Unsolved
This post is more than 5 years old
1 Message
0
15339
combofix
the combofix detected these problems on my computer will be someone who could help me
explaining to me what i have to do to solve these problems?
ComboFix 13-06-21.02 - user 21/06/2013 23:11:48.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.4060.2437 [GMT -3:00]
Running from: c: \ users \ user \ llll \ Downloads \ Downloads \ New Folder (2) \ ComboFix.exe
AV: Kaspersky Internet Security * Disabled / Updated * {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security * Disabled * {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security * Disabled / Updated * {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender * Enabled / Updated * {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((Files / Files Created from 05/22/2013 to 2013-06-22)))))))))))))))))) ))))))))))
.
.
22/06/2013 02:48. 22/06/2013 02:48 -------- d ----- w-c: \ users \ UpdatusUser \ AppData \ Local \ temp
22/06/2013 02:48. 22/06/2013 02:48 -------- d ----- w-c: \ users \ Default \ AppData \ Local \ temp
22/06/2013 02:48. 22/06/2013 02:48 -------- d ----- w-c: \ users \ Guest \ AppData \ Local \ temp
21/06/2013 22:58. 21/06/2013 22:59 -------- d ----- w-c: \ programdata \ Intel
21/06/2013 22:57. 21/06/2013 22:58 -------- d ----- w-c: \ program files \ Intel
21/06/2013 22:54. 2000-01-01 00:00 62784 ---- aw-c: \ windows \ system32 \ drivers \ HECIx64.sys
21/06/2013 22:45. 21/06/2013 22:45 -------- d ----- w-C: \ Intel
21/06/2013 22:32. 21/06/2013 22:32 -------- d ----- w-c: \ program files (x86) \ SlimDrivers
21/06/2013 21:49. 21/06/2013 21:49 -------- d ----- w-c: \ windows \ SysWow64 \ RTCOM
21/06/2013 21:49. 21/06/2013 21:49 -------- d ----- w-c: \ program files \ Realtek
21/06/2013 18:06. 2000-01-01 00:00 74344 ---- aw-c: \ windows \ system32 \ RtNicProp64.dll
21/06/2013 18:06. 2000-01-01 00:00 676968 ---- aw-c: \ windows \ system32 \ drivers \ Rt64win7.sys
21/06/2013 17:55. 06/12/2013 03:08 9552976 ---- aw-c: \ programdata \ Microsoft \ Windows Defender \ Definition Updates \ {83CDCF3F-EEF8-4A2C-93A2-5223C7C1F627} \ mpengine.dll
21/06/2013 17:42. 21/06/2013 22:35 -------- d ----- w-c: \ users \ user \ AppData \ Local \ Slimware Utilities Inc
21/06/2013 16:26. 21/06/2013 23:33 -------- d ----- w-c: \ program files (x86) \ Steam
21/06/2013 16:00. 21/06/2013 16:00 -------- d ----- w-c: \ users \ user \ AppData \ Local \ Deployment
21/06/2013 02:07. 17/05/2013 01:25 108032 ---- aw-c: \ program files (x86) \ Internet Explorer \ jsdebuggeride.dll
21/06/2013 00:51. 21/06/2013 00:51 -------- d ----- w-c: \ users \ user \ AppData \ Local \ NVIDIA
21/06/2013 00:03. 21/06/2013 00:03 -------- d ----- w-c: \ program files (x86) \ AGEIA Technologies
06/20/2013 23:55. 06/20/2013 23:55 -------- d ----- w-C: \ NVIDIA
06/20/2013 23:46. 06/20/2013 23:46 -------- d ----- w-c: \ users \ user \ AppData \ Roaming \ ProgSense
06/20/2013 23:45. 06/20/2013 23:55 -------- d ----- w-C: \ downloads
06/20/2013 23:45. 06/20/2013 23:45 -------- d ----- w-c: \ users \ user \ AppData \ Roaming \ GrabPro
06/20/2013 23:44. 06/20/2013 23:45 -------- d ----- w-c: \ program files (x86) \ Orbitdownloader
06/20/2013 23:42. 22/06/2013 01:42 -------- d ----- w-c: \ users \ user \ AppData \ Roaming \ Orbit
06/20/2013 23:40. 08/05/2013 06:39 1910632 ---- aw-c: \ windows \ system32 \ drivers \ tcpip.sys
06/20/2013 23:36. 04/26/2013 05:51 751104 ---- aw-c: \ windows \ system32 \ Win32spl.dll
06/20/2013 23:36. 04/26/2013 04:55 492544 ---- aw-c: \ windows \ SysWow64 \ Win32spl.dll
06/20/2013 23:36. 05/10/2013 05:49 30720 ---- aw-c: \ windows \ system32 \ Cryptdlg.dll
06/20/2013 23:36. 05/10/2013 03:20 24576 ---- aw-c: \ windows \ SysWow64 \ Cryptdlg.dll
06/20/2013 23:35. 2013-04-17 06:24 1424384 ---- aw-c: \ windows \ system32 \ WindowsCodecs.dll
06/20/2013 23:35. 2013-04-17 07:02 1230336 ---- aw-c: \ windows \ SysWow64 \ WindowsCodecs.dll
06/20/2013 23:34. 13/05/2013 03:43 1192448 ---- aw-c: \ windows \ system32 \ certutil.exe
06/20/2013 23:34. 13/05/2013 03:08 903168 ---- aw-c: \ windows \ SysWow64 \ certutil.exe
06/20/2013 23:34. 13/05/2013 05:51 1464320 ---- aw-c: \ windows \ system32 \ crypt32.dll
06/20/2013 23:34. 13/05/2013 04:45 1160192 ---- aw-c: \ windows \ SysWow64 \ crypt32.dll
06/20/2013 23:34. 13/05/2013 05:51 184320 ---- aw-c: \ windows \ system32 \ Cryptsvc.dll
06/20/2013 23:34. 13/05/2013 05:51 139776 ---- aw-c: \ windows \ system32 \ Cryptnet.dll
