Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Live Security Platinum Virus Problem
Message
<blockquote data-quote="patpot44" data-source="post: 65544" data-attributes="member: 1993"><p>OK that worked. Here are thecontents of my combofix log:</p><p></p><p>ComboFix 12-07-31.03 - User 02/08/2012 1:00.1.4 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.1973.894 [GMT 8:00]</p><p>Running from: c:\users\User\Downloads\Combo-Fix.exe</p><p>AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}</p><p>SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\windows\security\Database\tmp.edb</p><p>.</p><p>Infected copy of c:\windows\system32\Services.exe was found and disinfected </p><p>Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe </p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2012-08-01 17:06 . 2012-08-01 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2012-08-01 09:49 . 2012-08-01 09:49 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes</p><p>2012-08-01 09:49 . 2012-08-01 09:49 -------- d-----w- c:\programdata\Malwarebytes</p><p>2012-08-01 09:49 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2012-08-01 09:46 . 2012-08-01 09:46 -------- d-----w- c:\program files (x86)\Malware</p><p>2012-07-31 12:16 . 2012-07-31 12:16 -------- d-----w- c:\program files\Enigma Software Group</p><p>2012-07-31 12:16 . 2012-08-01 15:53 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP</p><p>2012-07-31 12:16 . 2012-07-31 12:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard</p><p>2012-07-31 04:31 . 2012-07-31 04:31 -------- d-sh--w- c:\windows\system32\%APPDATA%</p><p>2012-07-31 04:25 . 2012-08-01 10:03 -------- d-----w- c:\programdata\7531CC920009EDE70303F3074F147CE7</p><p>2012-07-31 04:24 . 2012-07-31 04:24 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FF150EA-74DD-4167-A54E-525E3D1FB57D}\offreg.dll</p><p>2012-07-30 04:16 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FF150EA-74DD-4167-A54E-525E3D1FB57D}\mpengine.dll</p><p>2012-07-29 02:53 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll</p><p>2012-07-16 18:02 . 2012-07-16 18:02 -------- d-----w- c:\windows\en</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\ar</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\bg</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\cs</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\da</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\de</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\el</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\es</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\fi</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\fr</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\he</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\hr</p><p>2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\hu</p><p>2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\sr-latn-cs</p><p>2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\sv</p><p>2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\th</p><p>2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\tr</p><p>2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\zh-cn</p><p>2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\zh-tw</p><p>2012-07-16 17:40 . 2012-07-16 17:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll</p><p>2012-07-16 17:38 . 2009-09-04 09:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll</p><p>2012-07-16 17:38 . 2009-09-04 09:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll</p><p>2012-07-16 17:38 . 2009-09-04 09:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll</p><p>2012-07-16 17:38 . 2009-09-04 09:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll</p><p>2012-07-16 17:37 . 2006-11-29 05:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll</p><p>2012-07-16 17:37 . 2006-11-29 05:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll</p><p>2012-07-16 17:34 . 2012-07-16 17:34 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2fa088221cd637904\MeshBetaRemover.exe</p><p>2012-07-16 17:34 . 2012-07-16 17:34 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2f506c4b1cd637903\DSETUP.dll</p><p>2012-07-16 17:34 . 2012-07-16 17:34 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2f506c4b1cd637903\DXSETUP.exe</p><p>2012-07-16 17:34 . 2012-07-16 17:34 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2f506c4b1cd637903\dsetup32.dll</p><p>2012-07-11 04:27 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys</p><p>2012-07-11 04:22 . 2012-06-02 12:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe</p><p>2012-07-11 01:05 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll</p><p>2012-07-11 01:01 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll</p><p>2012-07-11 01:01 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll</p><p>2012-07-06 05:33 . 2012-07-06 05:33 0 ----a-w- c:\windows\SysWow64\shoEE98.tmp</p><p>2012-07-05 09:26 . 2012-07-05 09:26 -------- d-----w- c:\users\User\AppData\Roaming\Polar WebSync</p><p>2012-07-04 03:31 . 2012-02-10 06:56 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE0FA293-50E8-48A5-B718-8BE2630D1DDD}\gapaengine.dll</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2012-07-27 01:56 . 2012-06-14 00:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2012-07-27 01:56 . 2012-06-14 00:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2012-06-27 10:28 . 2012-06-27 10:28 0 ----a-w- c:\windows\SysWow64\shoC2DE.tmp</p><p>2012-06-26 10:20 . 2012-06-26 10:20 0 ----a-w- c:\windows\SysWow64\sho8540.tmp</p><p>2012-06-25 08:04 . 2012-06-25 08:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll</p><p>2012-06-17 05:52 . 2012-06-17 05:52 0 ----a-w- c:\windows\SysWow64\shoC7FB.tmp</p><p>2012-06-02 22:19 . 2012-06-21 00:21 38424 ----a-w- c:\windows\system32\wups.dll</p><p>2012-06-02 22:19 . 2012-06-21 00:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll</p><p>2012-06-02 22:19 . 2012-06-21 00:22 57880 ----a-w- c:\windows\system32\wuauclt.exe</p><p>2012-06-02 22:19 . 2012-06-21 00:22 44056 ----a-w- c:\windows\system32\wups2.dll</p><p>2012-06-02 22:19 . 