ComboFix 14-02-05.02 - Administrator 08/02/2014 16:03:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2258 [GMT 11:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\All Users\Application Data\100
c:\documents and settings\All Users\Application Data\f250a3f87474d38c97dc0679d057db14_c
c:\documents and settings\All Users\Application Data\TEMP
C:\END
C:\install.exe
c:\program files\LyricsTube
c:\program files\LyricsTube\FF\chrome\content\icon.png
c:\program files\LyricsTube\FF\chrome\content\main.js
c:\program files\LyricsTube\FF\chrome\content\overlay.xul
c:\program files\LyricsTube\FF\install.rdf
c:\program files\TelevisionFanaticEI
c:\recuva\desktop_1.ini
c:\recuva\desktop_2.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-01-08 to 2014-02-08 )))))))))))))))))))))))))))))))
.
.
2014-02-08 03:16 . 2014-02-08 03:16 -------- d---a-w- c:\program files\PopularScreensavers_7iEI
2014-02-08 03:03 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0910FA13-433E-45FC-A997-EA7804764B53}\mpengine.dll
2014-02-06 06:40 . 2014-02-06 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-06 06:38 . 2014-02-06 06:38 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-06 01:32 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-04 00:32 . 2014-02-04 00:32 -------- d-----w- C:\6e13aa418c81916a85273cd99568cb
2014-02-02 03:35 . 2014-02-02 03:35 -------- d-----w- C:\19c71df5d9beff9b4b54
2014-01-31 00:15 . 2014-02-07 02:09 -------- d-----w- C:\FRST
2014-01-29 04:17 . 2014-01-29 04:17 410784 ----a-w- c:\windows\system32\drivers\thmhtvhy.sys
2014-01-29 04:13 . 2014-01-29 04:13 410784 ----a-w- c:\windows\system32\drivers\avsxyhfe.sys
2014-01-27 04:14 . 2014-01-27 04:15 -------- dc-h--w- c:\windows\ie8
2014-01-27 03:32 . 2014-01-27 03:32 -------- d-----w- c:\program files\Microsoft ATS
2014-01-27 02:21 . 2014-01-27 02:21 -------- d-----w- C:\d8e371acf69840d372
2014-01-24 10:12 . 2014-01-24 10:12 -------- d-----w- C:\1a443f8837eeb4b3b47499
2014-01-24 05:35 . 2011-07-28 08:06 1763584 ----a-w- c:\windows\system32\drivers\athuw.sys
2014-01-24 05:35 . 2011-07-28 08:06 1763584 ----a-w- c:\windows\system32\athuw.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-08 03:08 . 2012-10-04 02:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-08 03:08 . 2012-10-04 02:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2011-05-18 04:47 231584 -c----w- c:\windows\system32\MpSigStub.exe
2013-12-03 00:07 . 2013-11-14 04:40 359016 ----a-w- c:\windows\vncutil.exe
2013-12-03 00:07 . 2011-05-16 04:31 891976 ----a-w- c:\windows\system32\RTSndMgr.CPL
2013-12-03 00:07 . 2011-05-16 04:31 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2013-12-03 00:07 . 2011-05-16 04:31 9721960 ----a-w- c:\windows\RTLCPL.EXE
2013-12-03 00:07 . 2011-05-16 04:31 1523416 ----a-w- c:\windows\RtlUpd.exe
2013-12-03 00:07 . 2011-05-16 04:31 5589720 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2013-12-03 00:07 . 2013-11-14 04:40 86232 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2013-12-03 00:07 . 2013-11-14 04:40 129640 ----a-w- c:\windows\RtkAudioService.exe
2013-12-03 00:07 . 2011-05-16 04:31 20145368 ----a-w- c:\windows\RTHDCPL.EXE
2013-12-03 00:07 . 2013-11-14 04:40 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2013-12-03 00:07 . 2011-05-16 04:31 2180712 ----a-w- c:\windows\MicCal.exe
2013-12-03 00:06 . 2013-11-14 04:40 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2013-12-03 00:06 . 2011-05-16 04:31 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2013-12-03 00:06 . 2011-05-16 04:31 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2013-12-03 00:06 . 2011-05-16 04:31 64104 ----a-w- c:\windows\ALCMTR.EXE
