00tcrdmain

00tcrdmain
ComboFix 12-10-21.02 – sanja 21.10.2012 17:00:23.1.2 – x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1917.637 [GMT 2:00]
Running from: c:userssanjaDesktopComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-21 15:37 . 2012-10-21 15:37 ——– d—–w- c:userssanjaAppDataLocaltemp
00tcrdmain 00tcrdmain
2012-10-21 15:37 . 2012-10-21 15:37 ——– d—–w- c:usersDefaultAppDataLocaltemp
2012-10-21 14:37 . 2012-10-21 14:37 ——– d—–w- C:_OTL
2012-10-21 13:33 . 2011-03-12 21:55 876032 —-a-w- c:windowssystem32XpsPrint.dll
2012-10-21 13:33 . 2012-03-01 14:46 219648 —-a-w- c:windowssystem32d3d10_1core.dll
2012-10-21 13:33 . 2012-02-29 13:41 1069056 —-a-w- c:windowssystem32DWrite.dll
2012-10-21 13:33 . 2012-03-01 14:46 160768 —-a-w- c:windowssystem32d3d10_1.dll
2012-10-21 13:33 . 2012-02-29 14:08 1172480 —-a-w- c:windowssystem32d3d10warp.dll
2012-10-21 13:33 . 2012-02-29 13:44 683008 —-a-w- c:windowssystem32d2d1.dll
2012-10-20 20:17 . 2012-10-20 20:17 ——– d—–w- C:Tweaking.com_Windows_Repair_Logs
2012-10-20 20:17 . 2012-10-20 20:17 ——– d—–w- c:program filesTweaking.com
00tcrdmain best of 00tcrdmain
2012-10-20 19:46 . 2012-10-20 19:46 ——– d—–w- c:userssanjaAppDataRoamingAvira
2012-10-20 19:44 . 2012-10-20 19:44 ——– d—–w- c:program filesMalwarebytes’ Anti-Malware
2012-10-20 19:44 . 2012-09-29 17:54 22856 —-a-w- c:windowssystem32driversmbam.sys
2012-10-20 19:40 . 2012-10-01 15:14 134184 —-a-w- c:windowssystem32driversavipbb.sys
2012-10-20 19:40 . 2012-09-24 07:58 36552 —-a-w- c:windowssystem32driversavkmgr.sys
2012-10-20 19:40 . 2012-09-13 08:58 83792 —-a-w- c:windowssystem32driversavgntflt.sys
2012-10-20 19:40 . 2012-10-20 19:40 ——– d—–w- c:programdataAvira
2012-10-20 19:40 . 2012-10-20 19:40 ——– d—–w- c:program filesAvira
2012-10-20 18:59 . 2012-10-20 18:59 ——– d—–w- c:program filesWindows Portable Devices
2012-10-20 18:41 . 2009-09-10 02:01 3023360 —-a-w- c:windowssystem32UIRibbon.dll
00tcrdmain best of 00tcrdmain
2012-10-20 18:41 . 2009-09-10 02:00 1164800 —-a-w- c:windowssystem32UIRibbonRes.dll
2012-10-20 18:41 . 2009-09-10 02:00 92672 —-a-w- c:windowssystem32UIAnimation.dll
2012-10-20 18:27 . 2012-02-29 15:11 5120 —-a-w- c:windowssystem32wmi.dll
2012-10-20 18:27 . 2012-02-29 15:09 157696 —-a-w- c:windowssystem32imagehlp.dll
2012-10-20 18:27 . 2012-02-29 13:32 12800 —-a-w- c:windowssystem32driversfs_rec.sys
2012-10-20 18:15 . 2012-10-20 18:15 766976 —-a-w- c:program filesCommon FilesMicrosoft SharedvgxVGX.dll
2012-10-20 18:15 . 2012-10-20 18:15 35840 —-a-w- c:windowssystem32imgutil.dll
2012-10-20 18:15 . 2012-10-20 18:15 265720 —-a-w- c:program filesInternet Explorermsdbg2.dll