06/20/2013 23:34. 13/05/2013 04:45 103936 ---- aw-c: \ windows \ SysWow64 \ Cryptnet.dll
06/20/2013 23:34. 13/05/2013 05:50 52224 ---- aw-c: \ windows \ system32 \ certenc.dll
06/20/2013 23:34. 13/05/2013 04:45 140288 ---- aw-c: \ windows \ SysWow64 \ Cryptsvc.dll
06/20/2013 23:34. 13/05/2013 03:08 43008 ---- aw-c: \ windows \ SysWow64 \ certenc.dll
06/20/2013 23:33. 2013-03-31 22:52 1887232 ---- aw-c: \ windows \ system32 \ d3d11.dll
06/20/2013 23:33. 04/25/2013 23:30 1505280 ---- aw-c: \ windows \ SysWow64 \ d3d11.dll
06/20/2013 21:11. 06/20/2013 21:11 -------- d ----- w-c: \ users \ user \ AppData \ Local \ Apps
06/20/2013 20:45. 06/20/2013 20:45 -------- d ----- w-c: \ users \ user \ AppData \ Roaming \ FreshDiagnose
06/20/2013 14:58. 06/20/2013 14:58 27,859,456 ---- aw-c: \ windows \ system32 \ imageres.dll
06/20/2013 13:56. 06/20/2013 13:57 -------- d ----- w-c: \ users \ user \ AppData \ Local \ PMB Files
06/18/2013 16:28. 06/18/2013 16:28 -------- d ----- w-c: \ users \ user \ AppData \ Local \. Inapptracking
06/18/2013 13:35. 19/06/2013 00:02 -------- d ----- w-c: \ program files (x86) \ dumps
06/18/2013 13:33. 06/18/2013 13:33 -------- d ----- w-c: \ users \ user \ AppData \ Local \ Diagnostics
06/15/2013 01:23. 06/15/2013 01:23 -------- d ----- w-c: \ users \ user \ AppData \ Local \ SKIDROW
06/15/2013 00:48. 06/15/2013 00:48 -------- d ----- w-c: \ users \ user \ AppData \ Local \ Programs
06/13/2013 15:58. 06/20/2013 22:09 -------- d ----- w-c: \ users \ user \ AppData \ Local \ ElevatedDiagnostics
06/12/2013 17:14. 06/12/2013 17:45 472064 ---- aw-c: \ windows \ AutoKMS.exe
06/07/2013 19:22. 03/06/2013 16:24 64856 ---- aw-c: \ windows \ system32 \ klfphc.dll
06/07/2013 19:22. 06/07/2013 19:22 -------- d ----- w-c: \ windows \ ELAMBKUP
06/07/2013 19:22. 22/06/2013 02:22 -------- d ----- w-c: \ programdata \ Kaspersky Lab
06/07/2013 19:22. 06/07/2013 19:22 -------- d ----- w-c: \ program files (x86) \ Kaspersky Lab
06/07/2013 19:21. 06/07/2013 19:49 620128 ---- aw-c: \ windows \ system32 \ drivers \ klif.sys
06/07/2013 19:21. 06/07/2013 19:49 90208 ---- aw-c: \ windows \ system32 \ drivers \ klflt.sys
06/03/2013 17:38. 21/06/2013 23:38 -------- d ----- w-c: \ users \ user \ AppData \ Roaming \ Wise Disk Cleaner
06/03/2013 17:37. 06/03/2013 17:37 -------- d ----- w-c: \ program files (x86) \ Wise
2013-05-31 22:38. 2013-05-31 22:38 -------- d ----- w-c: \ program files (x86) \ Wizards of the Coast LLC
2013-05-30 00:06. 2013-05-30 01:08 -------- d ----- w-c: \ program files (x86) \ Windows Live
05/29/2013 23:45. 05/29/2013 23:45 -------- d ----- w-c: \ program files (x86) \ Common Files \ Windows Live
05/29/2013 18:13. 18:13 05/29/2013 -------- d ----- w-c: \ programdata \ StarApp
05/29/2013 18:12. 05/29/2013 18:13 -------- d ----- w-c: \ programdata \ InstallMate
28/05/2013 18:21. 28/05/2013 18:21 -------- d ----- w-c: \ program files (x86) \ RegClean Pro
27/05/2013 17:27. 2000-01-01 00:00 15168 ---- aw-c: \ windows \ system32 \ drivers \ IntelMEFWVer.dll
27/05/2013 17:27. 27/05/2013 17:27 -------- d ----- w-c: \ program files (x86) \ Common Files \ postureAgent
27/05/2013 17:23. 2006-02-07 18:40 204800 ---- aw-c: \ program files (x86) \ Common Files \ InstallShield \ Professional \ RunTime \ 11 \ 50 \ Intel32 \ iuser.dll
27/05/2013 17:23. 2006-02-07 18:40 69715 ---- aw-c: \ program files (x86) \ Common Files \ InstallShield \ Professional \ RunTime \ 11 \ 50 \ Intel32 \ ctor.dll
27/05/2013 17:23. 2006-02-07 18:40 274432 ---- aw-c: \ program files (x86) \ Common Files \ InstallShield \ Professional \ RunTime \ 11 \ 50 \ Intel32 \ iscript.dll
27/05/2013 17:23. 2005-11-14 02:19 5632 ---- aw-c: \ program files (x86) \ Common Files \ InstallShield \ Professional \ RunTime \ 11 \ 50 \ Intel32 \ DotNetInstaller.exe
27/05/2013 17:23. 2006-02-07 18:45 757760 ---- aw-c: \ program files (x86) \ Common Files \ InstallShield \ Professional \ RunTime \ 11 \ 50 \ Intel32 \ iKernel.dll
27/05/2013 17:23. 27/05/2013 17:23 200836 ---- aw-c: \ program files (x86) \ Common Files \ InstallShield \ Professional \ RunTime \ 11 \ 50 \ Intel32 \ iGdi.dll
27/05/2013 17:23. 27/05/2013 17:23 331908 ---- aw-c: \ program files (x86) \ Common Files \ InstallShield \ Professional \ RunTime \ 11 \ 50 \ Intel32 \ setup.dll
27/05/2013 17:22. 21/06/2013 22:58 -------- d ----- w-c: \ program files (x86) \ Intel
27/05/2013 17:22. 2000-01-01 00:00 53248 ---- aw-c: \ windows \ SysWow64 \ CSVer.dll
05/25/2013 21:01. 05/25/2013 21:09 -------- d ----- w-C: \ xampp
.