2013-11-27 20:21 . 2008-04-13 23:27 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-14 04:41 . 2013-11-14 04:41 28272 ----a-w- c:\windows\system32\NicCo2.dll
2013-11-14 04:41 . 2007-04-12 01:47 309048 -c--a-w- c:\windows\system32\Prounstl.exe
2013-11-14 04:41 . 2007-01-29 04:36 83808 ----a-w- c:\windows\system32\NicInstE.dll
2013-11-14 04:41 . 2007-04-13 03:33 254336 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2013-11-14 04:41 . 2007-01-17 05:59 121440 ----a-w- c:\windows\system32\e1000msg.dll
2013-11-14 04:40 . 2011-05-16 04:31 1833576 ----a-w- c:\windows\SkyTel.exe
2013-11-14 04:40 . 2013-11-14 04:40 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2013-11-14 04:37 . 2013-11-14 04:37 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll
2013-11-14 04:37 . 2012-09-16 00:56 294912 ----a-w- c:\windows\system32\igldev32.dll
2013-11-14 04:37 . 2012-09-16 00:56 2342912 ----a-w- c:\windows\system32\iglicd32.dll
2013-11-14 04:37 . 2012-09-16 00:56 57344 ----a-w- c:\windows\system32\igxprd32.dll
2013-11-14 04:37 . 2012-09-16 00:56 3773952 ----a-w- c:\windows\system32\igxpdx32.dll
2013-11-14 04:37 . 2012-09-16 00:56 2685280 ----a-w- c:\windows\system32\igxpdv32.dll
2013-11-14 04:37 . 2012-09-16 00:56 185856 ----a-w- c:\windows\system32\igxpgd32.dll
2013-11-14 04:37 . 2012-09-16 00:56 1730272 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2013-11-14 04:37 . 2012-09-16 00:56 288256 ----a-w- c:\windows\system32\igfxrhun.lrc
2013-11-14 04:37 . 2012-09-16 00:56 279040 ----a-w- c:\windows\system32\igfxrtrk.lrc
2013-11-14 04:37 . 2012-09-16 00:56 304640 ----a-w- c:\windows\system32\igfxrita.lrc
2013-11-14 04:37 . 2012-09-16 00:56 303104 ----a-w- c:\windows\system32\igfxrfra.lrc
2013-11-14 04:37 . 2012-09-16 00:56 299008 ----a-w- c:\windows\system32\igfxrnld.lrc
2013-11-14 04:37 . 2012-09-16 00:56 294912 ----a-w- c:\windows\system32\igfxrptg.lrc
2013-11-14 04:37 . 2012-09-16 00:56 291328 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-11-14 04:37 . 2012-09-16 00:56 289280 ----a-w- c:\windows\system32\igfxrptb.lrc
2013-11-14 04:37 . 2012-09-16 00:56 287744 ----a-w- c:\windows\system32\igfxrplk.lrc
2013-11-14 04:37 . 2012-09-16 00:56 282624 ----a-w- c:\windows\system32\igfxrsve.lrc
2013-11-14 04:37 . 2012-09-16 00:56 282624 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-11-14 04:37 . 2012-09-16 00:56 279552 ----a-w- c:\windows\system32\igfxrnor.lrc
2013-11-14 04:37 . 2012-09-16 00:56 277504 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-11-14 04:37 . 2012-09-16 00:56 262656 ----a-w- c:\windows\system32\igfxrtha.lrc
2013-11-14 04:37 . 2012-09-16 00:56 249856 ----a-w- c:\windows\system32\igfxrheb.lrc
2013-11-14 04:37 . 2012-09-16 00:56 206848 ----a-w- c:\windows\system32\igfxrjpn.lrc
2013-11-14 04:37 . 2012-09-16 00:56 205312 ----a-w- c:\windows\system32\igfxrkor.lrc
2013-11-14 04:37 . 2012-09-16 00:56 141336 ----a-w- c:\windows\system32\igfxtray.exe
2013-11-14 04:37 . 2012-09-16 00:56 51712 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-11-14 04:37 . 2012-09-16 00:56 250392 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-11-14 04:37 . 2012-09-16 00:56 310784 ----a-w- c:\windows\system32\igfxrell.lrc
2013-11-14 04:37 . 2012-09-16 00:56 23552 ----a-w- c:\windows\system32\igfxexps.dll
2013-11-14 04:37 . 2012-09-16 00:56 172568 ----a-w- c:\windows\system32\igfxext.exe
2013-11-14 04:37 . 2012-09-16 00:56 303616 ----a-w- c:\windows\system32\igfxrdeu.lrc
2013-11-14 04:37 . 2012-09-16 00:56 303104 ----a-w- c:\windows\system32\igfxresp.lrc
2013-11-14 04:37 . 2012-09-16 00:56 282624 ----a-w- c:\windows\system32\igfxrcsy.lrc
2013-11-14 04:37 . 2012-09-16 00:56 281088 ----a-w- c:\windows\system32\igfxrfin.lrc
2013-11-14 04:37 . 2012-09-16 00:56 275968 ----a-w- c:\windows\system32\igfxrenu.lrc
