ComboFix 13-05-08.02 - n 09/05/2013 1:34.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3574.2586 [GMT 1:00]
Running from: c:\users\n\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 )))))))))))))))))))))))))))))))
.
.
2013-05-09 00:42 . 2013-05-09 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-09 00:42 . 2013-05-09 00:42 -------- d-----w- c:\users\black\AppData\Local\temp
2013-05-09 00:32 . 2013-05-09 00:32 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2919DCEE-9BCD-4A8C-BC94-C0039C683A58}\offreg.dll
2013-05-09 00:24 . 2013-05-09 00:24 -------- d-----w- c:\windows\ERUNT
2013-05-09 00:24 . 2013-05-09 00:24 -------- d-----w- C:\JRT
2013-05-07 22:44 . 2013-05-07 22:44 -------- d-----w- c:\users\n\AppData\Roaming\Simply Super Software
2013-05-07 22:44 . 2013-05-07 22:44 -------- d-----w- c:\program files\Trojan Remover
2013-05-07 22:44 . 2013-05-07 22:44 -------- d-----w- c:\programdata\Simply Super Software
2013-05-07 17:13 . 2013-05-07 17:13 -------- d-----w- c:\program files\UnCleaner
2013-05-07 16:28 . 2013-05-07 16:28 -------- d-----w- c:\program files\Common Files\Java
2013-05-07 16:28 . 2013-05-07 16:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-07 16:27 . 2013-05-07 16:27 -------- d-----w- c:\program files\Java
2013-05-07 11:27 . 2013-05-07 11:27 -------- d-----w- C:\Stinger_Quarantine
2013-05-07 11:26 . 2013-05-07 11:44 -------- d-----w- c:\program files\stinger
2013-05-07 10:41 . 2013-05-07 10:41 -------- d-----w- c:\programdata\Licenses
2013-05-07 10:04 . 2013-05-07 10:04 -------- d-----w- c:\program files\spotflux
2013-05-07 09:29 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2919DCEE-9BCD-4A8C-BC94-C0039C683A58}\mpengine.dll
2013-05-05 16:49 . 2013-05-05 19:04 -------- d-----w- c:\program files\Labeljoy 5
2013-05-05 16:47 . 2013-05-05 16:47 -------- d-----w- c:\users\n\AppData\Local\{62043314-B102-4874-9E29-1477B9F510E3}
2013-04-29 23:17 . 2013-04-29 23:17 -------- d-----w- c:\users\n\AppData\Local\Easy_BioSolutions_Inc
2013-04-29 23:15 . 2013-04-29 23:15 -------- d-----w- c:\program files\Easy Trinity
2013-04-24 10:23 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-15 15:26 . 2013-04-15 15:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-04-15 15:25 . 2013-04-15 15:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-04-15 15:25 . 2013-04-15 15:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-04-15 15:24 . 2013-04-15 15:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-04-15 15:23 . 2013-04-15 15:23 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-04-15 15:22 . 2013-04-15 15:22 -------- d-----w- c:\users\n\AppData\Local\Microsoft Help
2013-04-15 15:22 . 2013-04-15 16:37 -------- d-----w- c:\programdata\Microsoft Help
2013-04-15 15:22 . 2013-04-15 15:22 -------- d-----r- C:\MSOCache
2013-04-15 13:17 . 2013-04-15 13:17 -------- d-----w- c:\users\n\AppData\Roaming\Hotspot Shield
2013-04-11 00:36 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 00:36 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 00:36 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 00:36 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-11 00:35 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 00:35 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-11 00:35 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-11 00:35 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-11 00:35 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-07 16:27 . 2012-08-01 22:19 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-07 16:27 . 2012-02-24 16:38 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-05 13:14 . 2012-07-06 12:28 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-05 13:14 . 2012-02-17 11:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 01:06 . 2012-01-01 21:59 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 12:27 . 2013-02-12 17:43 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2013-04-04 13:50 . 2012-03-06 13:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-01 22:36 . 2013-04-01 22:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-01 22:36 . 2013-04-01 22:36 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-01 22:36 . 2013-04-01 22:36 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-01 22:36 . 2013-04-01 22:36 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-01 22:36 . 2013-04-01 22:36 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-01 22:36 . 2013-04-01 22:36 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-01 22:36 . 2013-04-01 22:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-01 22:36 . 2013-04-01 22:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-01 22:36 . 2013-04-01 22:36 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-01 22:36 . 2013-04-01 22:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-01 22:36 . 2013-04-01 22:36 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-01 22:36 . 2013-04-01 22:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-01 22:36 . 2013-04-01 22:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-01 22:36 . 2013-04-01 22:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-01 22:36 . 2013-04-01 22:36 361984 ----a-w- c:\windows\system32\html.iec
