ComboFix 12-01-19.02 - asus 01/20/2012 15:25:31.1.8 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4021.3257 [GMT -6:00]
Running from: c:\users\asus\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\windows\assembly\tmp\U
c:\windows\system32\cseDVH.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\cseDVH.dll
c:\windows\SysWow64\WanPacket.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 21:32 . 2012-01-20 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-20 12:51 . 2012-01-20 12:51 -------- d-----w- c:\program files\iTunes
2012-01-20 12:51 . 2012-01-20 12:51 -------- d-----w- c:\program files\iPod
2012-01-17 11:11 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB5DFB6E-AE3E-4665-87C4-18964CABE6F2}\mpengine.dll
2012-01-15 00:17 . 2012-01-15 00:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-15 00:16 . 2012-01-15 00:16 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-01-15 00:16 . 2012-01-15 00:16 -------- d-----w- c:\program files (x86)\Java
2012-01-14 17:51 . 2012-01-20 12:51 -------- d-----w- c:\program files (x86)\iTunes
2012-01-13 14:53 . 2012-01-13 14:53 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-13 14:53 . 2012-01-13 14:53 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-13 14:53 . 2012-01-13 14:53 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-13 14:53 . 2012-01-13 14:53 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-13 07:24 . 2012-01-13 07:24 -------- d-----w- c:\windows\SysWow64\wbem\Logs
2012-01-12 15:24 . 2012-01-12 15:24 -------- d-----w- c:\programdata\eBay
2012-01-12 15:24 . 2012-01-12 15:24 -------- d-----w- c:\program files (x86)\eBay
2012-01-12 08:55 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 08:55 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 08:52 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 08:52 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 08:52 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 08:52 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 08:21 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 08:21 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-12 06:56 . 2012-01-12 06:56 -------- d-----w- c:\users\asus\AppData\Roaming\VS Revo Group
2012-01-12 06:14 . 2012-01-12 06:14 -------- d-----w- c:\users\asus\AppData\Local\VS Revo Group
2012-01-12 06:14 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-01-12 06:14 . 2012-01-12 06:17 -------- d-----w- c:\program files\VS Revo Group
2012-01-12 04:51 . 2012-01-12 05:03 -------- dc----w- C:\AdobeTemp
2012-01-09 00:08 . 2009-11-06 14:34 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-01-09 00:08 . 2009-11-06 14:34 3888128 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-01-09 00:08 . 2009-11-06 14:34 3552768 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-01-09 00:08 . 2009-11-06 14:31 1436920 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-01-09 00:08 . 2007-01-20 00:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-01-09 00:08 . 2012-01-09 00:08 -------- d-----w- c:\program files (x86)\NETGEAR
2012-01-04 10:14 . 2012-01-04 10:45 -------- d-----w- c:\users\asus\AdobeLicensingFilesBackup
2012-01-01 18:09 . 2012-01-01 18:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 00:16 . 2011-08-28 18:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-10 21:24 . 2011-12-05 07:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 22:00 . 2011-12-07 22:00 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-01 20:03 . 2011-12-01 20:03 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2011-11-30 12:46 . 2011-11-26 17:26 29704 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2011-11-24 04:52 . 2011-12-15 02:23 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:34 . 2011-11-18 20:34 49152 ----a-r- c:\windows\SysWow64\inetwh32.dll
2011-11-18 20:34 . 2011-11-18 20:34 1044480 ----a-r- c:\windows\SysWow64\roboex32.dll
2011-11-15 20:29 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-13 19:44 . 2011-08-29 04:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 07:21 . 2011-11-05 07:21 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-05 07:21 . 2011-11-05 07:21 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-11-05 07:21 . 2011-11-05 07:21 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-11-05 07:21 . 2011-11-05 07:21 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-11-05 07:21 . 2011-11-05 07:21 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-11-05 07:21 . 2011-11-05 07:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-11-05 07:21 . 2011-11-05 07:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-11-05 07:21 . 2011-11-05 07:21 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-11-05 07:21 . 2011-11-05 07:21 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-11-05 07:21 . 2011-11-05 07:21 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-05 07:21 . 2011-11-05 07:21 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-11-05 07:21 . 2011-11-05 07:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-11-05 07:21 . 2011-11-05 07:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-11-05 07:21 . 2011-11-05 07:21 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-05 07:21 . 2011-11-05 07:21 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-05 07:21 . 2011-11-05 07:21 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-11-05 07:21 . 2011-11-05 07:21 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-11-05 07:21 . 2011-11-05 07:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-05 07:21 . 2011-11-05 07:21 448512 ----a-w- c:\windows\system32\html.iec
2011-11-05 07:21 . 2011-11-05 07:21 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-11-05 07:21 . 2011-11-05 07:21 222208 ----a-w- c:\windows\system32\msls31.dll
2011-11-05 07:21 . 2011-11-05 07:21 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-05 07:21 . 2011-11-05 07:21 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-11-05 07:21 . 2011-11-05 07:21 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-05 07:21 . 2011-11-05 07:21 12288 ----a-w- c:\windows\system32\mshta.exe
2011-11-05 07:21 . 2011-11-05 07:21 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-11-05 07:21 . 2011-11-05 07:21 114176 ----a-w- c:\windows\system32\admparse.dll
2011-11-05 07:21 . 2011-11-05 07:21 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-05 07:21 . 2011-11-05 07:21 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-11-05 07:21 . 2011-11-05 07:21 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-11-05 07:21 . 2011-11-05 07:21 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-11-05 07:21 . 2011-11-05 07:21 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 07:21 . 2011-11-05 07:21 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-11-05 07:21 . 2011-11-05 07:21 160256 ----a-w- c:\windows\system32\wextract.exe
2011-11-05 05:32 . 2011-12-15 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-15 02:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 17:28 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 17:28 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 17:28 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 17:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 17:28 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 17:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 17:28 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 17:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-15 02:23 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"RemoteControl11"=c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\users\asus\Desktop\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [x]
R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
R4 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/08/29 14:22];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-20 20:31 148976]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\asus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF784.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\6uxg8pb2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 257e1f21-8943-453f-a437-6d99df2371c0
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\users\asus\Desktop\Malwarebytes' Anti-Malware\mbam.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\users\asus\Desktop\Spybot - Search & Destroy\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c4,ef,d3,79,dd,9e,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-01-20 15:38:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 21:38
.
Pre-Run: 13,898,092,544 bytes free
Post-Run: 14,765,469,696 bytes free
.
- - End Of File - - E1516B7C6972B81D922C0658A119A63B