2013-11-14 04:37 . 2012-09-16 00:56 652312 ----a-w- c:\windows\system32\igfxcfg.exe
2013-11-14 04:37 . 2012-09-16 00:56 5702656 ----a-w- c:\windows\system32\igfxress.dll
2013-11-14 04:37 . 2012-09-16 00:56 280576 ----a-w- c:\windows\system32\igfxrdan.lrc
2013-11-14 04:37 . 2012-09-16 00:56 252416 ----a-w- c:\windows\system32\igfxrara.lrc
2013-11-14 04:37 . 2012-09-16 00:56 205824 ----a-w- c:\windows\system32\igfxdev.dll
2013-11-14 04:37 . 2012-09-16 00:56 179712 ----a-w- c:\windows\system32\igfxrcht.lrc
2013-11-14 04:37 . 2012-09-16 00:56 178176 ----a-w- c:\windows\system32\igfxrchs.lrc
2013-11-14 04:37 . 2012-09-16 00:56 142360 ----a-w- c:\windows\system32\igfxpers.exe
2013-11-14 04:37 . 2012-09-16 00:56 130048 ----a-w- c:\windows\system32\igfxdo.dll
2013-11-14 04:37 . 2012-09-16 00:56 199168 ----a-w- c:\windows\system32\igfxpph.dll
2013-11-14 04:37 . 2012-09-16 00:56 119296 ----a-w- c:\windows\system32\igfxcpl.cpl
2013-11-14 04:37 . 2012-09-16 00:56 173592 ----a-w- c:\windows\system32\hkcmd.exe
2013-11-14 04:37 . 2012-09-16 00:56 93696 ----a-w- c:\windows\system32\hccutils.dll
2013-11-14 00:38 . 2013-11-14 00:38 36000 ----a-w- c:\windows\system32\cmdcsr.dll
2013-11-13 19:27 . 2014-01-27 03:32 65184 ----a-w- c:\windows\apppatch\MATSShim.DLL
2013-11-13 02:59 . 2008-04-14 04:41 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-10 02:34 134400 --sha-r- c:\windows\system32\hal.dll
2013-07-04 03:03 2149888 --sha-r- c:\windows\system32\ntoskrnl.exe
2013-01-10 02:34 574976 -csha-r- c:\windows\system32\drivers\ntfs.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
[7] 2008-04-13 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-13 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-13 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[7] 2003-03-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-13 18:41 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
.
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll
[-] 2012-10-03 . 6FE42512AB1B89F32A7407F261B1D2D0 . 990208 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2012-10-03 . 6CBFEEB384F04681AF75F495AA48DD32 . 991744 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2758857$\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
.
[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\mshtml.dll
[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2013-03-02 . 990F4518E1607F445969C12F014E4E29 . 6013440 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll
[-] 2013-03-01 . AE3A26C04C794E5451ADF6872F7D48F4 . 6012928 . . [8.00.6001.23471] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\mshtml.dll
[-] 2013-01-08 . 99E9E2606FB13ADB711935FE8E8E29C1 . 6011904 . . [8.00.6001.23468] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll
[-] 2013-01-06 . 14FD1CAEFB6D2749019AC2F54859568C . 6011392 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll
[-] 2012-11-12 . 02D8509E2362D777DEBFFC05C022CBF2 . 6010880 . . [8.00.6001.23461] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll
[-] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll
[-] 2012-07-02 . DF599AC52B62DE001E42D36F92B45E68 . 6010368 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll
[-] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll
[-] 2012-03-01 . 5DBB0C997AD276BCE9D30CD609BDBF67 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll
[-] 2011-12-17 . 49B88A833ECA99EFBFFC5AAE5CC998ED . 5980160 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll
[-] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[7] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2898785-IE8\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
[7] 2008-04-13 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
.