.
.
(((((((((((((((((((((((((((((((((((((Find3M Report))))))))))) )))))))))))))))))))))))))))))))))))))))))
.
21/06/2013 02:08. 2012-09-29 23:50 75825640 ---- aw-c: \ windows \ system32 \ Mrt.exe
06/20/2013 14:24. 04/25/2013 19:14 1656 ---- aw-c: \ windows \ system32 \ ASOROSet.bin
06/18/2013 23:37. 03/06/2013 16:24 54368 ---- aw-c: \ windows \ system32 \ drivers \ kltdi.sys
06/12/2013 22:38. 2012-09-30 02:11 71048 ---- aw-c: \ windows \ SysWow64 \ FlashPlayerCPLApp.cpl
06/12/2013 22:38. 2012-09-30 02:11 692104 ---- aw-c: \ windows \ SysWow64 \ FlashPlayerApp.exe
06/07/2013 19:49. 2012-08-13 19:49 178448 ---- aw-c: \ windows \ system32 \ drivers \ kneps.sys
2013-05-30 01:03. 2012-07-17 17:37 22240 ---- aw-c: \ programdata \ Microsoft \ IdentityCRL \ production \ ppcrlconfig600.dll
05/18/2013 17:54. 2013-02-23 18:15 86720 ---- aw-c: \ windows \ system32 \ drivers \ hola_mon_drv.sys
05/18/2013 17:54. 2013-02-23 18:15 86976 ---- aw-c: \ windows \ system32 \ drivers \ hola_net.sys
05/18/2013 17:54. 2013-02-23 18:15 570944 ---- aw-c: \ windows \ system32 \ drivers \ hola_drv.sys
12/05/2013 21:42. 02/26/2013 03:32 12,426,216 ---- aw-c: \ windows \ SysWow64 \ nvd3dum.dll
12/05/2013 21:42. 02/26/2013 03:32 2935696 ---- aw-c: \ windows \ system32 \ nvapi64.dll
12/05/2013 21:42. 02/26/2013 03:32 15,910,736 ---- aw-c: \ windows \ system32 \ nvwgf2umx.dll
12/05/2013 21:42. 2012-11-18 05:02 61216 ---- aw-c: \ windows \ system32 \ OpenCL.dll
12/05/2013 21:42. 2012-11-18 05:02 53024 ---- aw-c: \ windows \ SysWow64 \ OpenCL.dll
12/05/2013 21:42. 2009-09-27 23:12 2597344 ---- aw-c: \ windows \ SysWow64 \ nvapi.dll
12/05/2013 20:34. 2009-09-27 21:22 6491936 ---- aw-c: \ windows \ system32 \ nvcpl.dll
12/05/2013 20:34. 2009-09-27 21:22 3514656 ---- aw-c: \ windows \ system32 \ nvsvc64.dll
12/05/2013 20:34. 2009-09-27 21:22 884512 ---- aw-c: \ windows \ system32 \ nvvsvc.exe
12/05/2013 20:34. 2009-09-27 21:22 63776 ---- aw-c: \ windows \ system32 \ nvshext.dll
12/05/2013 20:34. 2009-09-27 21:22 2555680 ---- aw-c: \ windows \ system32 \ nvsvcr.dll
12/05/2013 20:34. 2009-09-27 21:22 237856 ---- aw-c: \ windows \ system32 \ nvmctray.dll
12/05/2013 18:43. 12/05/2013 18:43 566048 ---- aw-c: \ windows \ SysWow64 \ nvStreaming.exe
2013-05-02 05:06. 2012-09-29 01:37 278800 ------ w-c: \ windows \ system32 \ MpSigStub.exe
24/04/2013 20:35. 2012-10-31 16:55 2560 ---- aw-c: \ windows \ _MSRSTRT.EXE
2013-04-13 05:49. 05/15/2013 10:37 135168 ---- aw-c: \ windows \ apppatch \ AppPatch64 \ AcXtrnal.dll
2013-04-13 05:49. 05/15/2013 10:37 308736 ---- aw-c: \ windows \ apppatch \ AppPatch64 \ Acgenral.dll
2013-04-13 05:49. 05/15/2013 10:37 350208 ---- aw-c: \ windows \ apppatch \ AppPatch64 \ AcLayers.dll
2013-04-13 05:49. 05/15/2013 10:37 111104 ---- aw-c: \ windows \ apppatch \ AppPatch64 \ Acspecfc.dll
2013-04-13 04:45. 05/15/2013 10:37 474624 ---- aw-c: \ windows \ apppatch \ Acspecfc.dll
2013-04-13 04:45. 05/15/2013 10:37 2176512 ---- aw-c: \ windows \ apppatch \ Acgenral.dll
2013-04-12 14:45. 2013-04-23 17:44 1656680 ---- aw-c: \ windows \ system32 \ drivers \ ntfs.sys
04/10/2013 06:01. 05/15/2013 10:37 265064 ---- aw-c: \ windows \ system32 \ drivers \ dxgmms1.sys
04/10/2013 06:01. 05/15/2013 10:37 983400 ---- aw-c: \ windows \ system32 \ drivers \ dxgkrnl.sys
