Hank1972
Posts: 18 +0
OK first off while it seems that I still have the issue, I want to thank you for helping me. OK I could not get ComboFix to install System Recovery. It did update and did scan and reboot computer. I then ran rKiller in SafeMode as well afterward. I then re-ran ComboFix (changed to my name) and added the CFScript.txt as well.
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/18/2013 10:13:12 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* AFD (AFD) is not Running.
Startup Type set to: System
* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic
* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual
* Network Connections (Netman) is not Running.
Startup Type set to: Manual
* Windows Management Instrumentation (winmgmt) is not Running.
Startup Type set to: Automatic
* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic
* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic
* AFD (AFD) is not Running.
Startup Type set to: System
* IPSEC driver (IPSec) is not Running.
Startup Type set to: System
* NetBios over Tcpip (NetBT) is not Running.
Startup Type set to: System
* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 04/18/2013 10:14:03 AM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)
ComboFix 13-04-18.03 - User 04/18/2013 10:29:18.4.2 - x86
Running from: c:\documents and settings\User\Desktop\Henry.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\es.dll --> c:\windows\System32\es.dll
.
((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
.
.
2013-04-18 14:29 . 2008-07-07 20:26 253952 -c--a-w- c:\windows\system32\dllcache\es.dll
2013-04-18 00:42 . 2010-06-08 18:50 692768 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2013-04-18 00:42 . 2009-07-14 00:07 24576 ----a-w- c:\windows\system32\drivers\vwifibus.sys
2013-04-18 00:09 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-04-18 00:09 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-04-18 00:09 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-04-18 00:09 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-04-18 00:09 . 2013-04-18 00:09 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-04-18 00:09 . 2013-04-18 00:09 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-04-18 00:06 . 2013-04-18 01:35 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-04-18 00:03 . 2013-04-18 00:03 -------- d-----w- c:\windows\OPTIONS
2013-04-18 00:03 . 2013-04-18 00:13 -------- d-----w- c:\windows\system32\RtlGina
2013-04-18 00:03 . 2009-02-05 06:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2013-04-17 17:08 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-04-17 17:08 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-04-17 17:08 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-04-17 17:08 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-04-17 17:08 . 2008-04-13 17:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2013-04-17 17:08 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-04-16 19:05 . 2013-04-16 19:05 -------- d-----w- c:\documents and settings\User\Application Data\AVG8
2013-04-16 19:00 . 2012-06-02 19:19 577048 -c--a-w- c:\windows\system32\dllcache\wuapi.dll
2013-04-16 19:00 . 2012-06-02 19:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-04-16 13:38 . 2004-08-04 12:00 90112 -c--a-w- c:\windows\system32\dllcache\mycomput.dll
2013-04-16 13:38 . 2004-08-04 12:00 90112 ----a-w- c:\windows\system32\mycomput.dll
2013-04-15 22:31 . 2013-04-15 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2013-03-29 13:17 . 2013-03-29 13:17 -------- d-----w- C:\$NtUninstallXPSEP$
2013-03-29 13:16 . 2010-10-05 17:56 14048 ------w- c:\windows\system32\spmsg2.dll
2013-03-28 14:23 . 2013-03-28 14:23 -------- d-----w- c:\documents and settings\User\Application Data\RealNetworks
2013-03-28 14:14 . 2013-03-28 14:14 -------- d-----w- c:\program files\RealNetworks
2013-03-28 14:14 . 2013-03-28 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks
2013-03-28 14:14 . 2013-03-28 14:14 -------- d-----w- c:\program files\Common Files\xing shared
2013-03-28 14:13 . 2013-03-28 14:14 -------- d-----w- c:\program files\real
2013-03-23 14:42 . 2013-03-23 14:42 -------- d-----w- C:\QuickBooksAutoDataRecovery
2013-03-23 14:36 . 2013-03-23 14:36 -------- d-----w- C:\Restored_Le Cartier Maintenance_Files
2013-03-21 18:42 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-21 18:42 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-28 14:13 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-13 16:16 . 2012-10-24 12:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:16 . 2011-09-28 13:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2006-02-28 12:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2008-01-31 19:37 2067456 ------w- c:\windows\system32\mstscax.dll
2013-02-19 14:39 . 2013-01-30 14:33 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32 . 2008-08-19 13:37 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-02-28 12:00 12928 ------w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2006-02-28 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
2009-08-13 17:23 . 2009-08-13 17:23 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-08-13 17:23 . 2009-08-13 17:23 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-19 14:39 1929392 ----a-w- c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll" [2013-02-19 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-02 94208]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-05-14 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"XeroxScannerDaemon"="c:\program files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-18 27648]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-02-19 1151152]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-03-28 295512]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [N/A]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [N/A]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [N/A]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2009\QBW32.EXE [2012-12-6 1181584]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\008DH06]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ControlSe]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\f5b4b800.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R1 ControlSe;ControlSe;c:\windows\system32\drivers\SYSTEM\ControlSe.sys [x]
R1 Dri;Dri;c:\windows\system32\drivers\Dri.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [x]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R4 SessionLauncher;SessionLauncher;c:\docume~1\User\LOCALS~1\Temp\DX9\SessionLauncher.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 22:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 16:16]
.