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
.
[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\wininet.dll
[-] 2013-10-29 . FBF173582874C30EC5FAF8F8A67D873E . 920064 . . [8.00.6001.23543] . . c:\windows\system32\dllcache\wininet.dll
[-] 2013-03-02 . 43EADBA9F3CD2A5F01B189BD95FCDE95 . 920064 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll
[-] 2013-02-05 . BE30BEF4C13065D09772F9895FCB9D22 . 920064 . . [8.00.6001.23469] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll
[-] 2012-12-26 . B8BEF9519A1B124DEAF94081F6C5A767 . 920064 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll
[-] 2012-11-01 . ACC92628CFFF9BB6F8886329888014A8 . 920064 . . [8.00.6001.23458] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll
[-] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll
[-] 2012-07-02 . EFB2241DE3AA6480521A16D0CB67B0EC . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll
[-] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
[-] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB2898785-IE8\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
[7] 2008-04-13 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
.
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\ole32.dll
[-] 2013-08-05 . 59B408E5B8489B0B36A0D783D150EDCC . 1289728 . . [5.1.2600.6435] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\$NtUninstallKB2876217$\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-13 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
.
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\usp10.dll
[-] 2013-07-10 . 1D845821F5ADB076831DE4C2818F858B . 406016 . . [1.0420.2600.6421] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\$NtUninstallKB2850869$\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-13 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2008-04-13 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
.
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
[7] 2008-04-13 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-13 18:41 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
.
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2013-07-04 . 05F3DB567EAE368AE3BBD7E973490646 . 2028544 . . [5.1.2600.6419] . . c:\windows\system32\ntkrnlpa.exe
[-] 2013-07-04 . 4C47B37CF351FFEB1227CED0FF4751D5 . 2070144 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2013-05-03 . 70F7DF7268C6AB388319A03375DAC4E5 . 2028544 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntkrnlpa.exe
[-] 2013-03-07 . 9EBEDA306E5EABDABCFF8B695FCD4CD6 . 2070016 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe
[-] 2013-03-07 . 9ED39805DF38061BB031D0F2B20DFB77 . 2028544 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntkrnlpa.exe
[-] 2013-01-07 . 1251D608DFCE4B6801AD27A59B74985C . 2069760 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe
[-] 2013-01-07 . 2C9091C3350E369BBB2464AABE2FD7CA . 2027520 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntkrnlpa.exe
[-] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[-] 2012-08-21 . 61027EE2D9859A2B41D588D92F256CFB . 2027520 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-05-04 . 87763BB6C95901818050E52C378C9E15 . 2026496 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[-] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
.