2013-04-01 22:36 . 2013-04-01 22:36 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-01 22:36 . 2013-04-01 22:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-31 13:37 . 2013-03-31 13:37 397312 ----a-w- c:\windows\iwexec.exe
2013-03-31 13:37 . 2013-03-31 13:37 83144 ----a-w- c:\windows\system32\picclp32.ocx
2013-03-31 13:37 . 2013-03-31 13:37 415504 ----a-w- c:\windows\system32\msrepl35.dll
2013-03-31 13:37 . 2013-03-31 13:37 212480 ----a-w- c:\windows\system32\Pcdlib32.dll
2013-03-31 13:37 . 2013-03-31 13:37 98304 ----a-w- c:\windows\system32\Ltfil90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 35328 ----a-w- c:\windows\system32\Lttwn90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 29184 ----a-w- c:\windows\system32\Lfpsd90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 288256 ----a-w- c:\windows\system32\Ltkrn90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 28160 ----a-w- c:\windows\system32\Lfwmf90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 28160 ----a-w- c:\windows\system32\Lftga90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 27648 ----a-w- c:\windows\system32\Lfwpg90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 26112 ----a-w- c:\windows\system32\Lfras90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 25600 ----a-w- c:\windows\system32\Lfwfx90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 220160 ----a-w- c:\windows\system32\Ltdis90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 146432 ----a-w- c:\windows\system32\Ltefx90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 142336 ----a-w- c:\windows\system32\Ltdlg90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 118272 ----a-w- c:\windows\system32\Lftif90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 107008 ----a-w- c:\windows\system32\Ltimg90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 88576 ----a-w- c:\windows\system32\Lffpx90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 64512 ----a-w- c:\windows\system32\Lffax90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 46592 ----a-w- c:\windows\system32\Lfica90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 39936 ----a-w- c:\windows\system32\Lfgif90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 35840 ----a-w- c:\windows\system32\Lflma90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 338944 ----a-w- c:\windows\system32\Lffpx7.dll
2013-03-31 13:37 . 2013-03-31 13:37 31232 ----a-w- c:\windows\system32\Lfpct90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 31232 ----a-w- c:\windows\system32\Lflmb90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 31232 ----a-w- c:\windows\system32\Lfeps90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 30720 ----a-w- c:\windows\system32\Lfpcx90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 27136 ----a-w- c:\windows\system32\Lfimg90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 26624 ----a-w- c:\windows\system32\Lfpcd90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 26112 ----a-w- c:\windows\system32\Lfmsp90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 25600 ----a-w- c:\windows\system32\Lfmac90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 133632 ----a-w- c:\windows\system32\Lfpng90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 122880 ----a-w- c:\windows\system32\Lfkodak.dll
2013-03-31 13:37 . 2013-03-31 13:37 89360 ----a-w- c:\windows\system32\Vb5db.dll
2013-03-31 13:37 . 2013-03-31 13:37 557328 ----a-w- c:\windows\system32\dao360.dll
2013-03-31 13:37 . 2013-03-31 13:37 33792 ----a-w- c:\windows\system32\Lfbmp90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 28672 ----a-w- c:\windows\system32\Lfawd90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 26624 ----a-w- c:\windows\system32\Lfcal90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 24576 ----a-w- c:\windows\system32\Lfavi90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 236032 ----a-w- c:\windows\system32\Lfdic90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 235008 ----a-w- c:\windows\system32\Lfcmp90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 164144 ----a-w- c:\windows\system32\comct232.ocx
2013-03-27 01:07 . 2013-03-27 01:07 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-03-18 00:31 . 2013-03-27 01:07 93254688 ----a-w- C:\SystemMechanicPro.exe
2013-03-07 11:21 . 2013-03-07 11:21 33160 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2013-02-12 17:44 . 2013-02-12 17:44 40208 ----a-w- c:\windows\system32\Partizan.exe
2013-02-12 17:31 . 2013-02-12 17:31 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2013-02-12 17:31 . 2013-02-12 17:31 2 --shatr- c:\windows\winstart.bat
2013-02-12 14:06 . 2013-02-12 17:31 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2013-02-12 04:48 . 2013-03-13 12:59 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-20 23:12 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-12 09:02 . 2013-04-12 09:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2011-04-08 00:01 5066568 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2011-04-08 00:01 5066568 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dashlane"="c:\users\n\AppData\Roaming\Dashlane\Dashlane.exe" [2013-04-30 272056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 4431664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2013-04-26 1648400]
.