04/10/2013 03:30. 05/15/2013 10:36 3153920 ---- aw-c: \ windows \ system32 \ win32k.sys
2013-04-02 10:28. 2013-04-02 10:28 226304 ---- aw-c: \ windows \ system32 \ elshyph.dll
2013-04-02 10:28. 2013-04-02 10:28 185344 ---- aw-c: \ windows \ SysWow64 \ elshyph.dll
2013-04-02 10:28. 2013-04-02 10:28 1054720 ---- aw-c: \ windows \ system32 \ MsSpellCheckingFacility.exe
2013-04-02 10:28. 2013-04-02 10:28 719360 ---- aw-c: \ windows \ SysWow64 \ mshtmlmedia.dll
2013-04-02 10:28. 2013-04-02 10:28 523264 ---- aw-c: \ windows \ SysWow64 \ vbscript.dll
2013-04-02 10:28. 2013-04-02 10:28 158720 ---- aw-c: \ windows \ SysWow64 \ msls31.dll
2013-04-02 10:28. 2013-04-02 10:28 150528 ---- aw-c: \ windows \ SysWow64 \ IExpress.exe
2013-04-02 10:28. 2013-04-02 10:28 138752 ---- aw-c: \ windows \ SysWow64 \ wextract.exe
2013-04-02 10:28. 2013-04-02 10:28 38400 ---- aw-c: \ windows \ SysWow64 \ Imgutil.dll
2013-04-02 10:28. 2013-04-02 10:28 137216 ---- aw-c: \ windows \ SysWow64 \ ieUnatt.exe
2013-04-02 10:28. 2013-04-02 10:28 12800 ---- aw-c: \ windows \ SysWow64 \ mshta.exe
2013-04-02 10:28. 2013-04-02 10:28 110592 ---- aw-c: \ windows \ SysWow64 \ IEAdvpack.dll
2013-04-02 10:28. 2013-04-02 10:28 73728 ---- aw-c: \ windows \ SysWow64 \ SetIEInstalledDate.exe
2013-04-02 10:28. 2013-04-02 10:28 48640 ---- aw-c: \ windows \ SysWow64 \ mshtmler.dll
2013-04-02 10:28. 2013-04-02 10:28 61952 ---- aw-c: \ windows \ SysWow64 \ tdc.ocx
2013-04-02 10:28. 2013-04-02 10:28 361984 ---- aw-c: \ windows \ SysWow64 \ html.iec
2013-04-02 10:28. 2013-04-02 10:28 23040 ---- aw-c: \ windows \ SysWow64 \ licmgr10.dll
2013-04-02 10:28. 2013-04-02 10:28 197120 ---- aw-c: \ windows \ system32 \ msrating.dll
2013-04-02 10:28. 2013-04-02 10:28 1441280 ---- aw-c: \ windows \ SysWow64 \ inetcpl.cpl
2013-04-02 10:28. 2013-04-02 10:28 81408 ---- aw-c: \ windows \ system32 \ icardie.dll
2013-04-02 10:28. 2013-04-02 10:28 762368 ---- aw-c: \ windows \ system32 \ ieapfltr.dll
2013-04-02 10:28. 2013-04-02 10:28 452096 ---- aw-c: \ windows \ system32 \ dxtmsft.dll
2013-04-02 10:28. 2013-04-02 10:28 441856 ---- aw-c: \ windows \ system32 \ html.iec
2013-04-02 10:28. 2013-04-02 10:28 281600 ---- aw-c: \ windows \ system32 \ Dxtrans.dll
2013-04-02 10:28. 2013-04-02 10:28 235008 ---- aw-c: \ windows \ system32 \ url.dll
2013-04-02 10:28. 2013-04-02 10:28 216064 ---- aw-c: \ windows \ system32 \ msls31.dll
2013-04-02 10:28. 2013-04-02 10:28 1400416 ---- aw-c: \ windows \ system32 \ ieapfltr.dat
2013-04-02 10:28. 2013-04-02 10:28 97280 ---- aw-c: \ windows \ system32 \ Mshtmled.dll
2013-04-02 10:28. 2013-04-02 10:28 905728 ---- aw-c: \ windows \ system32 \ mshtmlmedia.dll
2013-04-02 10:28. 2013-04-02 10:28 27648 ---- aw-c: \ windows \ system32 \ licmgr10.dll
2013-04-02 10:28. 2013-04-02 10:28 270848 ---- aw-c: \ windows \ system32 \ iedkcs32.dll
2013-04-02 10:28. 2013-04-02 10:28 247296 ---- aw-c: \ windows \ system32 \ webcheck.dll
2013-04-02 10:28. 2013-04-02 10:28 167424 ---- aw-c: \ windows \ system32 \ IExpress.exe
2013-04-02 10:28. 2013-04-02 10:28 1509376 ---- aw-c: \ windows \ system32 \ inetcpl.cpl
2013-04-02 10:28. 2013-04-02 10:28 144896 ---- aw-c: \ windows \ system32 \ wextract.exe