[-] 2013-07-04 . AFEE19399CF992A098309F7FDF87880A . 2149888 . . [5.1.2600.6419] . . c:\windows\system32\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2013-07-04 . A4A50A53FFBFEC545CDA85E98AF2106B . 2193536 . . [5.1.2600.6419] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2013-05-03 . 0F1ECE75329996EBDCF2774F9E46623D . 2149888 . . [5.1.2600.6387] . . c:\windows\$NtUninstallKB2859537$\ntoskrnl.exe
[-] 2013-03-07 . 8C39722F8C291F1BBCCE80EE23065897 . 2149888 . . [5.1.2600.6368] . . c:\windows\$NtUninstallKB2839229$\ntoskrnl.exe
[-] 2013-03-07 . 9FC16E5EBFE88F3C844FFE2E6CB7F1E8 . 2193536 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . AE2FEE63789F5DF6B19DD9A39E26D03E . 2193152 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe
[-] 2013-01-07 . DD5A89274B47499CCFF7ADCA3A3C560E . 2148864 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntoskrnl.exe
[-] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[-] 2012-08-21 . B9A14D5875CE262774388BD43BA56FF3 . 2148864 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-05-04 . AC4B3C4A6DC31867034C66663B9B8A38 . 2148352 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[-] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-21 20549280]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-12-03 20145368]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-04-30 421888]
"PhilipsRemote"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe" [2002-10-24 69632]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-14 142360]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2012-04-03 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-14 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-14 173592]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-05-18 2629632]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BlazeVideo\\BlazePhoto 2.0\\BlazePhoto.exe"=
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [22/01/2012 2:13 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [22/01/2012 2:13 PM 12464]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [27/05/2012 11:19 AM 24408]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/10/2007 1:13 PM 38144]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [9/03/2010 12:40 AM 144672]
R2 UacFlt;Philips Composite Class Filter Driver;c:\windows\system32\drivers\uacbflt.sys [14/06/2002 4:40 PM 21276]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/01/2007 8:13 PM 36608]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [9/09/2012 4:52 PM 51144]
S1 MpKsl22239b4c;MpKsl22239b4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46C3CDF-B3DB-478C-9FF7-9CAA426474EC}\MpKsl22239b4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D46C3CDF-B3DB-478C-9FF7-9CAA426474EC}\MpKsl22239b4c.sys [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [9/10/2013 10:58 AM 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/09/2013 10:34 AM 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14/11/2013 3:40 PM 1691480]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys --> c:\windows\system32\Drivers\lgandnetadb.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys --> c:\windows\system32\DRIVERS\lgandnetdiag.sys [?]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys --> c:\windows\system32\DRIVERS\lgandnetmodem.sys [?]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys --> c:\windows\system32\DRIVERS\lgandnetndis.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys --> c:\windows\system32\Drivers\androidusb.sys [?]
S3 APL531;OVT Scanner 16-bit;c:\windows\system32\drivers\OVTX16.sys [25/01/2012 12:33 PM 154112]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [24/01/2014 4:35 PM 1763584]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [29/06/2012 4:57 PM 245760]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2/06/2011 11:08 AM 11336]
S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\HBCD\PCWizard\pcwiz_x32.sys [?]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys --> c:\windows\system32\drivers\massfilter_hs.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/02/2014 5:38 PM 52312]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [8/09/2011 1:28 PM 30576]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 3:12 PM 341504]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [3/09/2012 3:40 PM 13024]
S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys --> c:\windows\system32\DRIVERS\zghsdiag.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:08]
.
2013-07-16 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2013-07-09 09:32]
.
2014-02-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 04:01]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://www.google.com.au/
uSearchAssistant = hxxp://
www.google.com/ie
uSearchURL,(Default) = hxxp://
www.google.com/search?q=%s
IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} -
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282495&CUI=UN29370041163711109&UM=1&SearchSource=3&q={searchTerms}&sspv=TB_CER
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3282495&ctid=CT3282495&SearchSource=2&CUI=UN29370041163711109&UM=2&q=
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: 2013-12-09 19:26;
PrivDog@AdTrustMedia.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qr4qejpf.default\extensions\
PrivDog@AdTrustMedia.com
FF - user.js: plugin.state.npconduitfirefoxplugin - 0
FF - user.js: browser.search.defaultenginename - FindWide
FF - user.js: browser.keywordURLPromptDeclined - 1
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-OVT Scanner 16-bittt - c:\windows\omniuns.exe USB\VID_05A9&PID_35C1 OVT Scanner 16-bittt
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2014-02-08 16:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0cc053b4-5909-416f-84fe-7c3d6c9beac4}]
@Denied: (Full) (Everyone)
"Model"=dword:00000031
"Therad"=dword:00000017
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8c,e0,a1,d6,96,05,9e,fa,b7,ec,23,c2,3f,65,85,bd,0b,fb,7b,48,3c,
a9,00,60,ae,6f,74,62,4b,5b,78,d0,99,f0,ba,7c,e6,fc,ab,e9,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,05,89,38,2a,95,f3,4b,ab,0c,4b,\
.
Completion time: 2014-02-08 16:18:54
ComboFix-quarantined-files.txt 2014-02-08 05:18
.
Pre-Run: 72,785,952,768 bytes free
Post-Run: 140,596,396,032 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 09CAFFEBB97481EAB63622F8F351EAE1
8F558EB6672622401DA993E1E865C861