combofix
ComboFix 13-09-08.02 - Frank 09/09/2013 9:54.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3839.1966 [GMT 1:00]
Running from: c:\users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJWETG00\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frank\AppData\Roaming\.#
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Recent\User Manual.url
c:\windows\wininit.ini
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-08-09 to 2013-09-09 )))))))))))))))))))))))))))))))
.
.
2013-09-09 09:05 . 2013-09-09 09:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-09 09:05 . 2013-09-09 09:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-08 14:31 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2072AA98-8C39-4D29-8B12-40B818D3F6A0}\mpengine.dll
2013-09-07 14:01 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 11:24 . 2013-09-06 11:23 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57ACA441-F9B1-4449-B46B-9F7C3A950167}\gapaengine.dll
2013-08-31 10:36 . 2013-08-31 15:37 -------- d-----w- c:\users\Frank\AppData\Roaming\Fighters
2013-08-31 10:36 . 2013-08-31 15:37 -------- d-----w- c:\programdata\Fighters
2013-08-30 08:49 . 2013-08-30 08:49 -------- d-----w- c:\program files (x86)\7-Zip
2013-08-30 08:42 . 2013-08-30 08:44 -------- d-----w- c:\program files (x86)\BearShare Applications
2013-08-30 08:17 . 2013-09-05 10:38 -------- dc----w- C:\AdwCleaner
2013-08-27 10:19 . 2013-08-31 09:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-27 10:19 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-25 11:27 . 2013-08-25 11:27 -------- d-----w- c:\program files\Defraggler
2013-08-25 10:18 . 2013-08-25 10:18 -------- d-----w- c:\users\Frank\AppData\Roaming\Thunderbird
2013-08-25 10:18 . 2013-08-25 10:18 -------- d-----w- c:\users\Frank\AppData\Local\Thunderbird
2013-08-25 10:18 . 2013-08-25 10:28 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-08-22 17:12 . 2013-08-22 17:12 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-08-22 17:12 . 2013-08-22 17:12 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-22 17:12 . 2013-08-22 17:12 -------- d-----w- c:\program files (x86)\Java
2013-08-21 10:02 . 2013-08-21 10:02 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240DA.TMP
2013-08-20 09:11 . 2013-08-20 09:11 -------- d-----w- c:\users\Frank\AppData\Local\avgchrome
2013-08-15 06:02 . 2013-08-15 06:04 -------- d-----w- c:\windows\system32\MRT
2013-08-11 10:03 . 2012-05-11 14:47 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL
2013-08-11 10:03 . 2012-05-11 14:47 152848 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2013-08-11 10:03 . 2012-05-11 14:47 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL
2013-08-11 10:03 . 2012-05-11 14:47 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL
2013-08-11 10:03 . 2012-05-11 14:47 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2013-08-11 10:03 . 2012-05-11 14:47 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL
2013-08-11 10:03 . 2013-08-11 10:03 -------- d-----w- c:\users\Frank\AppData\Roaming\TFP
2013-08-11 10:02 . 2013-08-11 10:02 -------- d-----w- c:\users\Frank\AppData\Local\Fuze Zip
2013-08-11 10:02 . 2013-08-11 10:06 -------- d-----w- c:\users\Frank\AppData\Local\FuzeZip
2013-08-11 10:00 . 2013-08-12 04:44 -------- d-----w- c:\program files (x86)\FuzeZip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 14:50 . 2012-06-13 06:10 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-22 17:12 . 2013-05-17 10:49 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-22 17:12 . 2013-05-17 10:49 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-22 10:45 . 2013-02-24 15:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-22 10:45 . 2013-02-24 15:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-15 06:02 . 2012-05-18 06:29 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-15 05:57 . 2013-05-04 08:30 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-21 13:44 . 2013-07-21 10:29 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-21 13:44 . 2013-07-21 10:29 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-09 04:45 . 2013-08-14 06:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-21 00:07 . 2013-07-31 10:56 203672 ----a-w- c:\windows\system32\drivers\ssudobex.sys
2013-06-21 00:07 . 2013-07-31 10:56 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-06-21 00:07 . 2013-07-31 10:56 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-18 20:50 . 2013-06-18 20:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 20:50 . 2012-03-20 19:44 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9359da42-06fb-46f2-9e4a-05c05b98a5ef}]
2013-04-29 08:57 62864 ----a-w- c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3775afd7-5921-4571-968f-85a631203d1c}"= "c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll" [2013-04-29 708168]
.
