ComboFix 15-09-07.01 - m 11/09/2015 23:02:10.2.1 - x86 NETWORK
Running from: c:\documents and settings\m\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: ZoneAlarm Antivirus *Disabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\m\Application Data\Windir
c:\documents and settings\m\Local Settings\Application Data\assembly\tmp
c:\documents and settings\m\WINDOWS
C:\Microsoft
c:\windows\tmp
c:\windows\tmp\DEFAULT
c:\windows\tmp\SAM
c:\windows\tmp\SECURITY
c:\windows\tmp\SOFTWARE
c:\windows\tmp\SYSTEM
.
.
((((((((((((((((((((((((( Files Created from 2015-08-11 to 2015-09-11 )))))))))))))))))))))))))))))))
.
.
2015-09-10 18:46 . 2015-09-10 18:46 16280 ----a-w- C:\FixitRegBackup.reg
2015-09-04 22:43 . 2015-09-05 10:30 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-04 22:43 . 2015-09-05 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2015-09-02 23:25 . 2015-09-02 23:31 -------- d-----w- C:\FRST
2015-08-30 21:11 . 2015-08-30 21:11 -------- d-----w- c:\program files\Avira
2015-08-30 21:11 . 2015-08-30 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2015-08-28 23:19 . 2015-09-01 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2015-08-24 18:22 . 2015-08-24 18:22 302760 ----a-w- c:\windows\system32\drivers\tmcomm.sys
11747-11-13 19:58 . 2011-08-24 04:53 -------- d-sh--w- c:\windows\xxclone.arc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-07 13:17 . 2014-06-25 02:26 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-28 20:53 . 2012-04-17 12:54 778440 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-28 20:53 . 2011-05-20 00:22 142536 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-16 23:00 . 2015-08-02 23:01 35992 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-08-10 13:46 . 2012-08-06 21:32 142056 -c--a-w- c:\windows\system32\vpncmd.exe
2015-08-05 00:30 . 2015-08-05 00:30 105664 ----a-w- c:\windows\system32\drivers\inspect.sys
2015-08-05 00:30 . 2015-08-05 00:30 30144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2015-08-05 00:30 . 2015-08-05 00:30 631872 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2015-08-05 00:30 . 2015-08-05 00:30 15808 ----a-w- c:\windows\system32\drivers\cmderd.sys
2015-08-05 00:29 . 2015-08-05 00:29 33496 ----a-w- c:\windows\system32\cmdcsr.dll
2015-08-05 00:29 . 2015-08-05 00:29 445472 ----a-w- c:\windows\system32\guard32.dll
2015-08-05 00:27 . 2015-08-05 00:27 288448 ----a-w- c:\windows\system32\cmdvrt32.dll
2015-08-05 00:26 . 2015-08-05 00:26 40640 ----a-w- c:\windows\system32\cmdkbd32.dll
2015-06-18 07:41 . 2014-06-25 01:37 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2013-05-27 21:23 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2002-11-25 126976]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"tvncontrol"="c:\program files\Common Files\Comodo\tvnserver.exe" [2012-01-27 828944]
"ScanSoft OmniPage SE 4.0-reminder"="c:\program files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 1410600]
"SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient.exe" [2015-08-10 3941096]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2006-10-26 132704]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-18 335232]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2015-08-05 1361088]
"Avira SystrayStartTrigger"="c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-08-13 66936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\m\Start Menu\Programs\StartUp\
Serviio.lnk - c:\program files\Serviio\bin\ServiioConsole.exe [2013-8-8 610304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr.exe /startup [2014-3-22 4131560]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CGVPNCliService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Common Files\\Comodo\\tvnserver.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\m\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\K\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SoftEther VPN Client\\vpncmgr.exe"=
"c:\\Program Files\\SoftEther VPN Client\\vpnclient.exe"=
"c:\\Program Files\\SoftEther VPN Client\\vpncmd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
"443:UDP"= 443:UDP:*
isabled
oVoo UDP port 443
"37674:TCP"= 37674:TCP:*
isabled
oVoo TCP port 37674
"37674:UDP"= 37674:UDP:*
isabled
oVoo UDP port 37674
"37675:UDP"= 37675:UDP:*
isabled
oVoo UDP port 37675
"5985:TCP"= 5985:TCP:*
isabled:Windows Remote Management
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R1 CFRMD;CFRMD; [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2015-08-05 631872]
R1 SASDIFSV;SASDIFSV; [x]
R1 SASKUTIL;SASKUTIL; [x]
R1 vcdrom;Virtual CD-ROM Device Driver; [x]
R2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2015-08-13 228104]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 49152]
R2 ChromodoUpdater;COMODO Chromodo Update Service;c:\program files\Comodo\Chromodo\chromodo_updater.exe [2015-08-19 1998520]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2015-06-26 1994936]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 132768]
R2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [2013-08-07 327680]
R2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient.exe [2015-08-10 3941096]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R2 vpnclient;PacketiX VPN Client; [x]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;c:\windows\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 303616]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-01-18 577536]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2015-08-05 1664704]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2015-08-16 35992]
R3 KOT;KOT; [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-09-07 98520]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2011-02-10 51968]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2014-01-08 43104]
R3 SjyPkt;SjyPkt; [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 246936]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-18 26112]
R3 USTORAGE;UMass Storage Device;c:\windows\system32\DRIVERS\UStorage.sys [2009-04-14 31104]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2015-08-05 15808]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2015-08-05 30144]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2012-01-09 11352]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [2012-08-23 70352]
S2 tvnserver;TightVNC Server;c:\program files\Common Files\Comodo\tvnserver.exe [2012-01-27 828944]
S3 Neo_vpn jp;VPN Client Device Driver - vpn jp;c:\windows\system32\DRIVERS\Neo_0029.sys [2012-08-07 22000]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 20:53]
.