2012-06-21 00:21 701976 ----a-w- c:\windows\system32\wuapi.dll</p><p>2012-06-02 22:15 . 2012-06-21 00:22 2622464 ----a-w- c:\windows\system32\wucltux.dll</p><p>2012-06-02 22:15 . 2012-06-21 00:21 99840 ----a-w- c:\windows\system32\wudriver.dll</p><p>2012-06-02 07:19 . 2012-06-21 00:21 186752 ----a-w- c:\windows\system32\wuwebv.dll</p><p>2012-06-02 07:15 . 2012-06-21 00:21 36864 ----a-w- c:\windows\system32\wuapp.exe</p><p>2012-05-27 08:14 . 2010-10-29 04:27 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll</p><p>2012-05-10 04:17 . 2012-05-10 04:17 0 ----a-w- c:\windows\SysWow64\shoD1EF.tmp</p><p>2012-05-04 10:52 . 2012-06-13 00:36 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe</p><p>2012-05-04 10:08 . 2012-06-13 00:36 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe</p><p>2012-05-04 10:08 . 2012-06-13 00:36 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]</p><p>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]</p><p>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]</p><p>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]</p><p>@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]</p><p>"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]</p><p>"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2009-12-31 91520]</p><p>"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]</p><p>"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]</p><p>"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-27 296056]</p><p>.</p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]</p><p>.</p><p>c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]</p><p>.</p><p>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-29 1127712]</p><p>Polar WebSync.lnk - c:\program files (x86)\Polar\WebSync\WebSync.exe [2012-4-2 6184448]</p><p>SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe [2010-10-29 156952]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>"PromptOnSecureDesktop"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]</p><p>Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</p><p>"AntiVirusOverride"=dword:00000001</p><p>"FirewallOverride"=dword:00000001</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</p><p>R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 136176]</p><p>R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]</p><p>R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328]</p><p>R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]</p><p>R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]</p><p>R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 136176]</p><p>R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]</p><p>R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]</p><p>R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]</p><p>R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]</p><p>R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]</p><p>R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672]</p><p>R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872]</p><p>R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640]</p><p>R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920]</p><p>R3 stus2x64;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys [2008-01-03 47872]</p><p>R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-21 1255736]</p><p>R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]</p><p>S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]</p><p>S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]</p><p>S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]</p><p>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-30 202752]</p><p>S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]</p><p>S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]</p><p>S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]</p><p>S2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe [2012-04-02 411648]</p><p>S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]</p><p>S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]</p><p>S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]</p><p>S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-30 6405632]</p><p>S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-30 188928]</p><p>S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-06-17 116240]</p><p>S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-30 340520]</p><p>S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-30 39464]</p><p>S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 136192]</p><p>S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]</p><p>S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]</p><p>S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]</p><p>S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]</p><p>S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]</p><p>S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]</p><p>S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]</p><p>.</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 01:56]</p><p>.</p><p>2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 11:37]</p><p>.</p><p>2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 11:37]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]</p><p>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2012-02-14 22:58 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]</p><p>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2012-02-14 22:58 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]</p><p>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2012-02-14 22:58 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]</p><p>@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2012-02-14 22:58 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]</p><p>"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]</p><p>"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]</p><p>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]</p><p>"LoadAppInit_DLLs"=0x0</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = about:blank</p><p>uDefault_Search_URL = hxxp://www.google.com/ie</p><p>mStart Page = hxxp://samsung.msn.com</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>uSearchAssistant = hxxp://www.google.com/ie</p><p>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s</p><p>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</p><p>IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html</p><p>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000</p><p>IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm</p><p>IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm</p><p>TCP: DhcpNameServer = 122.255.99.236 122.255.99.228</p><p>DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB</p><p>FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\grp4ajl4.default\</p><p>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/</p><p>FF - prefs.js: network.proxy.type - 0</p><p>FF - user.js: extensions.BabylonToolbar_i.id - 72069100000000000000000b6b73c8ea</p><p>FF - user.js: extensions.BabylonToolbar_i.hardId - 72069100000000000000000b6b73c8ea</p><p>FF - user.js: extensions.BabylonToolbar_i.instlDay - 15438</p><p>FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17</p><p>FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17</p><p>FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:06</p><p>FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon</p><p>FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar</p><p>FF - user.js: extensions.BabylonToolbar_i.aflt - babsst</p><p>FF - user.js: extensions.BabylonToolbar_i.smplGrp - none</p><p>FF - user.js: extensions.BabylonToolbar_i.tlbrId - base</p><p>FF - user.js: extensions.BabylonToolbar_i.newTab - false</p><p>FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015</p><p>FF - user.js: extensions.BabylonToolbar_i.babExt - </p><p>FF - user.js: extensions.BabylonToolbar_i.srcExt - ss</p><p>FF - user.js: extensions.BabylonToolbar_i.instlRef - sst</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Toolbar-Locked - (no file)</p><p>Wow6432Node-HKCU-Run-Polar Sync - (no file)</p><p>Wow6432Node-HKCU-Run-gStart - c:\program files (x86)\Garmin\Training Center\gStart.exe</p><p>Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe</p><p>Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe</p><p>SafeBoot-mcmscsvc</p><p>SafeBoot-MCODS</p><p>SafeBoot-MsMpSvc</p><p>Toolbar-Locked - (no file)</p><p>.</p><p>.</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.11"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker4"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]</p><p>@Denied: (A) (Everyone)</p><p>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]</p><p>@Denied: (A) (Everyone)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]</p><p>"Key"="ActionsPane3"</p><p>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>c:\program files (x86)\CyberLink\Shared files\RichVideo.exe</p><p>c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe</p><p>c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe</p><p>c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe</p><p>c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe</p><p>c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe</p><p>c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe</p><p>c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2012-08-02 01:14:49 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2012-08-01 17:14</p><p>.</p><p>Pre-Run: 96,311,836,672 bytes free</p><p>Post-Run: 114,921,865,216 bytes free</p><p>.</p><p>- - End Of File - - 80BEBB3B0139E564A02FA74DF3EAFD7B</p></blockquote><p></p>
[QUOTE="patpot44, post: 65544, member: 1993"] OK that worked. Here are thecontents of my combofix log: ComboFix 12-07-31.03 - User 02/08/2012 1:00.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.60.1033.18.1973.894 [GMT 8:00] Running from: c:\users\User\Downloads\Combo-Fix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 ))))))))))))))))))))))))))))))) . . 2012-08-01 17:06 . 2012-08-01 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-01 09:49 . 2012-08-01 09:49 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2012-08-01 09:49 . 2012-08-01 09:49 -------- d-----w- c:\programdata\Malwarebytes 2012-08-01 09:49 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-01 09:46 . 2012-08-01 09:46 -------- d-----w- c:\program files (x86)\Malware 2012-07-31 12:16 . 2012-07-31 12:16 -------- d-----w- c:\program files\Enigma Software Group 2012-07-31 12:16 . 2012-08-01 15:53 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-07-31 12:16 . 2012-07-31 12:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-07-31 04:31 . 2012-07-31 04:31 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-07-31 04:25 . 2012-08-01 10:03 -------- d-----w- c:\programdata\7531CC920009EDE70303F3074F147CE7 2012-07-31 04:24 . 2012-07-31 04:24 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FF150EA-74DD-4167-A54E-525E3D1FB57D}\offreg.dll 2012-07-30 04:16 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FF150EA-74DD-4167-A54E-525E3D1FB57D}\mpengine.dll 2012-07-29 02:53 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-16 18:02 . 2012-07-16 18:02 -------- d-----w- c:\windows\en 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\ar 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\bg 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\cs 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\da 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\de 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\el 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\es 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\fi 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\fr 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\he 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\hr 2012-07-16 17:57 . 2012-07-16 17:57 -------- d-----w- c:\windows\hu 2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\sr-latn-cs 2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\sv 2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\th 2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\tr 2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\zh-cn 2012-07-16 17:55 . 