2012-10-20 18:15 . 2012-10-20 18:15 387584 —-a-w- c:program filesInternet Explorerjsdbgui.dll
2012-10-20 18:15 . 2012-10-20 18:15 355832 —-a-w- c:program filesInternet Explorerpdm.dll
00tcrdmain best of 00tcrdmain
2012-10-20 18:15 . 2012-10-20 18:15 22016 —-a-w- c:program filesInternet ExplorerExtExport.exe
2012-10-20 18:15 . 2012-10-20 18:15 149504 —-a-w- c:program filesInternet Explorerjsprofilerui.dll
2012-10-20 18:15 . 2012-10-20 18:15 110592 —-a-w- c:windowssystem32IEAdvpack.dll
2012-10-20 18:13 . 2012-10-20 18:13 369664 —-a-w- c:windowssystem32WMPhoto.dll
2012-10-20 18:13 . 2012-10-20 18:13 252928 —-a-w- c:windowssystem32dxdiag.exe
2012-10-20 18:13 . 2012-10-20 18:13 195584 —-a-w- c:windowssystem32dxdiagn.dll
2012-10-20 18:13 . 2012-10-20 18:13 519680 —-a-w- c:windowssystem32d3d11.dll
2012-10-20 18:13 . 2012-10-20 18:13 321024 —-a-w- c:windowssystem32PhotoMetadataHandler.dll
2012-10-20 18:13 . 2012-10-20 18:13 974848 —-a-w- c:windowssystem32WindowsCodecs.dll
2012-10-20 18:13 . 2012-10-20 18:13 189440 —-a-w- c:windowssystem32WindowsCodecsExt.dll
00tcrdmain check more 00tcrdmain
2012-10-20 17:43 . 2011-08-25 16:15 555520 —-a-w- c:windowssystem32UIAutomationCore.dll
2012-10-20 17:43 . 2011-08-25 16:14 238080 —-a-w- c:windowssystem32oleacc.dll
2012-10-20 17:43 . 2011-08-25 13:31 4096 —-a-w- c:windowssystem32oleaccrc.dll
2012-10-20 17:43 . 2011-08-25 16:14 563712 —-a-w- c:windowssystem32oleaut32.dll
2012-10-20 13:56 . 2011-07-29 16:01 293376 —-a-w- c:windowssystem32psisdecd.dll
2012-10-20 13:56 . 2011-07-29 16:01 217088 —-a-w- c:windowssystem32psisrndr.ax
2012-10-20 13:56 . 2011-07-29 16:00 57856 —-a-w- c:windowssystem32MSDvbNP.ax
2012-10-20 13:56 . 2011-07-29 16:00 69632 —-a-w- c:windowssystem32Mpeg2Data.ax
2012-10-20 13:56 . 2011-10-14 16:03 189952 —-a-w- c:windowssystem32winmm.dll
2012-10-20 13:56 . 2011-10-14 16:00 23552 —-a-w- c:windowssystem32mciseq.dll
00tcrdmain 00tcrdmain
2012-10-20 13:56 . 2011-10-14 16:02 429056 —-a-w- c:windowssystem32EncDec.dll
2012-10-20 13:54 . 2011-11-16 16:23 377344 —-a-w- c:windowssystem32winhttp.dll
2012-10-20 13:54 . 2011-11-25 15:59 376320 —-a-w- c:windowssystem32winsrv.dll
2012-10-20 13:54 . 2011-10-25 15:56 49152 —-a-w- c:windowssystem32csrsrv.dll
2012-10-20 13:54 . 2012-05-11 15:57 623616 —-a-w- c:windowssystem32localspl.dll
2012-10-20 13:54 . 2011-11-18 20:23 1205064 —-a-w- c:windowssystem32ntdll.dll
2012-10-20 13:53 . 2012-08-24 15:53 172544 —-a-w- c:windowssystem32wintrust.dll
2012-10-20 13:53 . 2011-02-22 13:33 797696 —-a-w- c:windowssystem32FntCache.dll
2012-10-20 13:53 . 2011-02-22 14:13 288768 —-a-w- c:windowssystem32XpsGdiConverter.dll
2012-10-20 13:53 . 2012-09-13 13:28 2048 —-a-w- c:windowssystem32tzres.dll