2013-02-15 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2006-02-28 00:12]
.
2013-04-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 72.45.32.147 72.45.32.148
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
DPF: {D25A9538-F962-4501-9E68-D7C3DDECB148} - hxxp://75.144.211.249:8080/template/xWebView2.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-18 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,35,c4,0e,7b,35,d2,46,a0,fd,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,35,c4,0e,7b,35,d2,46,a0,fd,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Completion time: 2013-04-18 10:37:30
ComboFix-quarantined-files.txt 2013-04-18 14:37
ComboFix2.txt 2013-04-18 14:05
ComboFix3.txt 2013-04-18 13:31
ComboFix4.txt 2013-04-18 03:26
.
Pre-Run: 219,385,311,232 bytes free
Post-Run: 219,369,455,616 bytes free
.
- - End Of File - - 5342348F1D39457D203CBAEC0D95908C
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/18/2013 10:13:12 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* AFD (AFD) is not Running.
Startup Type set to: System
* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic
* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual
* Network Connections (Netman) is not Running.
Startup Type set to: Manual
* Windows Management Instrumentation (winmgmt) is not Running.
Startup Type set to: Automatic
* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic
* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic
* AFD (AFD) is not Running.
Startup Type set to: System
* IPSEC driver (IPSec) is not Running.
Startup Type set to: System
* NetBios over Tcpip (NetBT) is not Running.
Startup Type set to: System
* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 04/18/2013 10:14:03 AM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)
ComboFix 13-04-18.03 - User 04/18/2013 10:29:18.4.2 - x86
Running from: c:\documents and settings\User\Desktop\Henry.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\es.dll --> c:\windows\System32\es.dll
.
((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
.
.