2015-09-10 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05 00:24]
.
2015-08-30 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05 00:24]
.
2015-09-03 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05 00:24]
.
2015-09-03 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05 00:24]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003Core.job
- c:\documents and settings\m\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-28 20:33]
.
2015-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1003UA.job
- c:\documents and settings\m\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-28 20:33]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005Core.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-01 10:59]
.
2015-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1035525444-725345543-1005UA.job
- c:\documents and settings\K\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-01 10:59]
.
2015-09-10 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-09 01:59]
.
2015-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-09 01:59]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://
www.reimage.com/damage_caused_by_viruses.php
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\m\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\m\Application Data\Mozilla\Firefox\Profiles\k9aa9uzg.default-1386241888593\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2015-09-11 23:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-1035525444-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E8B329A-B67F-9B93-CE97-F9D9D740A288}*]
"maobdknegdfgdccpjfckpdpcdj"=hex:6f,61,6e,68,67,62,6d,6a,69,64,66,67,6d,66,65,
67,67,6c,70,63,6d,6a,61,6e,61,69,6d,67,69,66,00,6d
"abnbalpcdlfchpjbiaockdephgnfkepmki"=hex:70,61,64,63,67,6a,6f,63,61,62,69,6f,
64,70,66,70,6e,62,6f,6d,6e,62,6e,64,68,70,6e,65,6b,68,68,6d,00,40
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Data]
"PaarEvent"=dword:00000001
"LatestInstallation"=hex(b):95,59,b5,4f,00,00,00,00
"Timestamp.{1861B42B-B05F-47B8-8566-BEE85A4D4FDC}"=hex(b):09,e0,c7,55,00,00,00,
00
"Timestamp.{B7F04E87-441A-4F26-BE21-C4339F539F87}"=hex(b):ad,bb,c7,55,00,00,00,
00
"CFPFSM"=dword:00000001
"Timestamp.{B4865C2A-9D0E-423B-8DA7-087F623C4B4F}"=hex(b):ba,68,e3,55,00,00,00,
00
"Timestamp.{0D85521A-A20D-44D9-8380-EFB7C9BE423B}"=hex(b):ba,68,e3,55,00,00,00,
00
"Timestamp.{40210ABD-EB84-4326-AEF8-709448FA2BAE}"=hex(b):51,be,18,54,00,00,00,
00
"Timestamp.{77261D84-1F4B-4BCD-9CCC-AEAEE39596D7}"=hex(b):46,f0,ae,52,00,00,00,
00
"Timestamp.{84BA2452-41F4-470F-87E7-D5FA10F8956A}"=hex(b):49,be,18,54,00,00,00,
00
"Timestamp.{67CE8C55-02C1-4517-99F0-282BE2734181}"=hex(b):ba,68,e3,55,00,00,00,
00
"LastAvDetection"=hex(b):f0,e9,2e,53,00,00,00,00
"RealTimeLastShowGeekBuddyOffer"=hex(b):04,ea,2e,53,00,00,00,00
"Timestamp.{ABB45338-2428-46D5-BCA1-F907810012C7}"=hex(b):ba,68,e3,55,00,00,00,
00
"Timestamp.{BEBAFD97-F7E0-43C2-A7DF-0D1B5EE26620}"=hex(b):09,e0,c7,55,00,00,00,
00
"Timestamp.{DF77CAAC-D06C-4649-96B0-A6733E364723}"=hex(b):ba,68,e3,55,00,00,00,
00
"Timestamp.{9963D9E4-67D9-45DC-BC94-05BE99174D35}"=hex(b):5a,62,e3,55,00,00,00,
00
"Timestamp.{6AA9E24E-269F-4675-AE6A-67DF4BEE0E9E}"=hex(b):69,2c,38,52,00,00,00,
