ComboFix 13-09-19.01 - Tree 09/19/2013 19:51:13.3.2 - x86
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.2940.1569 [GMT -4:00]
Running from: c:\users\Tree\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tree\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Files Created from 2013-08-19 to 2013-09-19 )))))))))))))))))))))))))))))))
.
.
2013-09-19 23:58 . 2013-09-19 23:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-19 23:58 . 2013-09-19 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-19 21:26 . 2013-09-19 21:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC80FC16-D0AC-4442-966A-54F253AC380B}\offreg.dll
2013-09-18 23:43 . 2013-09-18 23:43 -------- d-----w- c:\program files\ESET
2013-09-18 20:44 . 2013-09-18 20:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-18 20:32 . 2013-09-18 20:32 -------- d-----w- c:\programdata\Oracle
2013-09-18 20:32 . 2013-09-18 20:32 -------- d-----w- c:\program files\Common Files\Java
2013-09-18 20:31 . 2013-09-18 20:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-18 07:03 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-18 07:03 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-09-18 07:03 . 2013-08-10 03:58 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-09-18 07:03 . 2013-08-10 03:58 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-09-18 07:03 . 2013-08-10 03:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-09-17 17:16 . 2013-08-02 01:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-17 17:16 . 2013-08-02 01:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-17 17:16 . 2013-08-02 00:43 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-17 17:16 . 2013-08-02 00:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-17 17:16 . 2013-08-02 00:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-17 17:16 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC80FC16-D0AC-4442-966A-54F253AC380B}\mpengine.dll
2013-09-16 22:27 . 2013-09-16 22:27 -------- d-----w- C:\Intel
2013-09-16 21:35 . 2013-09-16 21:35 -------- d-----w- c:\users\Tree\AppData\Local\Apple
2013-09-16 20:42 . 2013-09-17 01:18 -------- d-----w- c:\users\Tree\Downloads - Copy
2013-09-14 17:46 . 2013-09-19 20:39 -------- d-----w- C:\AdwCleaner
2013-09-14 17:39 . 2013-09-14 17:39 -------- d-----w- c:\windows\ERUNT
2013-08-24 22:48 . 2013-09-19 21:14 -------- d-----w- c:\program files\Web Layers
2013-08-24 22:47 . 2013-05-08 06:10 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-08-24 22:47 . 2013-05-08 06:10 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-08-24 22:46 . 2013-08-24 22:46 -------- d-----w- c:\program files\Flash Movie Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-18 20:31 . 2012-07-17 00:05 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-18 20:31 . 2012-05-25 21:02 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-16 22:35 . 2013-03-16 01:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-16 22:35 . 2013-03-16 01:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 08:22 . 2012-05-25 16:55 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-19 01:41 . 2013-08-14 16:26 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-14 16:28 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-14 16:28 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-14 16:28 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-14 16:29 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-14 16:29 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-14 16:29 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-14 16:29 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 16:29 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Tree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-25 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 Update Web Layers;Update Web Layers;c:\program files\Web Layers\updateWebLayers.exe [2013-08-23 206624]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 01:34 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-16 22:35]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 19:42]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 19:42]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.comuInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}: NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}\44B4E445: NameServer = 8.8.4.4,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PC Health Kit_is1 - c:\program files\PC Health Kit\unins000.exe
AddRemove-Web Layers - c:\program files\Web Layers\WebLayersuninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-19 20:00:29
ComboFix-quarantined-files.txt 2013-09-20 00:00
.
Pre-Run: 225,114,562,560 bytes free
Post-Run: 225,087,434,752 bytes free
.
- - End Of File - - 27C2ED9D3FAAF02CC9DD894716B5F8E6
A36C5E4F47E84449FF07ED3517B43A31