c:\users\n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-20 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2011-04-07 23:45 101192 ----a-w- c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe\0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2013-03-31 16:59 116648 ----atw- c:\users\n\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 19:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 15:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 13:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 13:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 13:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2009-07-08 05:41 65536 ----a-r- c:\program files\Eclipse Touch Mouse\ICO.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2012-06-09 18:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2011-04-07 22:39 55624 ----a-w- c:\program files\Protector Suite\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-06-17 07:51 466704 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 14:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 04:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 12:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-11-11 19:42 7880664 ----a-w- c:\users\n\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-11-11 19:42 1199576 ----a-w- c:\users\n\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 06:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-28 16:28 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Safely Remove]
2012-04-25 23:49 2460504 ----a-w- c:\program files\USB Safely Remove\USBSafelyRemove.exe
.
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R4 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
S3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Partizan
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 13:14]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-335498470-4156246589-3525742749-1000Core.job
- c:\users\n\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 16:59]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-335498470-4156246589-3525742749-1000UA.job
- c:\users\n\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 16:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{40354A83-504E-4611-ACAE-3D137F6F595E} - {40354A83-504E-4611-ACAE-3D137F6F595E} - c:\users\n\AppData\Roaming\Dashlane\ie\Dashlanei.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{128EE2C2-5A0A-4CA7-818A-28B243957FD2}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{AFFB6FF8-259D-4D43-8D85-E4EA1EAF5347}\244575966496: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{AFFB6FF8-259D-4D43-8D85-E4EA1EAF5347}\244584F6D65684572623D2056315B4: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{AFFB6FF8-259D-4D43-8D85-E4EA1EAF5347}\35B4955333332333: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{AFFB6FF8-259D-4D43-8D85-E4EA1EAF5347}\E4544574541425: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\n\AppData\Roaming\Mozilla\Firefox\Profiles\zwe0ad8b.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - ExtSQL: !HIDDEN! 2012-07-02 12:29; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-CPA - c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{669695BC-A811-4A9D-8CDF-BA8C795F261C}"=hex:51,66,7a,6c,4c,1d,38,12,d2,96,85,
62,23,e6,f3,0f,f3,c9,f9,cc,7c,01,62,08
"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,
2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a
"{42D79B50-CC4A-4A8E-860F-BE674AF053A2}"=hex:51,66,7a,6c,4c,1d,38,12,3e,98,c4,
46,78,82,e0,0f,f9,19,fd,27,4f,ae,17,b6
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:97,29,a2,34,f2,39,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,bc,18,f7,6b,29,d8,40,ae,e1,7c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,bc,18,f7,6b,29,d8,40,ae,e1,7c,\
.