2012-07-16 17:55 -------- d-----w- c:\windows\zh-tw 2012-07-16 17:40 . 2012-07-16 17:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-16 17:38 . 2009-09-04 09:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2012-07-16 17:38 . 2009-09-04 09:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2012-07-16 17:38 . 2009-09-04 09:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2012-07-16 17:38 . 2009-09-04 09:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2012-07-16 17:37 . 2006-11-29 05:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2012-07-16 17:37 . 2006-11-29 05:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll 2012-07-16 17:34 . 2012-07-16 17:34 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2fa088221cd637904\MeshBetaRemover.exe 2012-07-16 17:34 . 2012-07-16 17:34 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2f506c4b1cd637903\DSETUP.dll 2012-07-16 17:34 . 2012-07-16 17:34 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2f506c4b1cd637903\DXSETUP.exe 2012-07-16 17:34 . 2012-07-16 17:34 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2f506c4b1cd637903\dsetup32.dll 2012-07-11 04:27 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 04:22 . 2012-06-02 12:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-07-11 01:05 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 01:01 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 01:01 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-06 05:33 . 2012-07-06 05:33 0 ----a-w- c:\windows\SysWow64\shoEE98.tmp 2012-07-05 09:26 . 2012-07-05 09:26 -------- d-----w- c:\users\User\AppData\Roaming\Polar WebSync 2012-07-04 03:31 . 2012-02-10 06:56 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE0FA293-50E8-48A5-B718-8BE2630D1DDD}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-27 01:56 . 2012-06-14 00:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-27 01:56 . 2012-06-14 00:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-27 10:28 . 2012-06-27 10:28 0 ----a-w- c:\windows\SysWow64\shoC2DE.tmp 2012-06-26 10:20 . 2012-06-26 10:20 0 ----a-w- c:\windows\SysWow64\sho8540.tmp 2012-06-25 08:04 . 2012-06-25 08:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-17 05:52 . 2012-06-17 05:52 0 ----a-w- c:\windows\SysWow64\shoC7FB.tmp 2012-06-02 22:19 . 2012-06-21 00:21 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 00:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 00:22 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 00:22 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 00:21 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 00:22 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 00:21 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 07:19 . 2012-06-21 00:21 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 07:15 . 2012-06-21 00:21 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-27 08:14 . 2010-10-29 04:27 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-05-10 04:17 . 2012-05-10 04:17 0 ----a-w- c:\windows\SysWow64\shoD1EF.tmp 2012-05-04 10:52 . 2012-06-13 00:36 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-13 00:36 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-13 00:36 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2009-12-31 91520] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-27 296056] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-29 1127712] Polar WebSync.lnk - c:\program files (x86)\Polar\WebSync\WebSync.exe [2012-4-2 6184448] SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe [2010-10-29 156952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-12 36328] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-12 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-12 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-12 177640] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-12 146920] R3 stus2x64;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys [2008-01-03 47872] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-21 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-30 202752] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176] S2 Polar Daemon;Polar Daemon;c:\program files (x86)\Polar\Daemon\polard.exe [2012-04-02 411648] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-30 6405632] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-30 188928] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-06-17 116240] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-04-30 340520] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-04-30 39464] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 136192] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . Contents of the 'Scheduled Tasks' folder . 2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 01:56] . 2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 11:37] . 2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-20 11:37] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 122.255.99.236 122.255.99.228 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\grp4ajl4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.BabylonToolbar_i.id - 72069100000000000000000b6b73c8ea FF - user.js: extensions.BabylonToolbar_i.hardId - 72069100000000000000000b6b73c8ea FF - user.js: extensions.BabylonToolbar_i.instlDay - 15438 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:06 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Polar Sync - (no file) Wow6432Node-HKCU-Run-gStart - c:\program files (x86)\Garmin\Training Center\gStart.exe Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe SafeBoot-mcmscsvc SafeBoot-MCODS SafeBoot-MsMpSvc Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe . ************************************************************************** . Completion time: 2012-08-02 01:14:49 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-01 17:14 . Pre-Run: 96,311,836,672 bytes free Post-Run: 114,921,865,216 bytes free . - - End Of File - - 80BEBB3B0139E564A02FA74DF3EAFD7B [/QUOTE]
Insert quotes…
Verification
Post reply
Top