00tcrdmain 00tcrdmain
2012-10-20 13:53 . 2012-03-01 11:01 2409784 —-a-w- c:program filesWindows MailOESpamFilter.dat
2012-10-20 13:52 . 2012-07-04 14:02 2047488 —-a-w- c:windowssystem32win32k.sys
2012-10-20 13:52 . 2012-06-05 16:47 1401856 —-a-w- c:windowssystem32msxml6.dll
2012-10-20 13:52 . 2012-06-05 16:47 1248768 —-a-w- c:windowssystem32msxml3.dll
2012-10-20 13:52 . 2012-05-01 14:03 180736 —-a-w- c:windowssystem32driversrdpwd.sys
2012-10-20 13:52 . 2011-09-30 15:57 707584 —-a-w- c:program filesCommon FilesSystemwab32.dll
2012-10-20 13:51 . 2012-06-04 15:26 440704 —-a-w- c:windowssystem32driversksecdd.sys
2012-10-20 13:51 . 2012-06-02 00:04 278528 —-a-w- c:windowssystem32schannel.dll
2012-10-20 13:51 . 2012-06-02 00:03 204288 —-a-w- c:windowssystem32ncrypt.dll
2012-10-20 13:51 . 2011-11-16 16:23 72704 —-a-w- c:windowssystem32secur32.dll
00tcrdmain best of 00tcrdmain
2012-10-20 13:51 . 2011-11-16 16:21 1259008 —-a-w- c:windowssystem32lsasrv.dll
2012-10-20 13:51 . 2011-11-16 14:12 9728 —-a-w- c:windowssystem32lsass.exe
2012-10-20 13:51 . 2012-08-29 11:27 3602816 —-a-w- c:windowssystem32ntkrnlpa.exe
2012-10-20 13:51 . 2012-08-29 11:27 3550080 —-a-w- c:windowssystem32ntoskrnl.exe
2012-10-20 13:38 . 2010-05-04 19:13 231424 —-a-w- c:windowssystem32msshsq.dll
2012-10-20 13:32 . 2012-01-09 15:54 613376 —-a-w- c:windowssystem32rdpencom.dll
2012-10-20 13:17 . 2012-06-02 22:19 53784 —-a-w- c:windowssystem32wuauclt.exe
2012-10-20 13:17 . 2012-06-02 22:19 45080 —-a-w- c:windowssystem32wups2.dll
2012-10-20 13:17 . 2012-06-02 22:19 1933848 —-a-w- c:windowssystem32wuaueng.dll
2012-10-20 13:17 . 2012-06-02 22:12 2422272 —-a-w- c:windowssystem32wucltux.dll
00tcrdmain informational 00tcrdmain
2012-10-20 13:16 . 2012-06-02 22:19 35864 —-a-w- c:windowssystem32wups.dll
2012-10-20 13:16 . 2012-06-02 22:19 577048 —-a-w- c:windowssystem32wuapi.dll
2012-10-20 13:16 . 2012-06-02 22:12 88576 —-a-w- c:windowssystem32wudriver.dll
2012-10-20 13:16 . 2012-06-02 13:19 171904 —-a-w- c:windowssystem32wuwebv.dll
2012-10-20 13:16 . 2012-06-02 13:12 33792 —-a-w- c:windowssystem32wuapp.exe
2012-10-20 08:31 . 2012-10-20 08:31 ——– d—–w- c:userssanjaAppDataRoamingredsn0w
2012-10-20 08:17 . 2012-10-20 08:17 ——– d—–w- c:userssanja.shsh
2012-10-20 00:14 . 2012-10-20 00:16 ——– d—–w- c:windowssystem32ca-ES
2012-10-20 00:14 . 2012-10-20 00:15 ——– d—–w- c:windowssystem32eu-ES
2012-10-20 00:14 . 2012-10-20 00:15 ——– d—–w- c:windowssystem32vi-VN
00tcrdmain best of 00tcrdmain
2012-10-19 20:22 . 2012-10-19 20:22 ——– d—–w- c:userssanjaAppDataLocalApple Computer
2012-10-19 20:22 . 2012-10-19 21:09 ——– d—–w- c:userssanjaAppDataRoamingApple Computer