2013-04-02 10:28. 2013-04-02 10:28 102912 ---- aw-c: \ windows \ system32 \ inseng.dll
2013-04-02 10:28. 2013-04-02 10:28 92160 ---- aw-c: \ windows \ system32 \ SetIEInstalledDate.exe
2013-04-02 10:28. 2013-04-02 10:28 62976 ---- aw-c: \ windows \ system32 \ Pngfilt.dll
2013-04-02 10:28. 2013-04-02 10:28 599552 ---- aw-c: \ windows \ system32 \ vbscript.dll
2013-04-02 10:28. 2013-04-02 10:28 52224 ---- aw-c: \ windows \ system32 \ msfeedsbs.dll
2013-04-02 10:28. 2013-04-02 10:28 51200 ---- aw-c: \ windows \ system32 \ Imgutil.dll
2013-04-02 10:28. 2013-04-02 10:28 173568 ---- aw-c: \ windows \ system32 \ ieUnatt.exe
2013-04-02 10:28. 2013-04-02 10:28 149504 ---- aw-c: \ windows \ system32 \ occache.dll
2013-04-02 10:28. 2013-04-02 10:28 13824 ---- aw-c: \ windows \ system32 \ mshta.exe
2013-04-02 10:28. 2013-04-02 10:28 136192 ---- aw-c: \ windows \ system32 \ iepeers.dll
2013-04-02 10:28. 2013-04-02 10:28 135680 ---- aw-c: \ windows \ system32 \ IEAdvpack.dll
2013-04-02 10:28. 2013-04-02 10:28 12800 ---- aw-c: \ windows \ system32 \ msfeedssync.exe
2013-04-02 10:28. 2013-04-02 10:28 77312 ---- aw-c: \ windows \ system32 \ tdc.ocx
2013-04-02 10:28. 2013-04-02 10:28 48640 ---- aw-c: \ windows \ system32 \ mshtmler.dll
.
.
------- ------- Sigcheck
Note: Unsigned files aren't Necessarily malware.
.
[7] 26.02.2011. 3B69712041F3D63605529BD66DC00C48. 2871808. . [6.1.7601.21669] ..
[-] 25.02.2011. 3890A8BBFB85C1CB5E8B990594B7A234. 2871808. . [6.1.7600.16385] .. c: \ windows \ explorer.exe
[7] 02.25.2011. 332FEAB1435662FC6C672E25BEB37BE3. 2871808. . [6.1.7601.17567] ..
[7] 11.20.2010. AC4C51EB24AA95B77F705AB159189E24. 2872320. . [6.1.7601.17514] ..
.
((((((((((((((((((((((((((Reg Loading Points))))))))))))))))))) ))))))))))))))))))))
.
.
* Note * empty entries & legit default are not displayed.
REGEDIT4
.
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"UTorrent" = "c: \ program files (x86) \ uTorrent \ utorrent.exe" [2012-12-18 969104]
"RocketDock" = "c: \ program files (x86) \ RocketDock \ RocketDock.exe" [2007-09-02 495616]
"Nexus" = "c: \ program files (x86) \ Winstep \ Nexus.exe" [2012-03-28 16957056]
"CursorFX" = "c: \ program files (x86) \ Stardock \ CursorFX \ CursorFX.exe" [2012-12-21 653128]
"Steam" = "c: \ program files (x86) \ Steam \ Steam.exe" [06/06/2013 1641896]
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Microsoft \ Windows \ CurrentVersion \ Run]
"BCSSync" = "c: \ program files (x86) \ Microsoft Office \ Office14 \ BCSSync.exe" [2010-03-13 91520]
"AVP" = "c: \ program files (x86) \ Kaspersky Lab \ Kaspersky Internet Security 2013 \ avp.exe" [06/03/2013 356376]
.
c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \
Orbit.lnk - c: \ program files (x86) \ Orbitdownloader \ orbitdm.exe / H [20/06/2013 2637608]
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ policies \ system]
"ConsentPromptBehaviorAdmin" = 0 (0x0)
"ConsentPromptBehaviorUser" = 3 (0x3)
"EnableLUA" = 0 (0x0)
"EnableUIADesktopToggle" = 0 (0x0)
"PromptOnSecureDesktop" = 0 (0x0)
.
[HKEY_LOCAL_MACHINE \ software \ Wow6432Node \ microsoft \ windows nt \ currentversion \ windows]
"LoadAppInit_DLLs" = 1 (0x1)
.
[HKEY_LOCAL_MACHINE \ software \ microsoft \ security center \ Monitoring \ KasperskyAntiVirus]
"DisableMonitoring" = dword: 00000001
.