00
"CreateSymlinks"=dword:00000000
"Timestamp.{AF858DA4-6F8E-4298-84E2-AB5DBB7741DB}"=hex(b):ba,68,e3,55,00,00,00,
00
"AvDbVersion"=dword:0000598b
"AvDbUpdateDate"=hex(b):32,d9,bf,55,00,00,00,00
"Bin update offered pdbsm"=dword:00000001
"DisableCopyDefRecognizer"=dword:00000001
"AvDbSigcount"=dword:02867c42
"AvDbVersionTrustPurge"=dword:0000598b
"AvDbVersionBoostPurge"=dword:0000598b
"AgentStartTime.{42B27E2F-AAF4-443C-894C-0F079863C909}"=hex(b):d6,9c,b6,55,00,
00,00,00
"AvDbCheckDate"=hex(b):32,d9,bf,55,00,00,00,00
"UrlDbVersion"=dword:000000b7
"UpdateCondition.{54523EA7-7A82-43D5-A3E6-075A8A3926BE}"=dword:00000001
"UpdateCondition.{36C87763-EED6-4E36-B2F5-FAD61CBDA924}"=dword:00000001
"UpdateBin.{A6D52E4F-569B-4756-B3D8-DF217313DA85}"=hex(b):5f,aa,b6,55,00,00,00,
00
"Scan.{DBB22600-F6F5-41E4-866D-B11CBC208853}"=hex(b):ff,eb,4b,53,00,00,00,00
"UpdateBin.{0E9B65E7-29F3-4520-A8EC-2DDEF68A1170}"=hex(b):15,d8,d3,54,00,00,00,
00
"UpdateBin.{04B31D06-88FC-45A8-81FC-0CE6E5E95960}"=hex(b):f6,d8,d3,54,00,00,00,
00
"Scan.{F140D794-60B6-4F00-9235-D6457AA25B22}"=hex(b):43,39,b7,55,00,00,00,00
"FullScan.{F140D794-60B6-4F00-9235-D6457AA25B22}"=hex(b):43,39,b7,55,00,00,00,
00
"PreviousAvMode"=dword:00000003
"SwitchOn.{E739B5BC-AD9F-4758-9567-A21B396737F1}"=hex(b):00,00,00,00,00,00,00,
00
"PreviousDfMode"=dword:00010000
"SwitchOn.{8F5CCB37-64DD-423E-AEE4-3E7B3D162E32}"=hex(b):00,00,00,00,00,00,00,
00
"PreviousFwMode"=dword:00000008
"SwitchOn.{F4C59B28-6A03-4BED-9E60-4BCFBD037303}"=hex(b):00,00,00,00,00,00,00,
00
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
"UpdateCondition.{904AF1EE-D41F-4ADF-90EA-15285FF2CAE9}"=dword:00000001
"Bin update offered pdbm"=dword:00000001
"Rcg.{E7EFFE86-07B1-4148-AE27-C8CF133A36C1}"=hex(b):00,00,00,00,00,00,00,00
"Scan.{21E3884B-3682-4581-9128-EA1225FA023D}"=hex(b):b1,0d,bc,55,00,00,00,00
"AllowedDowngrade"=dword:00000001
"OS driver inspect"=dword:00000001
"OS driver cmderd"=dword:00000001
"PaarEventIS"=dword:00000001
"PaarEventIE"=dword:00000001
"OS driver cmdhlp"=dword:00000001
"OS driver cmdguard"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Options]
"Partner"="Comodo"
"InstallerName"="cispremiuminstallerx86"
"LanguageName"="English (United States)"
"UpdateURL"="
http://download.comodo.com/"
"LanguageID"=dword:00000409
"UserEmail"=""
"Activation Servers state"=dword:00000013
"UpdateURLS"=multi:"
http://download.comodo.com/\00\00"
"CmcHost"="cmc.comodo.com"
"UsageStatHost"="cmc.comodo.com"
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
"ThemeName"="modern.set"
"UrlsUpdateHost"="download.comodo.com"
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\System\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Completion time: 2015-09-11 23:17:24
ComboFix-quarantined-files.txt 2015-09-11 22:17
ComboFix2.txt 2015-09-10 20:13
.
Pre-Run: 9,787,445,248 bytes free
Post-Run: 9,743,458,304 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /bootlog
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="XXCLONE: (Target Volume) [d:1,p:1] \WINDOWS" /fastdetect /NoExecute=OptIn
.
- - End Of File - - A154DC876B50EF55B640A101E3AD43CB
8F558EB6672622401DA993E1E865C861