[HKEY_USERS\S-1-5-21-335498470-4156246589-3525742749-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-335498470-4156246589-3525742749-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="9DE91DF69F04674DE97790F1A0D9FE79ED38200F2F249DE57824CDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452A6171C11EC38DE3DA6171C11EC38DE3D4C5FAAE3B2C391724E62FA93C60703B74296B2E30114782899B3024A7837411EEA1678A8CE3C0EE83B5FA4F5B92F9058D5E6432EAD7C381C3C7CFC970ED172729A74375AEC5B081CD80D6DE0E24AFE33AC1BA58E6BB1133F4E8B69465C263A27A936DAB9E43FBDEB2DFA4C92A2DC5F33A6B47063C3BB0E28A7789FF036E3AF2206A61CBFEEDEF628624A7701BA3EC6B7444C7EBD9EF82D6245EF39E4CD0D683CC7A7771828FEF8984732EED3D09D4F92AE0CED63CE9AFD6EC4B29626BD787FC2A42FAB2293BC9176CB7C7268F079168C2FB421CD85A88C41EB93D9EA80D296F57C453DEF148713EE8686074F8728BD5FB598BBAAD9F96CC1227CEA9CF618500CCE87F4CB7424CF2633C376CC6751EAB9D41EABDA493E34CBF268F35B669CD3ACBFA75F2E61A8A1B0ACBACD58C7F24840C3429CF432F67F310F676577F6074EF51AEA4B496E82E4987784DD2043DC03085B13804157796B34491FF0FA34526DF849AACDFE0E707ADCB8CF3C84D6344C9E9DB40F3EE0EF1C0D9A480F9C8FCC66B8DE54BEE61C06476EB8604198E6F1DA002C5E421CD95736E89EACFACD5C1970B18F67BACDD32C33B3670A0B2637E2E6224D5A57C2B102E6E6142E332FD32EC6CD347C22B1D81DAB0756B8F92AF4A6AFE96C88D0C9BB165A9A6041FA1912D62970C9B997C62EEA2035BA6AB353AC34F4B3995C747FAF8D450C8BED599397B25BECF05E05743FF60703EE312287D0527ECC855D4D64A935DD3940CF99DEC9B2268CEFBA1557D87AD62370B270DE391F14F908A6A9AFA72FDD104F98CA6EEE9F530DADB3B83EAC808EC1E12A90A61F8A84F29B661A4A0EF084F52C8B40E5B592B31FB744A32BCEE9ACFB08E5B9DE21D8225F616276D0A24694426E8090A2AB7B1A6840F74FD73A683764CDC7613BC1A4C0E119EED795934954C0D3E41832481D5F001AF075AE4B853701C0C6482567593B0C2C791C1F6D6F8E31B9B775D5E18DDEF4406419CEC39D384B146C6D395C386EE3A37F6724A57C1249A50F8B063637F6C84D9A7C8DC8DE4BB29AD695C750D5BC66AF969D15128A312F3F9102ECE45A0D6D0573A87065CC0596D0384BD5531B0C0223E36991EF87447FD17CC267718887CEC95D69358441FD4F54D75C1ADCC3441873A33A705D35234B4E1F7E894629D24826DECD487865D227E68F57834863D581BD2541BA5E292E95C65FA799AE775D2CC4912CCF773BA4D9ECCC14B1D1DBAF883F4C742DD94EC756753375925B819C3F79221BA21A95181B7293A9F79EE6C9ECDB8F0E3B1B"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(492)
c:\program files\Protector Suite\psqlpwd.dll
c:\program files\Protector Suite\homefus2.dll
c:\program files\Protector Suite\infql2.dll
.
- - - - - - - > 'Explorer.exe'(1800)
c:\program files\PowerMenu\PowerMenuHook.dll
c:\program files\Protector Suite\farchns.dll
c:\program files\Protector Suite\infql2.dll
c:\program files\Protector Suite\qlbase.dll
.
Completion time: 2013-05-09 01:44:42
ComboFix-quarantined-files.txt 2013-05-09 00:44
.
Pre-Run: 18,010,165,248 bytes free
Post-Run: 17,914,499,072 bytes free
.
- - End Of File - - C09B8436AC77D57DC7B9894D4AF4C84D