R1 hola_net; Hola Fast Internet Adapter c: \ windows \ system32 \ DRIVERS \ hola_net.sys c: \ windows \ SYSNATIVE \ DRIVERS \ hola_net.sys
R2 clr_optimization_v4.0.30319_64; Microsoft. NET Framework NGEN
R2 SkypeUpdate; Skype Updater c: \ program files (x86) \ Skype \ Updater \ Updater.exe c: \ program files (x86) \ Skype \ Updater \ Updater.exe
R3 MSICDSetup; MSICDSetup d: \ cdriver64.sys d: \ CDriver64.sys
R3 Netaapl, Apple Mobile Device Ethernet Service c: \ windows \ system32 \ DRIVERS \ netaapl64.sys c: \ windows \ SYSNATIVE \ DRIVERS \ netaapl64.sys
R3 NTIOLib_1_0_C; NTIOLib_1_0_C d: \ ntiolib_x64.sys d: \ NTIOLib_X64.sys
R3 RdpVideoMiniport; Remote Desktop Video Miniport
R3 SwitchBoard; SwitchBoard c: \ program files (x86) \ Common Files \ Adobe \ SwitchBoard \ SwitchBoard.exe c: \ program files (x86) \ Common Files \ Adobe \ SwitchBoard \ SwitchBoard.exe
R3
R3 TsUsbFlt; TsUsbFlt c: \ windows \ system32 \ drivers \ tsusbflt.sys c: \ windows \ SYSNATIVE \ drivers \ tsusbflt.sys
R3 tsusbhub; tsusbhub c: \ windows \ system32 \ drivers \ tsusbhub.sys c: \ windows \ SYSNATIVE \ drivers \ tsusbhub.sys
R3 TuneUpUtilitiesDrv; TuneUpUtilitiesDrv c: \ program files (x86) \ TuneUp Utilities 2013 \ TuneUpUtilitiesDriver64.sys c: \ program files (x86) \ TuneUp Utilities 2013 \ TuneUpUtilitiesDriver64.sys
R3 USBAAPL64, Apple Mobile USB Driver c: \ windows \ system32 \ drivers \ usbaapl64.sys c: \ windows \ SYSNATIVE \ Drivers \ usbaapl64.sys
R3 VBoxNetAdp; VirtualBox Host-Only Ethernet Adapter c: \ windows \ system32 \ DRIVERS \ VBoxNetAdp.sys c: \ windows \ SYSNATIVE \ DRIVERS \ VBoxNetAdp.sys
R3 VBoxUSB; VirtualBox USB c: \ windows \ system32 \ drivers \ VBoxUSB.sys c: \ windows \ SYSNATIVE \ Drivers \ VBoxUSB.sys
R3 VGPU; VGPU c: \ windows \ system32 \ drivers \ rdvgkmd.sys c: \ windows \ SYSNATIVE \ drivers \ rdvgkmd.sys
R3 WatAdminSvc; Service Activation Technologies Windows c: \ windows \ system32 \ Wat \ WatAdminSvc.exe c: \ windows \ SYSNATIVE \ Wat \ WatAdminSvc.exe
S0 VMCI; VMware VMCI Bus Driver c: \ windows \ system32 \ DRIVERS \ vmci.sys c: \ windows \ SYSNATIVE \ DRIVERS \ vmci.sys
S0 vsock; vSockets Driver c: \ windows \ system32 \ drivers \ vsock.sys c: \ windows \ SYSNATIVE \ drivers \ vsock.sys
S1 KLIM6; Kaspersky Anti-Virus NDIS 6 Filter c: \ windows \ system32 \ DRIVERS \ klim6.sys c: \ windows \ SYSNATIVE \ DRIVERS \ klim6.sys
S1 kltdi; kltdi c: \ windows \ system32 \ DRIVERS \ kltdi.sys c: \ windows \ SYSNATIVE \ DRIVERS \ kltdi.sys
S1 kneps; kneps c: \ windows \ system32 \ DRIVERS \ kneps.sys c: \ windows \ SYSNATIVE \ DRIVERS \ kneps.sys
S1 vboxdrv; VirtualBox Service c: \ windows \ system32 \ DRIVERS \ VBoxDrv.sys c: \ windows \ SYSNATIVE \ DRIVERS \ VBoxDrv.sys
S1 VBoxUSBMon; VirtualBox USB Monitor Driver c: \ windows \ system32 \ DRIVERS \ VBoxUSBMon.sys c: \ windows \ SYSNATIVE \ DRIVERS \ VBoxUSBMon.sys
S2 Intel (R) Capability Licensing Service Interface, Intel (R) Capability Licensing Service Interface c: \ program files \ Intel \ ICLs Client \ HeciServer.exe c: \ program files \ Intel \ ICLs Client \ HeciServer.exe [x ]
S2 jhi_service; Intel (R) Dynamic Host Interface Application Loader Service c: \ program files (x86) \ Intel \ Intel (R) Management Engine Components \ DAL \ jhi_service.exe c: \ program files (x86) \ Intel \ Intel (R) Management Engine Components \ DAL \ jhi_service.exe
S2 NPF; NetGroup Packet Filter Driver c: \ windows \ system32 \ drivers \ npf.sys c: \ windows \ SYSNATIVE \ drivers \ npf.sys
S2 Stereo Service; NVIDIA Stereoscopic 3D Driver Service c: \ program files (x86) \ NVIDIA Corporation \ 3D Vision \ nvSCPAPISvr.exe c: \ program files (x86) \ NVIDIA Corporation \ 3D Vision \ nvSCPAPISvr.exe
S2 TeamViewer8; TeamViewer 8 c: \ program files (x86) \ TeamViewer \ Version8 \ TeamViewer_Service.exe c: \ program files (x86) \ TeamViewer \ Version8 \ TeamViewer_Service.exe
S2 UNS; Intel (R) Management and Security Application User Notification Service; c: \ program files (x86) \ Intel \ Intel (R) Management Engine Components \ UNS \ UNS.exe c: \ program files (x86) \ Intel \ Intel (R) Management Engine Components \ UNS \ UNS.exe
S2-vstor2 mntapi10-shared; Vstor2 MntApi 1.0 Driver (shared); SysWOW64 \ drivers \ vstor2-mntapi10-shared.sys; SysWOW64 \ drivers \ vstor2-mntapi10-shared.sys
S2 Winstep Xtreme Service; Winstep Xtreme Service c: \ program files (x86) \ Winstep \ WsxService c: \ program files (x86) \ Winstep \ WsxService
S3 klkbdflt; KLKBDFLT Kaspersky Lab c: \ windows \ system32 \ DRIVERS \ klkbdflt.sys c: \ windows \ SYSNATIVE \ DRIVERS \ klkbdflt.sys
S3 klmouflt; KLMOUFLT Kaspersky Lab c: \ windows \ system32 \ DRIVERS \ klmouflt.sys c: \ windows \ SYSNATIVE \ DRIVERS \ klmouflt.sys
S3 RTL8167, Realtek 8167 NT Driver c: \ windows \ system32 \ DRIVERS \ Rt64win7.sys c: \ windows \ SYSNATIVE \ DRIVERS \ Rt64win7.sys
S3 VBoxNetFlt; VirtualBox Bridged Networking Service c: \ windows \ system32 \ DRIVERS \ VBoxNetFlt.sys c: \ windows \ SYSNATIVE \ DRIVERS \ VBoxNetFlt.sys
.
