 18:28 . 2015-12-08 18:30 -------- d-----w- c:\documents and settings\Administrator.BEDROOM
2015-12-08 07:42 . 2015-12-08 07:42 -------- d-----w- c:\program files\Common Files\AV
2015-12-07 20:45 . 2015-12-07 20:45 -------- d-sh--w- c:\windows\system32\%APPDATA%
2015-12-06 20:45 . 2015-12-06 20:45 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2015-12-06 20:45 . 2015-12-06 20:45 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2015-12-06 20:45 . 2015-12-06 20:45 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2015-12-06 20:45 . 2015-12-06 20:45 169088 ----a-w- c:\windows\system32\drivers\snapman.sys
2015-12-06 20:45 . 2015-12-06 20:45 -------- d-----w- d:\program files\Acronis
2015-12-06 20:45 . 2015-12-06 20:45 -------- d-----w- c:\program files\Common Files\Acronis
2015-12-06 20:06 . 2015-12-06 20:06 -------- d-----w- d:\program files\ADATA
2015-12-05 07:34 . 2015-12-05 07:34 -------- d-----w- d:\program files\CPUID
2015-12-02 11:29 . 2015-12-02 11:29 -------- d-----w- c:\windows\system32\winrm
2015-12-02 11:29 . 2015-12-02 11:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2015-12-02 11:29 . 2015-12-02 11:29 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\yfupa
2015-11-30 04:52 . 2015-11-30 04:52 -------- d-----w- c:\windows\Performance
2015-11-30 04:51 . 2015-11-30 04:51 -------- d-----w- c:\documents and settings\Marc\Local Settings\Application Data\Microsoft Corporation
2015-11-30 04:51 . 2015-11-30 04:51 -------- d-----w- d:\program files\Microsoft Windows 7 Upgrade Advisor
2015-11-26 15:12 . 2015-11-26 15:12 -------- d--h--w- c:\windows\system32\GroupPolicy
2015-11-25 17:02 . 2015-11-25 17:02 -------- d-----w- c:\documents and settings\Marc\Application Data\NVIDIA
2015-11-24 06:44 . 2015-12-05 06:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\tor
2015-11-23 19:50 . 2015-12-13 21:53 -------- d-----w- c:\documents and settings\Marc\Application Data\BrowserMe
2015-11-23 14:34 . 2015-11-23 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2015-11-23 14:34 . 2015-12-09 08:08 -------- d-----w- c:\documents and settings\UpdatusUser
2015-11-23 14:33 . 2015-11-23 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2015-11-23 14:31 . 2012-08-31 03:10 65536 ----a-w- c:\windows\system32\OpenCL.dll
2015-11-23 14:30 . 2015-11-23 14:33 -------- d-----w- d:\program files\NVIDIA Corporation
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-02 11:53 . 2012-10-18 15:35 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-02 11:53 . 2012-03-14 17:33 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-15 09:05 . 2014-09-26 21:55 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-25 14:41 . 2013-08-06 05:05 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\Marc\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\Marc\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\Marc\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\Marc\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\Marc\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\Marc\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\Marc\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\Marc\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinResSync"="c:\documents and settings\Marc\Application Data\Microsoft\Protect\3bbe8467d5d0ab5ae8ee.rs" [X]
"BrowserMe"="c:\documents and settings\Marc\Application Data\BrowserMe\ChromeUpdate.exe" [2015-11-23 26025472]
"mount.exe"="d:\program files\gipo@utilities\fileutilities.3\mount.exe" [2008-04-11 374272]
"KiesPreload"="d:\program files\samsung\kies\kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="d:\program files\samsung\kies\kiesairmessage.exe" [2012-12-18 578560]
"GetWindowText"="d:\program files\getwindowtext\getwindowtext.exe" [2013-08-17 45056]
"uTorrent"="c:\documents and settings\Marc\Application Data\uTorrent\uTorrent.exe" [2015-12-04 2026520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"FUFAXRCV"="d:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="d:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-08-30 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-08-30 108392]
"DivXUpdate"="d:\program files\divx\divx update\divxupdate.exe" [2011-07-28 1259376]
"tvncontrol"="d:\program files\tightvnc\tvnserver.exe" [2012-04-27 1168400]
"EEventManager"="d:\program files\epson software\event manager\eeventmanager.exe" [2012-01-26 1058400]
"nwiz"="d:\program files\nvidia corporation\nview\nwiz.exe" [2012-08-31 1634112]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-06 2637520]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-06 395192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WinResSync"="c:\documents and settings\Marc\Application Data\Microsoft\Protect\3bbe8467d5d0ab5ae8ee.rs" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WinResSync"="c:\documents and settings\Marc\Application Data\Microsoft\Protect\3bbe8467d5d0ab5ae8ee.rs" [X]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe" [2015-07-18 1155760]
.