[HKEY_CLASSES_ROOT\clsid\{3775afd7-5921-4571-968f-85a631203d1c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 11:28 222808 ----a-w- c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 11:28 222808 ----a-w- c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 11:28 222808 ----a-w- c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE New Window Maximizer"="c:\program files (x86)\IE New Window Maximizer\iemaximizer.exe" [2003-01-24 348160]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-08-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe;c:\program files (x86)\Expat Shield\bin\openvpnas.exe
R2 InboxAce_1gService;InboxAceService;c:\progra~2\INBOXA~2\bar\1.bin\1gbarsvc.exe;c:\progra~2\INBOXA~2\bar\1.bin\1gbarsvc.exe
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R2 Update BrowseFox;Update BrowseFox;c:\program files (x86)\BrowseFox\updateBrowseFox.exe;c:\program files (x86)\BrowseFox\updateBrowseFox.exe
R2 UtilityChest_49Service;Utility ChestService;c:\progra~2\UTILIT~2\bar\1.bin\49barsvc.exe;c:\progra~2\UTILIT~2\bar\1.bin\49barsvc.exe
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys
R3 LVUVC64;Logitech QuickCam 3000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe;c:\windows\SYSNATIVE\dgdersvc.exe
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe;c:\program files (x86)\Expat Shield\bin\hsswd.exe
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe;d:\malwarebytes' anti-malware\mbamscheduler.exe
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe;d:\malwarebytes' anti-malware\mbamservice.exe
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 10:45]
.
2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-14 05:39]
.
2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-14 05:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 11:28 261704 ----a-w- c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 11:28 261704 ----a-w- c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 11:28 261704 ----a-w- c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
DPF: {34DC66DB-E913-40A1-A2DD-53A1B9E90CAC} - hxxps://col0-sec.mail.live.com/mail/resources/MailMigrationTool.cab
DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} - hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=131641694
DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} - hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=2070962686
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\
FF - ExtSQL: 2013-07-29 16:03;
[email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Extensions\
[email protected]FF - ExtSQL: 2013-08-16 10:11; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-20 09:54;
[email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\
[email protected]FF - ExtSQL: 2013-08-23 03:04;
[email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\
[email protected]FF - ExtSQL: 2013-08-30 21:37;
[email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\
[email protected]FF - ExtSQL: 2013-08-31 07:48; {d3d26710-52fd-44f2-8166-04aa85b93dc2}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\{d3d26710-52fd-44f2-8166-04aa85b93dc2}
FF - ExtSQL: 2013-08-31 11:35; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
FF - ExtSQL: 2013-09-03 10:50; {c9388641-af41-9113-10c5-54eb2becb636}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\{c9388641-af41-9113-10c5-54eb2becb636}
FF - ExtSQL: !HIDDEN! 2013-07-29 16:03;
[email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Extensions\
[email protected].
- - - - ORPHANS REMOVED - - - -
.
BHO-{1122b43d-30ee-403f-9bfa-3cc99b0caddd} - (no file)
BHO-{6ec74131-08b2-4f67-a9bc-5914ef1edb97} - (no file)
BHO-{d5a1d22b-9e17-454f-8ecd-83c578fb3983} - c:\progra~2\INBOXA~2\bar\1.bin\1gbar.dll
Toolbar-10 - (no file)
Toolbar-{cf67755f-9265-449c-87cf-b945519e073b} - c:\program files (x86)\UtilityChest_49\bar\1.bin\49bar.dll
Toolbar-{1122b43d-30ee-403f-9bfa-3cc99b0caddd} - (no file)
BHO-{31ad400d-1b06-4e33-a59a-90c2c140cba0} - (no file)
BHO-{DEDAF650-12B8-48f5-A843-BBA100716106} - c:\program files\Updater By Sweetpacks\Extension64.dll
Toolbar-10 - (no file)
WebBrowser-{B81767E1-672D-4DA1-B5CC-D277185815A6} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file)
WebBrowser-{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - (no file)
WebBrowser-{6EC74131-08B2-4F67-A9BC-5914EF1EDB97} - (no file)
AddRemove-Installl_Converter Toolbar - c:\program files (x86)\Installl_Converter\uninstall.exe
AddRemove-MixiDJ_V30 Toolbar - c:\program files (x86)\MixiDJ_V30\uninstall.exe
AddRemove-{6CEFA465-C891-A778-BC5F-58A9FA79F674} - c:\progra~3\INSTAL~1\{0DC28~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1381260898-2479351544-750526317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1381260898-2479351544-750526317-1001)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1381260898-2479351544-750526317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-09 10:18:50
ComboFix-quarantined-files.txt 2013-09-09 09:18
.
Pre-Run: 45,021,790,208 bytes free
Post-Run: 44,557,447,168 bytes free
.
- - End Of File - - 95038531F9F680253EC0EB82C0C915C9
A36C5E4F47E84449FF07ED3517B43A31
[recovering disk space, attachment deleted by admin]