.
Contents of the folder 'Scheduled Tasks'
.
22.06.2013 c: \ windows \ Tasks \ Adobe Flash Player Updater.job
- C: \ windows \ SysWOW64 \ Macromed \ Flash \ FlashPlayerUpdateService.exe [2012-09-30 22:38]
.
22/06/2013 c: \ windows \ Tasks \ FacebookUpdateTaskUserS-1-5-21-2288145480-3532626572-3184111071-1000Core.job
- C: \ users \ user \ AppData \ Local \ Facebook \ Update \ FacebookUpdate.exe [2012-12-10 00:46]
.
22/06/2013 c: \ windows \ Tasks \ FacebookUpdateTaskUserS-1-5-21-2288145480-3532626572-3184111071-1000UA.job
- C: \ users \ user \ AppData \ Local \ Facebook \ Update \ FacebookUpdate.exe [2012-12-10 00:46]
.
21/06/2013 c: \ windows \ Tasks \ GoogleUpdateTaskUserS-1-5-21-2288145480-3532626572-3184111071-1000Core.job
- C: \ users \ user \ AppData \ Local \ Google \ Update \ GoogleUpdate.exe [2012-09-29 01:33]
.
22/06/2013 c: \ windows \ Tasks \ GoogleUpdateTaskUserS-1-5-21-2288145480-3532626572-3184111071-1000UA.job
- C: \ users \ user \ AppData \ Local \ Google \ Update \ GoogleUpdate.exe [2012-09-29 01:33]
.
21/06/2013 c: \ windows \ Tasks \ RegClean Pro_DEFAULT.job
- C: \ program files (x86) \ RegClean Pro \ RegCleanPro.exe [05/28/2013 19:27]
.
19/06/2013 c: \ windows \ Tasks \ RegClean Pro_UPDATES.job
- C: \ program files (x86) \ RegClean Pro \ RegCleanPro.exe [05/28/2013 19:27]
.
21/06/2013 c: \ windows \ Tasks \ SlimDrivers Startup.job
- C: \ program files (x86) \ SlimDrivers \ SlimDrivers.exe [06/21/2013 13:21]
.
.
Entries X64 --------- -----------
.
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]
"Nvtmru" = "c: \ program files (x86) \ NVIDIA Corporation \ NVIDIA Update Core \ nvtmru.exe" [05/16/2013 1012000]
"RTHDVCPL" = "c: \ program files \ Realtek \ Audio \ HDA \ RtkNGUI64.exe" [2000-01-01 6548112]
.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - netsvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c: \ windows \ system32 \ blank.htm
uStart Page = hxxp :/ / www.google.com.br/
uDefault_Search_URL = hxxp :/ / search.certified-toolbar.com? si = 41460 & tid = 2938 & bs = true & q =
mDefault_Search_URL = hxxp :/ / search.certified-toolbar.com? si = 41460 & tid = 2938 & bs = true & q =
mDefault_Page_URL =
mStart Page =
Mlocal Page = c: \ windows \ SysWOW64 \ blank.htm
mSearch Page = hxxp :/ / search.certified-toolbar.com? si = 41460 & tid = 2938 & bs = true & q =
mSearch Bar = hxxp :/ / search.certified-toolbar.com? si = 41460 & tid = 2938 & bs = true & q =
uSearchAssistant =
mCustomizeSearch = hxxp :/ / search.v9.com/web /? q = {searchTerms}
mSearchAssistant = hxxp :/ / search.v9.com/web /? q = {searchTerms}
IE: & Download by Orbit - c: \ program files (x86) \ Orbitdownloader \ orbitmxt.dll/201
IE: & Grab video by Orbit - c: \ program files (x86) \ Orbitdownloader \ orbitmxt.dll/204
IE: & NeoTrace It! - C: \ progra ~ 2 \ NEOTRA ~ 1 \ NTXcontext.htm
IE: Do & wnload selected by Orbit - c: \ program files (x86) \ Orbitdownloader \ orbitmxt.dll/203
IE: Down & load all by Orbit - c: \ program files (x86) \ Orbitdownloader \ orbitmxt.dll/202
IE: E & xport to Microsoft Excel
IE: Se & nd to OneNote
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces \ {9BE187BD-B315-494B-979A-F79B9B78997F}: NameServer = 200.0.0.42
FF - profilePath - c: \ users \ user \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ bapoqom9.default \
FF - prefs.js: browser.startup.homepage - www.google.com.br
.