2013-04-18 14:29 . 2008-07-07 20:26 253952 -c--a-w- c:\windows\system32\dllcache\es.dll
2013-04-18 00:42 . 2010-06-08 18:50 692768 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
2013-04-18 00:42 . 2009-07-14 00:07 24576 ----a-w- c:\windows\system32\drivers\vwifibus.sys
2013-04-18 00:09 . 2005-04-04 03:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-04-18 00:09 . 2005-04-04 03:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-04-18 00:09 . 2005-04-04 03:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-04-18 00:09 . 2005-04-04 03:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-04-18 00:09 . 2013-04-18 00:09 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-04-18 00:09 . 2013-04-18 00:09 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-04-18 00:06 . 2013-04-18 01:35 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2013-04-18 00:03 . 2013-04-18 00:03 -------- d-----w- c:\windows\OPTIONS
2013-04-18 00:03 . 2013-04-18 00:13 -------- d-----w- c:\windows\system32\RtlGina
2013-04-18 00:03 . 2009-02-05 06:49 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2013-04-17 17:08 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-04-17 17:08 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-04-17 17:08 . 2008-04-13 17:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-04-17 17:08 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-04-17 17:08 . 2008-04-13 17:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2013-04-17 17:08 . 2008-04-13 17:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-04-16 19:05 . 2013-04-16 19:05 -------- d-----w- c:\documents and settings\User\Application Data\AVG8
2013-04-16 19:00 . 2012-06-02 19:19 577048 -c--a-w- c:\windows\system32\dllcache\wuapi.dll
2013-04-16 19:00 . 2012-06-02 19:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-04-16 13:38 . 2004-08-04 12:00 90112 -c--a-w- c:\windows\system32\dllcache\mycomput.dll
2013-04-16 13:38 . 2004-08-04 12:00 90112 ----a-w- c:\windows\system32\mycomput.dll
2013-04-15 22:31 . 2013-04-15 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2013-03-29 13:17 . 2013-03-29 13:17 -------- d-----w- C:\$NtUninstallXPSEP$
2013-03-29 13:16 . 2010-10-05 17:56 14048 ------w- c:\windows\system32\spmsg2.dll
2013-03-28 14:23 . 2013-03-28 14:23 -------- d-----w- c:\documents and settings\User\Application Data\RealNetworks
2013-03-28 14:14 . 2013-03-28 14:14 -------- d-----w- c:\program files\RealNetworks
2013-03-28 14:14 . 2013-03-28 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks
2013-03-28 14:14 . 2013-03-28 14:14 -------- d-----w- c:\program files\Common Files\xing shared
2013-03-28 14:13 . 2013-03-28 14:14 -------- d-----w- c:\program files\real
2013-03-23 14:42 . 2013-03-23 14:42 -------- d-----w- C:\QuickBooksAutoDataRecovery
2013-03-23 14:36 . 2013-03-23 14:36 -------- d-----w- C:\Restored_Le Cartier Maintenance_Files
2013-03-21 18:42 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-21 18:42 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-28 14:13 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-03-13 16:16 . 2012-10-24 12:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:16 . 2011-09-28 13:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2006-02-28 12:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2008-01-31 19:37 2067456 ------w- c:\windows\system32\mstscax.dll
2013-02-19 14:39 . 2013-01-30 14:33 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32 . 2008-08-19 13:37 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-02-28 12:00 12928 ------w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2006-02-28 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
2009-08-13 17:23 . 2009-08-13 17:23 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-08-13 17:23 . 2009-08-13 17:23 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-19 14:39 1929392 ----a-w- c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll" [2013-02-19 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-02 94208]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 9138176]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-05-14 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-05-14 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"XeroxScannerDaemon"="c:\program files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-18 27648]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-02-19 1151152]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-03-28 295512]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [N/A]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [N/A]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [N/A]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2009\QBW32.EXE [2012-12-6 1181584]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\008DH06]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ControlSe]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\f5b4b800.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\xerox\\nwwia\\XrxFTPLt.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R1 ControlSe;ControlSe;c:\windows\system32\drivers\SYSTEM\ControlSe.sys [x]
R1 Dri;Dri;c:\windows\system32\drivers\Dri.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys [x]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R4 SessionLauncher;SessionLauncher;c:\docume~1\User\LOCALS~1\Temp\DX9\SessionLauncher.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 22:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 16:16]
.
2013-02-15 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2006-02-28 00:12]
.
2013-04-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 72.45.32.147 72.45.32.148
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
DPF: {D25A9538-F962-4501-9E68-D7C3DDECB148} - hxxp://75.144.211.249:8080/template/xWebView2.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-18 10:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,35,c4,0e,7b,35,d2,46,a0,fd,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,35,c4,0e,7b,35,d2,46,a0,fd,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Completion time: 2013-04-18 10:37:30
ComboFix-quarantined-files.txt 2013-04-18 14:37
ComboFix2.txt 2013-04-18 14:05
ComboFix3.txt 2013-04-18 13:31
ComboFix4.txt 2013-04-18 03:26
.
Pre-Run: 219,385,311,232 bytes free
Post-Run: 219,369,455,616 bytes free
.
- - End Of File - - 5342348F1D39457D203CBAEC0D95908C