2012-10-19 20:21 . 2012-08-21 11:01 26840 —-a-w- c:windowssystem32driversGEARAspiWDM.sys
2012-10-19 20:20 . 2012-10-19 20:20 ——– d—–w- c:program filesiPod
2012-10-19 20:20 . 2012-10-19 20:21 ——– d—–w- c:programdata188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-19 20:20 . 2012-10-19 20:21 ——– d—–w- c:program filesiTunes
2012-10-19 20:20 . 2012-10-19 20:20 ——– d—–w- c:programdataApple Computer
2012-10-19 20:08 . 2012-10-19 20:08 ——– d—–w- c:userssanjaAppDataLocalApple
2012-10-19 20:08 . 2012-10-19 20:08 ——– d—–w- c:program filesApple Software Update
2012-10-19 20:02 . 2012-10-19 20:02 ——– d—–w- c:program filesBonjour
00tcrdmain informational 00tcrdmain
2012-10-19 20:01 . 2012-10-19 20:20 ——– d—–w- c:program filesCommon FilesApple
2012-10-19 20:01 . 2012-10-19 20:07 ——– d—–w- c:programdataApple
2012-10-16 16:53 . 2012-10-16 16:53 ——– d—–w- c:windowssystem32EventProviders
2012-10-16 13:11 . 2008-05-27 04:59 18904 —-a-w- c:windowssystem32StructuredQuerySchemaTrivial.bin
2012-10-16 12:25 . 2009-10-09 21:56 2048 —-a-w- c:windowssystem32winrsmgr.dll
2012-10-13 17:21 . 2009-04-11 05:03 12240896 —-a-w- c:windowssystem32NlsLexicons0007.dll
2012-10-13 17:20 . 2009-04-11 06:28 499712 —-a-w- c:windowssystem32wbemWmiPrvSD.dll
2012-10-13 17:19 . 2009-04-11 06:28 444416 —-a-w- c:windowssystem32dsound.dll
2012-10-13 17:18 . 2009-04-11 06:28 218624 —-a-w- c:windowssystem32wdscore.dll
2012-10-13 17:18 . 2009-04-11 06:27 130560 —-a-w- c:windowssystem32PkgMgr.exe
00tcrdmain check more 00tcrdmain
2012-10-13 17:18 . 2009-04-11 06:28 247808 —-a-w- c:windowssystem32drvstore.dll
2012-10-13 17:03 . 2010-09-13 13:56 8147456 —-a-w- c:windowssystem32wmploc.DLL
2012-10-13 17:03 . 2010-09-13 13:56 168960 —-a-w- c:program filesWindows Media Playerwmplayer.exe
2012-10-13 17:03 . 2010-09-06 16:20 125952 —-a-w- c:windowssystem32srvsvc.dll
2012-10-13 17:03 . 2010-09-06 16:19 17920 —-a-w- c:windowssystem32netevent.dll
2012-10-13 17:01 . 2010-01-29 15:40 1616384 —-a-w- c:program filesWindows Mailmsoe.dll
2012-10-13 17:00 . 2010-04-05 17:02 317952 —-a-w- c:windowssystem32MP4SDECD.DLL
2012-10-13 16:59 . 2010-12-17 15:45 2067968 —-a-w- c:windowssystem32mstscax.dll
2012-10-13 16:59 . 2010-12-17 13:54 677888 —-a-w- c:windowssystem32mstsc.exe
2012-10-13 16:59 . 2009-04-11 06:28 63488 —-a-w- c:windowssystem32tscupgrd.exe
00tcrdmain best of 00tcrdmain
2012-10-13 16:58 . 2010-08-31 15:44 531968 —-a-w- c:windowssystem32comctl32.dll
2012-10-13 09:37 . 2012-10-13 09:37 ——– d—–w- c:usersDefaultAppDataRoamingTuneUp Software
2012-10-12 18:48 . 2012-10-12 18:48 ——– d—–w- c:program filesSynaptics
2012-10-12 18:24 . 2012-10-12 18:24 ——– d—–w- C:PerfLogs