---- ORPHANS REMOVED ----
.
c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ RocketDock.lnk - c: \ windows \ Halloween Skin Pack \ RocketDock \ RocketDock.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486b-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ services \ Winstep Xtreme Service]
"ImagePath" = "c: \ program files (x86) \ Winstep \ WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS \ S-1-5-21-2288145480-3532626572-3184111071-1000 \ Software \ SecuROM \ License information *]
"Datasecu" = hex: 8f, 23,6 f, 64,84, ba, 86,4 d, 22,70,17,5 b, 0a, 81, ee, 3d, f, 4a, f5, 83,83,
c3, 69, d9, 89,0 d, f4, 97, ca, e8, ac, 21,0 b, 32,5 a, 0e, 32,61,23,4 d, 08,03,93, e8, 35,32, \
"Rkeysecu" = hex: 6e, 8b, 88,46, of, e9, cd, 9d, a5, 54,63,96, cd, e7, c8, 45
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@ Denied: (A 2) (Everyone)
@ = "FlashBroker"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {73C9DFA0-750D-11E1-B0C4-0800200C9A66} \ Elevation]
"Enabled" = dword: 00000001
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {73C9DFA0-750D-11E1-B0C4-0800200C9A66} \ LocalServer32]
@ = "C: \ \ Windows \ \ system32 \ \ Macromed \ \ Flash \ \ FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {73C9DFA0-750D-11E1-B0C4-0800200C9A66} \ TypeLib]
@ = "{FAB3E735-453B-69C7-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ Interface \ {6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@ Denied: (A 2) (Everyone)
@ = "IFlashBroker5"
.
@ = "{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ Interface \ {6AE38AE0-750C-11E1-B0C4-0800200C9A66} \ TypeLib]
@ = "{FAB3E735-453B-69C7-A446-B6823C6DF1C9}"
"Version" = "1.0"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ Wow6432Node \ CLSID \ {73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@ Denied: (A 2) (Everyone)
@ = "FlashBroker"
.
"Enabled" = dword: 00000001
.
@ = "C: \ \ Windows \ \ SysWOW64 \ \ Macromed \ \ Flash \ \ FlashUtil32_11_7_700_224_ActiveX.exe"
.
@ = "{FAB3E735-453B-69C7-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ Wow6432Node \ CLSID \ {D27CDB6E-AE6D-11cf-96B8-444553540000}]
@ Denied: (A 2) (Everyone)
@ = "Shockwave Flash Object"
.
@ = "C: \ \ Windows \ \ SysWOW64 \ \ Macromed \ \ Flash \ \ Flash32_11_7_700_224.ocx"
"ThreadingModel" = "Apartment"
.
@ = "0"
.
@ = "ShockwaveFlash.ShockwaveFlash.11"
.
@ = "C: \ \ Windows \ \ SysWOW64 \ \ Macromed \ \ Flash \ \ Flash32_11_7_700_224.ocx, 1"
.
@ = "{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
@ = "1.0"
.
@ = "ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ Wow6432Node \ CLSID \ {D27CDB70-AE6D-11cf-96B8-444553540000}]
@ Denied: (A 2) (Everyone)
@ = "Macromedia Flash Factory Object"
.
@ = "C: \ \ Windows \ \ SysWOW64 \ \ Macromed \ \ Flash \ \ Flash32_11_7_700_224.ocx"
"ThreadingModel" = "Apartment"
.
@ = "FlashFactory.FlashFactory.1"
.
@ = "C: \ \ Windows \ \ SysWOW64 \ \ Macromed \ \ Flash \ \ Flash32_11_7_700_224.ocx, 1"
.
@ = "{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
@ = "1.0"
.
@ = "FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ Wow6432Node \ Interface \ {6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@ Denied: (A 2) (Everyone)
@ = "IFlashBroker5"
.
@ = "{00020424-0000-0000-C000-000000000046}"
.
@ = "{FAB3E735-453B-69C7-A446-B6823C6DF1C9}"
"Version" = "1.0"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Microsoft \ Office \ Common \ Smart Tag \ Actions \ {B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@ Denied: (A) (Everyone)
"Solution" = "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Microsoft \ Schema Library \ ActionsPane3]
@ Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Microsoft \ Schema Library \ ActionsPane3 \ 0]
"Key" = "ActionsPane3"
"Location" = "c: \ \ Program Files (x86) \ \ Common Files \ \ Microsoft Shared \ \ VSTO \ \ ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ PCW \ Security]
@ Denied: (Full) (Everyone)
.
Completion time: 06/22/2013 00:06:35
ComboFix-quarantined-files.txt 22/06/2013 03:06
.
Pre-Run: 228,269,715,456 bytes free
Post-Run: 227,662,049,280 bytes free
.
- End Of File - E1AFE78825B05C71FD33F8C1B948A029
A36C5E4F47E84449FF07ED3517B43A31
joe53
5.8K Posts
0
June 24th, 2013 06:00
Hi luanluko, and welcome to the forum.
Unfortunately Dell no longer offers one-on-one malware removal advice, apart from general info.
There are forums staffed by experts at this you can consult (see below). Registration is required, but is free.
Combofix is a powerful tool that should only be run under the supervision of such an expert, as it can do harm to your system otherwise.
A partial list of links to forums that specialise in malware removal is pinned to the top of this forum. Also see:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix#forums
Be sure to read and follow the instructions there before posting anything.
Good luck!
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
June 24th, 2013 07:00
Hi luanluko,
My suggestion is to post the required DDS logs on the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the diagnostic logs and a cleanup. They will first review those. Following that they will let you know if you need to post your ComboFix log and they will read it for you. The helpers there do not use remote access but will advise you step-by-step on what you can do. Please do not attempt to run any additional scans, install software, or use any other tools until an analyst can advise you on the next step. Please use the same username there as you have here. Help is free, but you will need to register there and follow the posting instructions.The instructions will inform you of where to download DDS and how to run a scan to post the output information. Don't forget to check your email and click on the link they send you in order to confirm your registration.
As Joe mentioned, there are other options listed at the top of the this forum. Some are free; some require a fee. Please use only one resource. It can be counter-productive to have too many people trying to help. Good luck! :emotion-1:
Bugbatter
3 Apprentice
3 Apprentice
•
20.5K Posts
0
June 24th, 2013 14:00
It appears that this topic is being handled at Bleeping Computer. Therefore, this topic is closed. Everyone else who is having a similar issue, please begin a New Topic at the top of the forum.