c:\documents and settings\Marc\Start Menu\Programs\Startup\
4t Tray Minimizer.lnk - d:\program files\4t Tray Minimizer\4t-min.exe -tray [2011-12-19 1848832]
Dialog Helper.lnk - d:\program files\VCOM\PowerDesk\pddlghlp.exe /s [2005-10-4 40960]
MagicDisc.lnk - d:\program files\MagicDisc\MagicDisc.exe [2014-3-7 576000]
SpeedFan (2).lnk - d:\program files\SpeedFan\speedfan.exe [2015-2-20 4841120]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Printkey2000.lnk - d:\program files\PrintKey2000\Printkey2000.exe [2011-12-19 869376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aspnet_wp_86
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserMe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{59c4462d-a177-4d44-a95b-deda1be79844}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{5dfbeba9-9f22-463d-8c95-c861911810a2}
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
2010-04-07 18:00 5758976 ----a-w- d:\program files\eMule\emule.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\program files\\TightVNC\\vncviewer.exe"=
"c:\\Documents and Settings\\Marc\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"d:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Documents and Settings\\Marc\\Application Data\\uTorrent\\uTorrent.exe"=
"d:\\program files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [12/6/2015 3:45 PM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [12/6/2015 3:45 PM 83392]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [12/18/2011 4:00 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [12/18/2011 6:10 PM 6272]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [1/31/2015 2:15 AM 23840]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;d:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [5/10/2012 2:00 PM 539744]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [1/3/2013 12:54 PM 122000]
R2 tvnserver;TightVNC Server;d:\program files\TightVNC\tvnserver.exe [4/26/2012 8:44 PM 1168400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/26/2014 4:52 PM 23256]
S2 LiveUpdateSvc;LiveUpdate;d:\program files\IObit\LiveUpdate\LiveUpdate.exe [11/14/2013 12:29 AM 2934048]
S2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [9/26/2014 4:52 PM 1871160]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes Anti-Malware\mbamservice.exe [9/26/2014 4:52 PM 1133880]
S3 ADATA ToolBox Service;ADATA ToolBox Service;d:\program files\ADATA\SSD ToolBox\ToolBoxSvc.exe [12/6/2015 3:06 PM 2257920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/12/2013 1:39 PM 1691480]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys --> c:\windows\system32\drivers\cmudaxp.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/5/2012 3:17 PM 83168]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [9/26/2014 4:55 PM 98520]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [7/31/2009 3:12 PM 341504]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [10/5/2012 3:17 PM 181344]
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-13 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-18 12:56]
.
2015-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 11:53]
.
2015-12-13 c:\windows\Tasks\Opera scheduled Autoupdate 1436058277.job
- d:\program files\Opera\launcher.exe [2015-07-05 15:27]
.
.
------- Supplementary Scan -------
.
uStart Page =
Google
IE: LastPass - file://d:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://d:\program files\LastPass\context.html?cmd=fillforms
TCP: Interfaces\{7C60BEAB-C9CE-481B-A94A-9B920A1048A7}: NameServer = 68.94.156.1,68.94.157.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-aspnet_wp_86 - c:\docume~1\alluse~1\applic~1\aspnet_wp_86.exe
c:\documents and settings\Marc\Start Menu\Programs\Startup\PartMetBackup.lnk - d:\program files\Java\jre7\bin\javaw.exe -cp "d:\program files\MetFileRegenerator\mfr3.jar" com.bws42.mfr.PartMetBackup --loop --cwd "d:\program files\eMule"
AddRemove-Google Chrome - c:\documents and settings\Marc\Local Settings\Application Data\Google\Chrome\Application\47.0.2526.80\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2015-12-13 16:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
BrowserMe = c:\documents and settings\Marc\Application Data\BrowserMe\ChromeUpdate.exe???????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,33,c3,cc,84,27,d0,4d,ad,ee,27,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,33,c3,cc,84,27,d0,4d,ad,ee,27,\
.
[HKEY_USERS\S-1-5-21-842925246-746137067-839522115-1003_Classes\CLSID\{24E11561-BB4D-465A-9ABB-B813F94C578A}\InprocServer32]
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-842925246-746137067-839522115-1003)
"ThreadingModel"="Apartment"
@="c:\\Documents and Settings\\All Users\\Application Data\\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\\browser.dll"
.
[HKEY_USERS\S-1-5-21-842925246-746137067-839522115-1003_Classes\Drive\ShellEx\FolderExtensions\{24E11561-BB4D-465A-9ABB-B813F94C578A}]
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (S-1-5-21-842925246-746137067-839522115-1003)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{24E11561-BB4D-465A-9ABB-B813F94C578A}\InprocServer32]
@Denied: (C D 2 3 6) (Everyone)
"ThreadingModel"="Apartment"
@="c:\\Documents and Settings\\All Users\\Application Data\\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\\browser.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Drive\shellex\FolderExtensions\{24E11561-BB4D-465A-9ABB-B813F94C578A}]
@Denied: (C D 2 3 6) (Everyone)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5788)
c:\windows\system32\WININET.dll
d:\program files\4t Tray Minimizer\ShellEh552.dll
d:\program files\VCOM\PowerDesk\pddlghlp.dll
d:\program files\NVIDIA Corporation\nview\nview.dll
d:\program files\TightVNC\screenhooks32.dll
c:\documents and settings\Marc\Application Data\Dropbox\bin\DropboxExt.24.dll
c:\documents and settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\nvsvc32.exe
d:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
d:\program files\4t Tray Minimizer\4t-min.exe
d:\program files\VCOM\PowerDesk\pddlghlp.exe
d:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\documents and settings\Marc\Application Data\uTorrent\updates\3.4.5_41372\utorrentie.exe
c:\documents and settings\Marc\Application Data\uTorrent\updates\3.4.5_41372\utorrentie.exe
d:\program files\Internet Explorer\iexplore.exe
d:\program files\Internet Explorer\iexplore.exe
d:\program files\Internet Explorer\iexplore.exe
d:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2015-12-13 16:58:17 - machine was rebooted
ComboFix-quarantined-files.txt 2015-12-13 21:58
.
Pre-Run: 2,721,890,304 bytes free
Post-Run: 3,576,606,720 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - BF9E3A326CB9F44F36A5858A2B2F0164
8F558EB6672622401DA993E1E865C861