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 18:13 . 2012-10-20 18:13 4096 —-a-w- c:windowssystem32driversen-USdxgkrnl.sys.mui
2012-10-12 18:04 . 2006-11-02 10:32 101888 —-a-w- c:windowssystem32ifxcardm.dll
00tcrdmain 00tcrdmain
2012-10-12 18:04 . 2006-11-02 10:32 82432 —-a-w- c:windowssystem32axaltocm.dll
2012-09-21 14:23 . 2012-09-21 14:23 56200 —-a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{901A6393-3441-421A-B268-40B3BD0E7DCE}offreg.dll
2012-09-18 22:59 . 2012-09-21 14:16 6980552 —-a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{901A6393-3441-421A-B268-40B3BD0E7DCE}mpengine.dll
2012-08-21 11:01 . 2012-08-21 11:01 106928 —-a-w- c:windowssystem32GEARAspi.dll
2012-10-11 01:05 . 2012-10-12 17:34 261600 —-a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
00tcrdmain 00tcrdmain
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
“Sidebar”=”c:program filesWindows Sidebarsidebar.exe” [2009-04-11 1233920]
“ISUSPM”=”c:program filesCommon FilesInstallShieldUpdateServiceISUSPM.exe” [2006-09-11 218032]
“ehTray.exe”=”c:windowsehomeehTray.exe” [2008-01-19 125952]
“Skype”=”c:program filesSkypePhoneSkype.exe” [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
00tcrdmain informational 00tcrdmain
“RtHDVCpl”=”RtHDVCpl.exe” [2007-04-25 4444160]
“TPwrMain”=”c:program filesTOSHIBAPower SaverTPwrMain.EXE” [2007-03-29 411192]
“HSON”=”c:program filesTOSHIBATBSHSON.exe” [2006-12-07 55416]
“SmoothView”=”c:program filesToshibaSmoothViewSmoothView.exe” [2007-05-23 509496]
“00TCrdMain”=”c:program filesTOSHIBAFlashCardsTCrdMain.exe” [2007-05-22 538744]
“KeNotify”=”c:program filesTOSHIBAUtilitiesKeNotify.exe” [2006-11-06 34352]
“StartCCC”=”c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe” [2006-11-10 90112]
“Camera Assistant Software”=”c:program filesCamera Assistant Software for Toshibatraybar.exe” [2007-04-10 413696]
“Apoint”=”c:program filesApoint2KApoint.exe” [2006-09-11 180224]
“Toshiba Registration”=”c:program filesToshibaRegistrationToshibaRegistration.exe” [2007-05-04 571024]
00tcrdmain best of 00tcrdmain
“Easy-PrintToolBox”=”c:program filesCanonEasy-PrintToolBoxBJPSMAIN.EXE” [2006-10-17 398944]
“GrooveMonitor”=”c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe” [2009-02-26 30040]
“Adobe ARM”=”c:program filesCommon FilesAdobeARM1.0AdobeARM.exe” [2012-07-27 919008]
“Skytel”=”Skytel.exe” [2007-04-13 1822720]
“SynTPEnh”=”c:program filesSynapticsSynTPSynTPEnh.exe” [2009-03-20 1451304]
“APSDaemon”=”c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe” [2012-08-27 59280]
“iTunesHelper”=”c:program filesiTunesiTunesHelper.exe” [2012-09-09 421776]
“avgnt”=”c:program filesAviraAntiVir Desktopavgnt.exe” [2012-09-25 386336]
.
