ComboFix 14-07-25.01 - Paul 07/25/2014 12:17:30.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3985.2136 [GMT -6:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-06-25 to 2014-07-25 )))))))))))))))))))))))))))))))
.
.
2014-07-25 18:32 . 2014-07-25 18:32 -------- d-----w- c:\users\songe_000\AppData\Local\temp
2014-07-24 06:49 . 2014-07-24 06:49 -------- d-----w- c:\users\Paul\AppData\Roaming\Unity
2014-07-24 05:15 . 2014-07-24 05:15 29160 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
2014-07-22 22:05 . 2014-07-22 22:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-22 22:05 . 2014-07-11 09:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-22 19:56 . 2014-07-22 19:56 -------- d-----w- c:\users\songe_000\AppData\Roaming\Unity
2014-07-22 18:39 . 2014-07-22 18:39 -------- d-----w- c:\users\songe_000\AppData\Local\Unity
2014-07-11 20:16 . 2014-07-11 20:16 -------- d-s---w- c:\windows\system32\CompatTel
2014-07-09 19:04 . 2014-07-09 19:04 -------- d-----w- C:\AVAST Software
2014-07-09 17:14 . 2014-06-30 22:42 394240 ----a-w- c:\windows\system32\devinv.dll
2014-07-09 17:14 . 2014-06-30 22:42 702464 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 17:14 . 2014-06-30 22:42 87552 ----a-w- c:\windows\system32\aepic.dll
2014-07-09 17:14 . 2014-06-28 03:35 556544 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 17:14 . 2014-06-19 02:11 19277312 ----a-w- c:\windows\system32\mshtml.dll
2014-07-04 20:17 . 2014-07-22 21:11 -------- d-----r- c:\users\Paul\Dropbox
2014-07-04 20:10 . 2014-07-22 21:11 -------- d-----w- c:\users\Paul\AppData\Roaming\Dropbox
2014-07-04 16:08 . 2014-07-04 16:08 43152 ----a-w- c:\windows\avastSS.scr
2014-07-04 16:01 . 2014-07-22 21:07 -------- d-----w- C:\AdwCleaner
2014-07-03 23:29 . 2014-07-11 21:01 -------- d-----w- c:\users\Paul\AppData\Local\CrashDumps
2014-07-03 05:13 . 2014-07-03 05:13 257704 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin
2014-06-27 20:11 . 2014-06-27 20:11 -------- d-----w- c:\users\songe_000\AppData\Roaming\LolClient
2014-06-27 17:38 . 2008-07-12 14:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-06-27 17:38 . 2008-07-12 14:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2014-06-27 17:38 . 2008-07-12 14:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2014-06-27 17:38 . 2014-07-03 21:49 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2014-06-27 17:38 . 2014-06-27 17:38 -------- d-----w- C:\Riot Games
2014-06-27 17:37 . 2014-06-27 18:07 -------- d-----w- c:\users\Paul\AppData\Local\PMB Files
2014-06-27 17:37 . 2014-06-27 17:37 -------- d-----w- c:\programdata\PMB Files
2014-06-27 17:36 . 2014-06-27 17:36 -------- d-----w- c:\program files (x86)\Pando Networks
2014-06-27 17:35 . 2014-06-27 17:36 -------- d-----w- c:\users\songe_000\AppData\Roaming\Riot Games
2014-06-26 19:15 . 2014-06-26 19:15 -------- d-----w- c:\users\Paul\AppData\Local\Secunia PSI
2014-06-26 19:15 . 2014-06-26 19:15 -------- d-----w- c:\program files (x86)\Secunia
2014-06-26 18:21 . 2014-07-18 03:50 -------- d-----w- c:\users\songe_000\AppData\Local\CrashDumps
2014-06-26 18:21 . 2014-06-26 18:21 -------- d-----w- c:\users\songe_000\AppData\Roaming\Hewlett-Packard
2014-06-26 18:07 . 2014-06-26 18:07 313256 ----a-w- c:\windows\system32\javaws.exe
2014-06-26 18:07 . 2014-06-26 18:07 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-06-26 18:07 . 2014-06-26 18:07 189352 ----a-w- c:\windows\system32\javaw.exe
2014-06-26 18:07 . 2014-06-26 18:07 189352 ----a-w- c:\windows\system32\java.exe
2014-06-26 18:06 . 2014-06-26 18:06 -------- d-----w- c:\program files\Java
2014-06-26 18:05 . 2014-07-22 22:05 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-24 05:53 . 2014-06-20 20:46 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-23 19:51 . 2014-06-20 20:46 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 19:08 . 2014-02-18 23:22 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-04 16:08 . 2014-02-11 06:42 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-04 16:08 . 2014-02-11 06:42 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-04 16:08 . 2014-02-11 06:42 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-04 16:08 . 2014-02-11 06:42 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-04 16:08 . 2014-06-16 02:19 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-04 16:08 . 2014-02-11 06:42 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-04 16:08 . 2014-02-11 06:42 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-04 16:08 . 2014-02-11 06:42 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-04 16:08 . 2014-02-11 06:42 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-06-26 20:53 . 2014-04-14 22:19 703968 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-26 20:53 . 2014-04-14 22:19 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-12 13:26 . 2014-06-20 20:46 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 13:25 . 2014-06-20 20:46 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-03 05:47 . 2014-06-23 18:17 3246592 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-03 03:34 . 2014-06-23 18:17 235520 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-29 22:32 . 2014-06-23 18:16 1301504 ----a-w- c:\windows\system32\gdi32.dll
2014-04-29 22:22 . 2014-06-23 18:16 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-15 6564120]
"Power2GoExpress8"="c:\program files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [2014-02-21 1717000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-04 4086432]
"HPMessageService"="c:\program files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" [2014-03-26 475448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 WSDScan;WSD Scan Support;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdhlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 22:16 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-13 18:09]
.
2014-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11 06:42]
.
2014-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11 06:42]
.
2014-07-24 c:\windows\Tasks\HPCeeScheduleForPaul.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-04 16:08 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-21 172168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-21 400008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-21 441992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-07-09 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{903E1B5B-BC47-472D-84FA-197614F09A66}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{903E1B5B-BC47-472D-84FA-197614F09A66}\16474777966696: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{903E1B5B-BC47-472D-84FA-197614F09A66}\441444D20534F577962756C6563737: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{D3544BDA-B7FE-4621-AF66-33E7FB244B51}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zehh5zpb.default\
FF - prefs.js: browser.startup.homepage - hxxps://
www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-PrivDog - c:\program files (x86)\AdTrustMedia\PrivDog\UninstallTrustedAds.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2014-07-25 12:37:39
ComboFix-quarantined-files.txt 2014-07-25 18:37
.
Pre-Run: 627,929,755,648 bytes free
Post-Run: 627,701,039,104 bytes free
.
- - End Of File - - C37C6E89350D7987E97C3326BFCBB004