c:programdataMicrosoftWindowsStart MenuProgramsStartup
00tcrdmain informational 00tcrdmain
Bluetooth Manager.lnk – c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2007-2-27 2756608]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKLM~startupfolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:programdataMicrosoftWindowsStart MenuProgramsStartupAdobe Reader Synchronizer.lnk
backup=c:windowspssAdobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
00tcrdmain best of 00tcrdmain
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
2012-04-17 17:35 116648 —-atw- c:userssanjaAppDataLocalGoogleUpdateGoogleUpdate.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregIndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 18:10 1688872 —-a-w- c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMsnMsgr]
2009-07-26 14:44 3883856 —-a-w- c:program filesWindows LiveMessengermsnmsgr.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNBKeyScan]
00tcrdmain best of 00tcrdmain
2007-12-03 13:21 2213160 —-a-w- c:program filesNeroNero8Nero BackItUpNBKeyScan.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2007-03-01 13:57 153136 —-a-w- c:program filesCommon FilesNeroLibNeroCheck.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
2004-11-02 19:24 32768 —-a-w- c:program filesCyberLinkPowerDVDPDVDServ.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
“DisableMonitoring”=dword:00000001
00tcrdmain informational 00tcrdmain
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
“DisableMonitoring”=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
“DisableMonitoring”=dword:00000001
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-418618262-1034689965-338263685-1000]
“EnableNotificationsRef”=dword:00000001
.
00tcrdmain check more 00tcrdmain
S2 AdobeARMservice;Adobe Acrobat Update Service;c:program filesCommon FilesAdobeARM1.0armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the ‘Scheduled Tasks’ folder
.
2012-10-21 c:windowsTasksGoogleUpdateTaskMachineCore.job
– c:program filesGoogleUpdateGoogleUpdate.exe [2012-08-10 13:34]
00tcrdmain best of 00tcrdmain
.
2012-10-21 c:windowsTasksGoogleUpdateTaskMachineUA.job
– c:program filesGoogleUpdateGoogleUpdate.exe [2012-08-10 13:34]
.
2012-10-20 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-418618262-1034689965-338263685-1000Core.job
– c:userssanjaAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-04-17 17:35]
.
2012-10-21 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-418618262-1034689965-338263685-1000UA.job
– c:userssanjaAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-04-17 17:35]
.
00tcrdmain informational 00tcrdmain
.
——- Supplementary Scan ——-
.
uStart Page =
uDefault_Search_URL =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel – c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Google Sidewiki… – c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
00tcrdmain check more 00tcrdmain
FF – ProfilePath –
.
– – – – ORPHANS REMOVED – – – –
.
MSConfigStartUp-MobileConnect – c:program filesVodafoneVodafone Mobile ConnectBinMobileConnect.EXE
.
.
.
**************************************************************************
.
00tcrdmain best of 00tcrdmain
catchme 0.3.1398 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-21 17:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes …
.
scanning hidden autostart entries …
.
scanning hidden files …
.
00tcrdmain best of 00tcrdmain
.
c:userssanjaAppDataLocalTempcatchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
——————— LOCKED REGISTRY KEYS ———————
.
00tcrdmain best of 00tcrdmain
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
00tcrdmain 00tcrdmain
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}003AllUserSettings]
00tcrdmain best of 00tcrdmain
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}004AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
00tcrdmain informational 00tcrdmain
.
Completion time: 2012-10-21 17:40:15
ComboFix-quarantined-files.txt 2012-10-21 15:40
.
Pre-Run: 24.448.126.976 bytes free
Post-Run: 28.581.134.336 bytes free
.
– – End Of File – – 87499780EF8921536755A67FB9A0F2CF
00tcrdmain

Pokemon Fanfiction.net

Voltgorger